The short version: Your health data is yours. We don't sell it, we don't advertise with it, and we don't share it with anyone unless you explicitly ask us to. You can export or delete everything at any time.
Sleep, water intake, food, supplement logs, meal photos you choose to upload, and food recognition corrections
Dental health records
Menstrual cycle data
Medical history and conditions
Health goals and progress notes
Account Data
Email address (for authentication)
Display name (optional)
Authentication tokens (managed by our auth provider)
Technical Data (collected automatically)
Browser type and version
Device type (mobile/desktop)
Pages visited and features used (for improving the Service)
Error logs (for debugging)
What we DON'T collect
We don't collect your location
We don't collect contacts or phone data
We don't use tracking pixels or third-party analytics
We don't collect financial or payment information
2. How Your Data Is Stored
Database: Your data is stored in a Supabase-hosted PostgreSQL database with row-level security, meaning your data is isolated and only accessible by your account.
Encryption: Data is encrypted in transit (TLS/HTTPS) and at rest.
Access control: Only your authenticated session can read or write your health data.
Backups: Regular automated backups are maintained for disaster recovery. Backups are encrypted.
3. How Your Data Is Used
We use your data only to:
Display your health information back to you
Generate your weekly health reports and insights
Provide medication reminders and appointment alerts
Improve the Service's features and fix bugs
Improve food recognition and nutrition matching only when you opt in to that specific food AI improvement feature
We do not use your data to:
Serve you advertisements
Build marketing profiles
Sell to data brokers, insurers, employers, or anyone else
Train AI models or improve recognition systems unless you explicitly opt in to a specific feature
4. Food Photos & Food Recognition Improvement
Kenki may let you upload meal photos for AI-assisted food recognition. This feature is optional.
Clear opt-in: Meal photos and corrections are used to improve Kenki food recognition only if you turn on the food AI improvement consent.
Features by default: Unless you separately allow raw photo retention, Kenki stores recognition outputs, embeddings/features, hashes, confidence scores, and correction metadata rather than keeping raw meal photos long-term.
Raw photo retention: If you opt in to raw photo retention, photos are stored privately and used only to improve Kenki food recognition and nutrition matching. You can turn this off later.
Delete/export controls: Food logs, food recognition metadata, and retained meal photos are exportable and deletable. Deletions remove active records immediately and backups within 30 days.
No sale or ads: Meal photos, embeddings, corrections, and nutrition data are never sold or used for advertising.
5. AI Agent Data Access
Kenki supports optional integration with AI assistants. Here's how that works:
Explicit opt-in: AI access is off by default. You must enable it and choose what data to share.
Granular permissions: You control which categories of health data an AI agent can access. For example, you might share medications but not medical history.
Read-only or read-write: You choose the access level for each integration.
Instant revocation: Revoke any AI agent's access at any time. Access stops immediately.
No secondary use: Kenki does not use data shared with AI agents for any purpose beyond facilitating the connection you requested.
Third-party AI policies: When you connect an AI agent, that agent's own privacy policy governs how it handles data received from Kenki. Review their policies before connecting.
6. Data Sharing & Third Parties
We do not sell your data. Period.
We share data only in these limited circumstances:
Service providers: Supabase (database hosting) and authentication providers process your data solely to provide infrastructure. They are contractually prohibited from using it for other purposes.
AI agents: Only when you explicitly enable and configure access (see above).
Legal requirements: We may disclose data if required by law, court order, or government request, and we'll notify you unless legally prohibited from doing so.
Safety: To prevent imminent harm to a person, if we reasonably believe disclosure is necessary.
7. Data Retention & Deletion
Your health data is retained as long as your account is active.
Service Worker: For PWA functionality and offline access to your data.
No third-party cookies: We don't use advertising cookies, tracking cookies, or third-party analytics scripts.
9. Security
We take security seriously. Measures include:
HTTPS/TLS encryption for all data in transit
Encryption at rest for stored data
Row-level security (your data is isolated from other users)
Regular security audits and dependency updates
Rate limiting and brute-force protection on authentication
Secure authentication via established providers (not custom password hashing)
No system is 100% secure. If we discover a breach that affects your data, we will notify you within 72 hours with details about what happened and what we're doing about it.
10. Children's Privacy
Kenki is not intended for use by anyone under 16 years old. We do not knowingly collect data from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child under 16 is using Kenki, please contact us at [email protected].
11. Your Rights
Regardless of where you live, you have the right to:
Access: View all data we hold about you (your dashboard shows everything).
Export: Download your data in standard formats via Data Export.
Correction: Edit or correct any data at any time.
Deletion: Delete any or all of your data.
Portability: Take your data and move to another service.
Restrict processing: Ask us to limit how we use your data.
Object: Object to any processing you don't agree with.
To exercise these rights, email [email protected] or use the in-app tools.
12. California & GDPR
California Residents (CCPA)
We do not sell your personal information.
We do not use your personal information for cross-context behavioral advertising.
You may request disclosure of what data we've collected, and request its deletion.
We will not discriminate against you for exercising your privacy rights.
European Residents (GDPR)
Our legal basis for processing your health data is your explicit consent (provided when you create an account and enter data).
Health data is classified as "special category data" under GDPR. We process it only with your consent and solely to provide the Service.
You have the right to withdraw consent at any time by deleting your data or account.
You may lodge a complaint with your local data protection authority.
13. Changes to This Policy
If we change this Privacy Policy, we'll update the "Last updated" date and notify you of material changes via email or in-app notification. We won't retroactively reduce your privacy protections without your consent.