← Back to login

Privacy Policy

Last updated: March 3, 2026

1. Information We Collect

When you use Kynso ("the App"), we collect the following information:

  • Account information: Your email address and display name when you create an account, or your name and email from Google/Apple when using social sign-in.
  • User content: Tasks, habits, goals, milestones, daily notes, and audio recordings that you create within the App.
  • Usage data: Basic usage patterns such as login timestamps, page load times, and visitor counts, which are automatically collected by our hosting and analytics providers.
  • Device information: Browser type, operating system, and device type for compatibility and debugging purposes.
  • Push notification tokens: If you enable push notifications, we store a device-specific subscription token to deliver notifications to your device.
  • Images: If you attach images to daily notes (Pro feature), the images are uploaded and stored securely in our cloud storage.

2. Mobile App & Device Permissions

If you use Kynso through our iOS or Android app, we may request the following device permissions:

  • Microphone: Used only for recording audio memos within the App. Audio is recorded on-device and uploaded to secure, private cloud storage. We never access your microphone without your explicit action.
  • Notifications: Used to send task reminders and habit alerts you have opted into. You can revoke notification permissions at any time through your device's Settings.
  • Haptic feedback: Used for subtle tactile feedback when navigating the App. No data is collected through haptics.
  • Network access: Required to sync your data with our servers. All connections use HTTPS encryption.

The mobile app does not access your camera, contacts, location, calendar, or photo library.

2. How We Use Your Information

Your information is used solely to:

  • Provide and operate the App's features (task tracking, habit logging, note-taking, audio recording)
  • Authenticate your identity and protect your account
  • Send you account-related communications (password resets, security alerts)
  • Deliver push notifications you have opted into (task reminders, habit alerts)
  • Improve the App's performance and reliability through anonymous, aggregated analytics

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.

3. Data Storage & Security

  • All data is stored in a PostgreSQL database hosted by Supabase on Amazon Web Services (AWS) infrastructure.
  • All connections use TLS/HTTPS encryption in transit.
  • Passwords are hashed using bcrypt — we never store plain-text passwords.
  • Row Level Security (RLS) is enforced at the database level, ensuring each user can only access their own data.
  • Audio recordings are stored in a private storage bucket with per-user access controls.
  • Local data may be cached on your device using IndexedDB for performance. This data remains on your device and is cleared when you log out.
  • On-device preferences (theme, active tab, card layout) are stored in your browser's or app's local storage. These contain no personal information and are never transmitted to our servers.

4. Third-Party Services

The App uses the following third-party services:

  • Supabase — Database hosting, authentication, and file storage (Supabase Privacy Policy)
  • Vercel — Web hosting and deployment (Vercel Privacy Policy)
  • Vercel Analytics & Speed Insights — We collect anonymous, aggregated performance metrics (page load times, visitor counts). No personally identifiable information is collected through analytics.
  • Web Push (VAPID) — Push notifications are delivered using the standard Web Push protocol. No third-party push service has access to your data.
  • Google Sign-In (optional) — We receive your name and email only (Google Privacy Policy)
  • Apple Sign-In (optional) — We receive your name and email only (Apple Privacy Policy)
  • Stripe — Payment processing for Pro subscriptions. We do not store your credit card details — payment information is handled entirely by Stripe (Stripe Privacy Policy)
  • Capacitor (Ionic) — Our mobile apps are built using Capacitor, an open-source framework. Capacitor runs locally on your device and does not transmit any data to Ionic or any third party.

We do not share your personal data with any other third parties beyond what is necessary to operate the services listed above.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account:

  • All your personal data, tasks, habits, goals, notes, and audio recordings are permanently deleted from our servers.
  • Deletion is performed immediately upon request. Data may persist in encrypted backups for up to 30 days before being automatically purged.
  • Anonymous, aggregated analytics data (which cannot identify you) may be retained indefinitely.

6. Your Rights

You have the right to:

  • Access your data at any time through the App
  • Edit or delete any content you've created
  • Delete your account directly from the App's Settings page, which permanently removes all your data
  • Export your data — contact us at reesebuildsyt@gmail.com for a copy
  • Withdraw consent — you may disable push notifications or revoke social sign-in access at any time

If you are located in the European Economic Area (EEA) or United Kingdom, you may also have additional rights under GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.

If you are a California resident, you have the right to know what personal information we collect, request deletion of your data, and opt out of any sale of personal information under the CCPA. We do not sell your personal information.

If you are a Canadian resident, your rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) are respected, including the right to access, correct, and delete your personal information.

7. Cookies

We use essential cookies to store your authentication session so you stay signed in. We also use Vercel Analytics which collects anonymous, aggregated performance data — no personal information or tracking cookies are used. We do not use advertising or marketing cookies.

8. International Data Transfers

Your data is stored on servers located in the United States (AWS via Supabase). The App is operated from Canada. If you are accessing the App from outside Canada or the United States, your data will be transferred to and processed in the United States. By using the App, you consent to this transfer. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable Canadian privacy laws.

9. Children's Privacy

The App is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will promptly delete it.

10. Mobile App Distribution

Kynso is available through the Apple App Store and Google Play Store. When you download the App:

  • Apple and Google may collect usage and diagnostic data about App downloads and crashes in accordance with their own privacy policies.
  • In-app purchases and subscriptions are processed through the respective platform's payment system or through Stripe.
  • We do not receive your payment details from Apple or Google — only a confirmation that a purchase was completed.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. Your continued use of the App after changes are posted constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy, your data, or wish to exercise any of your rights, please reach out to us at reesebuildsyt@gmail.com.