Privacy Policy

Effective Date: May 20, 2026

Last Updated: May 20, 2026

This Privacy Policy explains how Kairos ("Kairos," "we," "us," or "our") collects, uses, shares, and protects information when you use our consumer mobile application, websites, and related services (collectively, the "Services").

If you do not agree with this Privacy Policy, please do not use the Services.

1. Who we are

Kairos provides a consumer mental fitness experience that helps people reflect on how they are doing and notice patterns over time.

Kairos is not a medical provider. The Services are not intended to diagnose, treat, cure, or prevent any disease.

2. What information we collect

We collect information in three ways: (1) information you provide, (2) information collected automatically when you use the Services, and (3) information from third parties (if you choose to connect them).

2.1 Information you provide

• Account information: email address, password or authentication token, and basic profile info you choose to add.
• User content: recordings, transcripts, journal entries, tags, notes, or other content you create in the Services.
• Self-reported information: responses to onboarding questions, check-ins, preferences, and feedback.
• Support communications: messages you send to support, including attachments.

2.2 Information collected automatically

• Device and app information: device model, operating system version, app version, language, and time zone.
• Usage information: actions within the app, feature usage, and approximate session timing.
• Log data: IP address, crash reports, and diagnostic logs.

2.3 Information from third parties (optional)

If you choose to sign in using a third-party account or connect third-party services, we may receive information from them consistent with your settings and their privacy policies.

3. Sensitive information and voice data

Kairos may process voice recordings and derived insights (such as features extracted from audio or summaries) to provide the Services.

We treat voice data and other user content as sensitive and apply additional safeguards.

4. How we use information

We use information for the following purposes:

• Provide the Services, including generating transcripts, summaries, and personalized insights.
• Maintain and improve the Services, including debugging, quality assurance, and product development.
• Safety and security, including preventing fraud and investigating misuse.
• Communications, including sending service-related messages (for example, account notices, security alerts, and feature updates).
• Customer support, including responding to requests and troubleshooting.
• Research and analytics, as described below.

5. Research and analytics

We may use de-identified or aggregated information to understand how the Services perform and how to improve them.

We may also conduct research involving user data, but we will only do so when legally permitted and consistent with this Privacy Policy. Where required, we will obtain consent.

6. How we share information

We do not sell your personal information.

We may share information in the following circumstances:

6.1 Service providers

We share information with vendors that help us operate the Services (for example, cloud hosting, analytics, customer support tooling, and transcription services). They are permitted to process information only on our instructions.

6.2 With your direction

We share information when you choose to:

• share content outside the Services,
• export data,
• connect third-party services,
• invite others to access shared spaces (if collaboration features are enabled).

6.3 Legal and safety

We may disclose information if we believe disclosure is reasonably necessary to:

• comply with law or legal process,
• protect the rights, safety, and security of Kairos, our users, or the public,
• investigate fraud, abuse, or violations of our terms.

6.4 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction.

7. Your choices and controls

Depending on your location, you may have choices and rights regarding your information.

7.1 Access, correction, deletion, and portability

You may request to:

• access the personal information we have about you,
• correct inaccurate information,
• delete your account and associated data,
• obtain a copy of certain information.

Some information may be retained as described in the "Data retention" section.

7.2 Managing permissions

You can control certain permissions through your device settings, such as microphone access and notifications.

7.3 Marketing preferences

If we send marketing emails, you can opt out via the unsubscribe link. We will still send essential service communications.

8. Data retention

We retain personal information for as long as necessary to provide the Services and for legitimate business purposes, such as:

• maintaining account and security records,
• complying with legal obligations,
• resolving disputes,
• enforcing our agreements.

If you delete your account, we will delete or de-identify information within a reasonable period, unless we need to retain it for legal or security reasons.

9. Security

We use administrative, technical, and physical safeguards designed to protect your information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Children's privacy

The Services are not directed to children under 13 (or the minimum age required by your jurisdiction). We do not knowingly collect personal information from children.

11. International data transfers

We may process and store information in the United States and other countries where we or our service providers operate. These locations may have data protection laws that differ from those in your jurisdiction.

12. Region-specific disclosures

Depending on where you live, you may have additional rights.

12.1 California privacy notice

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to know, delete, correct, and opt out of certain sharing. Kairos does not sell personal information.

12.2 EEA/UK notice

If you are located in the EEA or UK, processing may be based on:

• performance of a contract (providing the Services),
• legitimate interests (improving and securing the Services),
• consent (where required).

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version and update the "Last updated" date. If changes are material, we will provide additional notice as required.

14. Contact us

To contact Kairos about privacy, please email: kairos.care.dev@gmail.com