Kaiku
LEGAL

Security and encryption

Last updated: May 17, 2026

1. Overview

Kaiku processes sensitive wellbeing data: conversations, mood, health metrics and relationship reflections. We protect this data in multiple layers so that even if the database leaked, your messages would remain unreadable. This page describes the concrete technical safeguards we maintain continuously.

2. AES-256-GCM encryption

Messages, memories and other sensitive content are encrypted with AES-256-GCM before storage. AES-256-GCM is a widely used, strong encryption method that is also used in high-security environments. The encryption key is kept in a separate environment, not in the database — even if the database leaked, without the key the messages are random strings. Encryption happens on the server before storage, and transfers use TLS 1.3.

3. Automatic anonymisation

Conversation summaries and titles are anonymised automatically. Real personal names are replaced with generic terms (e.g. "a close person", "supervisor") and place names with generic terms (e.g. "workplace", "hometown"). Original messages are stored only encrypted. Anonymisation happens before the AI model sees a summary — as little identifiable information as possible is passed to third parties.

4. Access control

Row Level Security rules ensure at the database level that no other user can see your data. There are over 70 such rules, covering every table where user-specific data appears. All access is logged to an audit trail. IP addresses are stored only as SHA-256 hashes — helps abuse investigation without retaining the original IP.

5. AI safety

Your messages are not used to train AI models. Contracts with our providers (Anthropic, OpenAI, Groq) prohibit using your data for model training — API data is kept up to 30 days for abuse monitoring, then deleted. We don't send your name or email to the AI. Logs don't store message content, only metadata (timestamp, model name, response time).

6. You're in control

You can download all your data as JSON at any time (Settings → Export my data). You can set automatic deletion every 90 days or 1 year. You can withdraw consent to individual processing purposes or delete your whole account — the deletion job runs within 30 days, after which identifiable data is removed, except data we are legally required to retain (see Privacy Policy).

7. Data location — EU

All database and analytics data is stored on EU-based servers. AI providers are partly in the United States, but transfers use Standard Contractual Clauses (Commission decision EU 2021/914) and the EU-US Data Privacy Framework where applicable. Exact provider list: see Privacy Policy.

8. What data is collected

As little as possible — only what's needed to function. We collect conversations, user settings and health data if you connect a wearable. Location isn't collected unless you share a workout's GPS route yourself. Contacts aren't collected unless you attach them. Product analytics runs only with your consent and collects pseudonymous usage statistics (page views, feature usage) — without your name or message content; see the Cookie Policy.

9. Compliance

What we commit to:

  • GDPR Art. 9 — explicit consent for sensitive data processing
  • AES-256-GCM — encryption at rest
  • TLS 1.3 — encryption in transit
  • EU data location
  • DPIA — data protection impact assessment done
  • Rate limiting — DDoS protection
  • Audit logging — access is recorded
  • Permanent deletion within 30 days of a deletion request

10. Data breaches

If a personal-data breach is likely to result in a risk to your rights, we notify the supervisory authority without undue delay and, where feasible, within 72 hours of detection (GDPR Art. 33), and — if the breach is likely to result in a high risk to your rights — notify you without undue delay (Art. 34) — in plain language, describing the nature of the breach, the likely consequences, the measures taken and a contact person.