Privacy Policy

Welcome to Keiko (“Keiko,” “App”), developed by DyvenTech LLP (“we,” “us,” or “our”). We are committed to protecting your privacy and providing a safe, personalized experience. This Privacy Policy explains how we collect, use, store, and share information about you when you use our mobile application, services, and website (collectively, the “Services”).

Please read this Privacy Policy carefully. By using our Services, you agree to the practices described in this policy.

Information We Collect

We collect the following types of information:

1. Information You Provide

• Account Information: When you register, we collect your email address, name, and authentication credentials (including information for social login if you choose that option).
• Profile Information: Information you provide in your user profile, including preferences, location (city, country), age, gender, and settings.
• Logged Content: The content you log within the app, including mood entries, wins, reflections, and any notes or context you provide.
• Media Content: Photos, images, and other media files you upload or share within the app.
• Feedback and Support: Information you provide when you contact our support team or provide feedback.

2. Information Collected Automatically

• Usage Information: How you use our Services, including interaction patterns, features used, logging frequency, and time spent (collected via Mixpanel analytics).
• Device Information: Information about your device, including device type, operating system, unique device identifiers, mobile network information, and IP address.
• Log Data: Diagnostic logs, crash reports, performance data, and application events (monitored through Sentry error tracking).
• Notification Data: Information about notification preferences, delivery status, and engagement with notifications.

Analytics

Analytics Services:

We use third-party analytics services to understand app usage:

• Mixpanel: Tracks user interactions, feature usage, and engagement metrics
• Sentry: Monitors errors and performance issues

These services may use cookies, device identifiers, and similar technologies. You can opt out of analytics tracking in your device settings or app settings.

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Services
• Detect patterns and correlations in your logged moods, wins, and reflections over time
• Generate personalized insights based on your logged data using Google Vertex AI
• Generate vector embeddings of logged content to improve pattern detection and insight relevance
• Process and manage your account and authentication
• Send notifications about insights and updates related to our Services
• Respond to your comments, questions, and customer service requests
• Analyze usage patterns to understand user behavior and improve our Services
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Protect the rights and property of DyvenTech and others

Automated Decision-Making and AI Processing

AI-Generated Insights:

Our service uses artificial intelligence (Google Vertex AI) to analyze your logged entries and detect patterns. This involves automated processing of your logged content to:

• Identify patterns and trends in your moods, wins, and reflections
• Generate grounded insights based on your actual data
• Suggest relevant actions when patterns emerge

No Profiling for Legal/Financial Decisions:

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. AI is used solely for pattern detection and generating insights from your logged data.

Your Control:

You control what you log. Keiko only observes and analyzes the entries you choose to create.

Data Storage and Security

We use industry-standard security measures to protect your information. All data is hosted and stored within the United States using the following secure infrastructure:

• Primary Database Storage: Your personal information, account data, logged entries (moods, wins, reflections), and all user-generated content are stored in CockroachDB Serverless with encryption at rest and in transit
• Vector Storage: AI pattern detection embeddings are stored in Milvus (Zilliz Cloud) with only user IDs as identifiers - no personal information is stored in the vector database
• Cache and Security: Temporary session data and one-time passwords (OTPs) are stored in Redis (Upstash) with automatic expiration (OTPs expire within 10 minutes)
• Media Storage: All photos, images, and media files are privately stored in Google Cloud Storage buckets with restricted access
• Application Hosting: Our backend services run on Hetzner Cloud infrastructure within the United States
• AI Processing: Pattern detection and insight generation are processed using Google Vertex AI
• Analytics and Monitoring: App usage analytics are collected via Mixpanel, and error tracking is handled by Sentry for service reliability

The logged content used for pattern detection is processed using Google Vertex AI for natural language understanding. Vector embeddings are generated and stored separately from your personal information, using only anonymized user identifiers for pattern retrieval and insight generation.

Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of discovering the breach (as required by GDPR)
• Inform relevant data protection authorities as required by law
• Provide details about the breach, data affected, and steps we're taking
• Offer guidance on protecting your information

How We Notify:

• In-app notification
• Email to your registered address
• Notice on our website (for widespread breaches)

Contact for Security Issues:

Report security vulnerabilities to apps@dyven.tech with subject “Security Issue - Urgent”

Data Retention

We retain your information for as long as your account is active or as needed to provide you with our Services. You have full control over your data with the following options:

• Delete your entire account and all associated data
• Remove uploaded media files

We may retain certain aggregated, de-identified information for analytical purposes and as required by law for legitimate business purposes, such as to resolve disputes or enforce our agreements.

Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following limited circumstances:

• Service Providers: With trusted vendors and service providers (CockroachDB, Zilliz, Upstash, Google Cloud, Hetzner) who need access to provide infrastructure services on our behalf, all bound by strict confidentiality agreements
• Legal Requirements: If required by law, regulation, legal process, or governmental request
• Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets (users will be notified)
• With Your Consent: When you have given explicit consent to share information
• De-identified Information: We may share aggregated, de-identified information that cannot reasonably be used to identify you
• Safety and Security: To protect the safety and security of our users or to investigate potential violations of our terms of service

Your Rights and Choices

You have comprehensive control over your personal information:

• Access and Portability: You can access, download, and export all your data through your account settings
• Account Deletion: You can permanently delete your account and all associated data at any time
• Media Management: You can remove any uploaded photos or media files
• Communication Preferences: You can manage all notification settings
• Data Correction: You can update or correct any personal information in your profile

Children's Privacy

Our Services are not directed to children under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected information from a child, please contact us immediately to have it removed.

Data Location and Transfers

All your data is stored and processed within the United States using US-based infrastructure providers. By using our Services, you consent to the storage and processing of your information in the United States. We implement appropriate safeguards to protect your data in accordance with applicable data protection laws.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information we collect and how we use it
• The right to delete your personal information
• The right to opt-out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing:

We process your personal data under the following legal bases:

• Contract Performance: To provide our services and fulfill our Terms of Use
• Legitimate Interest: To improve our services, ensure security, and prevent fraud
• Consent: For optional features like personalized notifications and analytics
• Legal Obligation: To comply with applicable laws and regulations

Your GDPR Rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (“right to be forgotten”)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Data Transfers:

Your data is stored in the United States. We rely on Standard Contractual Clauses (SCCs) and implement appropriate safeguards to protect your data when transferred outside the EEA.

Data Protection Authority:

You have the right to lodge a complaint with your local supervisory authority. Find your authority at: https://edpb.europa.eu/about-edpb/board/members_en

Indian Privacy Rights (DPDP Act 2023)

If you are located in India, you have rights under the Digital Personal Data Protection Act, 2023:

Your Rights:

• Right to Access: Request information about personal data processed
• Right to Correction: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of personal data (subject to legal retention requirements)
• Right to Grievance Redressal: File complaints regarding data processing
• Right to Nominate: Nominate another person to exercise rights in case of death or incapacity

Data Fiduciary Information:

• Company: DyvenTech LLP
• Registration: India
• Contact: apps@dyven.tech

Grievance Redressal:

We will acknowledge complaints within 24 hours and resolve them within 30 days. If unsatisfied, you may approach the Data Protection Board of India.

Cookies and Tracking Technologies

Types of Technologies We Use:

• Essential Cookies: Required for authentication and security (e.g., session tokens)
• Analytics Cookies: Used by Mixpanel and Sentry to understand app usage
• Performance Cookies: Help us optimize app performance and user experience

Mobile App Tracking:

Our mobile app uses:

• Device identifiers (IDFA on iOS, Advertising ID on Android)
• Session tokens for authentication
• Local storage for app preferences

Your Choices:

• Manage cookie preferences in app settings
• Opt out of analytics tracking in your device settings

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or for other operational, legal, or regulatory reasons. We will post the revised policy in the app and update the “Last Updated” date. For material changes, we will provide additional notice as required by law, including in-app notifications or email communication.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: