Privacy Policy
Last updated: 25 April 2026 (v3.2)
1. Overview and Data Controller
Kaiku ("Service", kaiku.live and the Kaiku mobile app) is an AI-assisted wellness application — couple guidance, self-reflection, and a wellness companion. This privacy policy describes, in accordance with GDPR (EU 2016/679) Articles 13 and 14, what personal data we process, for what purposes, and on what legal basis. Data Controller: Tomi Ansamaa, Mannerheimintie 12 A, 00100 Helsinki, Finland, tomi.ansamaa@gmail.com. Privacy contact: team@kaiku.live. With your consent the Service may process GDPR Article 9 special category personal data (for example mood and stress self-check-ins, and health data from wearables), so those parts of the processing are based on your explicit consent (Art. 9(2)(a)); other processing is based on contract performance (Art. 6(1)(b)). Consent is requested separately for each processing purpose and may be withdrawn at any time in Settings without affecting processing carried out before withdrawal. A GDPR Art. 35 Data Protection Impact Assessment (DPIA) has been completed and is available on request.
2. Data Categories We Collect
Account and Authentication
When you register we collect your email address, optionally a display name, year of birth (for age verification), language preference and time zone. If you sign in with Google or Apple (OAuth), we receive your name, email and a stable identifier from the provider. Passwords are not stored — authentication is handled by Supabase Auth. Legal basis: Art. 6(1)(b) contract performance.
Conversations, Voice Input and Memories
All chat messages (text and voice) are stored AES-256-GCM encrypted. Kaiku learns from your conversations and stores 7 memory types: emotion patterns, needs, triggers, relationship dynamics, strengths, goals and insights. In real-time voice your microphone input is processed near-real-time (Voice Activity Detection) and converted to text — raw audio is not retained beyond the session unless you explicitly save it to Moments. Legal basis: Art. 6(1)(b) + Art. 9(2)(a) where content concerns health/mental data.
Health, Fitness and Medication Data
You may optionally connect wearable devices and health platforms: Apple Health, Google Health Connect, Oura, Whoop, Polar, Suunto, Withings, Strava. Synced data may include: steps, heart rate, HRV, sleep duration/quality, weight, active calories, workouts (including GPS route polylines), menstrual cycle. You may also log medications, medication reminders, pain and nutrition. Medication reminders are not a medical device or automated dispenser — you decide your medication. You can choose which data types to sync and disconnect at any time. Legal basis: Art. 9(2)(a) explicit consent.