Privacy Policy
Effective 2026-04-27 · Kyzen Mobile (iOS) & Kyzen Web (kyzenos.com)
Plain-English summary of what Kyzen collects, why, and how to control it.
§1The short version
Kyzen is a local-first wellness app available on iOS and on the web at kyzenos.com. Most of your data — sleep, food, water, workouts, dreams, calendar — stays on your device. We sync a small profile to our servers so you can sign in on a new device and so we can run premium features. We don't sell your data. We don't license it for AI training.
§2What we collect
- Account basics: your email, display name, optional avatar image, and chosen subscription tier.
- Wellness logs: what you tell Kyzen — meals, water, workouts, sleep records, dream notes, mood checks.
- App usage: anonymous crash reports and feature-usage counts (no identifying info attached).
- Apple HealthKit data, only if you grant permission — see §3.
- Apple Calendar read access if you enable Calendar sync.
- Push notification token if you enable reminders.
- Photos you choose when you attach a progress shot, meal photo, or milestone card (only the specific photos you pick — Kyzen never scans your full library).
- Voice input if you dictate a journal entry, meal log, or note. Speech recognition runs on-device and the audio is not uploaded.
- Approximate location only when you open the Calendar's "nearby workouts" surface — we use it once to suggest options, then discard it.
- Motion data from your device's motion coprocessor (on iOS) to estimate activity when wearable data is unavailable.
- Reminders write access if you enable hydration, bedtime, or planning alerts.
We do not collect your contacts, your full photo library (only the specific photos you attach), background location, or any cross-app identifier that follows you across other apps. We do not run third-party advertising or analytics SDKs that fingerprint you.
§3HealthKit
If you grant HealthKit permission, Kyzen reads steps, sleep, workout sessions, heart rate, heart-rate variability (HRV), resting heart rate, and active energy from Apple Health. We use this only inside the app to populate your dashboard, score your day, and tune coaching suggestions.
With your permission Kyzen also writes workouts you log inside Kyzen, mindful minutes, and daily wellness summaries back to Apple Health so the rest of your health stack stays in sync. You can disable write-back independently of read access in iPhone Settings.
Apple-mandated commitments:
- We never use HealthKit data for advertising or marketing.
- We never sell HealthKit data, share it with data brokers, or license it to third parties.
- We never disclose HealthKit data to anyone without your explicit consent — except as required by law.
You can revoke HealthKit access at any time in iPhone Settings → Privacy → Health → Kyzen.
§4Why we use this data
- To run features you asked for (track sleep, log meals, etc.).
- To sync your profile across your devices.
- To send the reminders you enable.
- To calculate streaks and KY currency for in-app rewards.
- To diagnose crashes and fix bugs.
- To enforce these Terms (e.g., detecting fraud against the KY economy).
§5Local-first storage
Wellness logs, calorie entries, dream notes, and similar personal content are stored on your device first using your platform's secure storage (Apple's secure storage on iOS, your browser's local storage on the web). We sync a slim profile and snapshot to our servers so that you can recover your data on a new device, but the canonical copy lives on your device.
§6What we never do
- We never sell your personal information.
- We never license your content to train third-party generative-AI models.
- We never run third-party advertising trackers inside Kyzen.
- We never share your wellness logs with employers or insurers.
§7Subprocessors
We use these third-party services strictly to operate Kyzen. Each is bound by a data-processing agreement and only sees the minimum data needed for their function:
- Apple App Store / StoreKit — handles all subscription billing.
- Supabase — hosts the encrypted server-side profile snapshot and authentication tokens.
- Apple Push Notification service — delivers the reminders you enable.
- Resend — sends transactional email (account verification codes, security notices) to the email address on your account. Resend sees only your email address, your first name, and the contents of the email itself.
We'll update this list — and notify you in-app under §14 — before adding any new subprocessor.
§8How long we keep data
Your data stays as long as your account is active. If you delete your account, we delete server-side personal data within 30 days, except where we're required to keep records for legal or fraud-prevention reasons (e.g., proof-of-purchase). On-device data is deleted when you delete the app (iOS) or clear your browser's site data (web).
§9Your controls
- Export: open Settings → Sync and privacy → Exports and tap JSON export or CSV export to download a copy of your Kyzen data to your device.
- Delete your account (in-app, permanent): open Settings → Account → Delete account permanently, type
DELETEto confirm, and we will purge your profile, posts, friend connections, subscription record, and push notification tokens from our servers immediately. This satisfies Apple App Store Review Guideline 5.1.1(v). If anything goes wrong, email privacy@kyzen.app and we will complete the deletion described in §8 within 30 days. - Delete on this device only: Settings → Account → Delete local account data only wipes Kyzen's data from this device and returns you to onboarding while leaving your server-side account intact. Useful when you want to sign out of this device without destroying your account.
- HealthKit: revoke access in iPhone Settings → Privacy → Health → Kyzen.
- Push notifications: control granularly in Settings → Notifications, or globally in iPhone Settings → Notifications → Kyzen.
§10California residents (CCPA / CPRA)
If you live in California you have the right to (a) know what personal information we've collected about you, (b) delete that information, (c) correct inaccurate information, and (d) opt out of any "sale" or "sharing" of personal information.
We do not sell or share personal information. To exercise any other right, email privacy@kyzen.app from the address tied to your account.
§11EU / UK residents (GDPR)
If you live in the European Economic Area, the United Kingdom, or Switzerland you have the rights of access, rectification, erasure, restriction, portability, and objection under the GDPR / UK GDPR. The legal basis for processing is performance of our contract with you (running the app), your consent (for HealthKit, push, and Calendar), and our legitimate interest (fraud prevention and product analytics).
Email privacy@kyzen.app to exercise any of these rights. You also have the right to lodge a complaint with your local data-protection authority.
§12Children
Kyzen is not directed at children under 13 (under 16 in the EEA, UK, and Switzerland). We do not knowingly collect data from children. If you believe a child has created an account, email privacy@kyzen.app and we'll delete it.
§13Security
We encrypt data in transit with TLS and at rest using industry-standard AES-256. No system is perfectly secure, so we can't promise zero risk — if you suspect a breach of your account, change your password and email support@kyzenos.com.
§14Changes to this policy
If we change this Privacy Policy in a material way (new category of data, new subprocessor, new use), we'll notify you in-app and bump the effective date above. Continuing to use Kyzen after the effective date means you accept the updated policy.
§15Contact
Questions or requests? Email privacy@kyzen.app.
✦ Made by one person
Kyzen is built solo — no investors, no committee, no support queue. When you email support@kyzenos.com or privacy@kyzen.app, you're talking directly to the person who builds the app. Bug reports, feature ideas, even just "this confused me" — all of it gets read by a human who actually ships fixes.