Privacy Policy
Koily
Last Updated: April 23, 2026
Rizzard OÜ ("Rizzard", "we", "us", "our"), a private limited liability company registered in the Republic of Estonia (registry code: 17283924)), located at Narva mnt 5, 10117 Tallinn*,* Estonia, operates the Koily mobile application ("App") and the website at koily.app ("Website") (collectively, the "Service").
This Privacy Policy explains how we collect, use, share, disclose, and protect your personal information when you use the Service. We are committed to protecting your privacy in compliance with the EU General Data Protection Regulation ("GDPR"), the UK GDPR, the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), and other applicable data protection laws.
By using the Service, you acknowledge the data practices described below. Where your consent is required for specific processing activities, we obtain that consent separately (e.g., via the iOS App Tracking Transparency prompt or our Website cookie banner).
1. Lawful Basis and Transparency
Under Article 6 GDPR, we process personal data on the following lawful bases:
Contract (Art. 6(1)(b) GDPR): To provide, maintain and operate the Service, including account creation, authentication, delivery of generated audio sessions, and processing your inputs to personalise content.
Consent (Art. 6(1)(a) GDPR): For non-essential cookies on our Website, for identifier-based advertising measurement (via Apple's App Tracking Transparency prompt), and for optional marketing communications.
Legitimate Interests (Art. 6(1)(f) GDPR): For aggregated analytics to improve the Service, for fraud prevention, and for maintaining the security of our systems — in each case balanced against your rights and freedoms.
Legal Obligation (Art. 6(1)(c) GDPR): To comply with legal, tax, accounting, and regulatory requirements.
We inform you of our data practices via this Privacy Policy, which is accessible at koily.app/privacy and inside the App. Processing is fair, lawful, transparent, and carried out for specified, explicit, and legitimate purposes.
2. Information We Collect
We collect only data necessary for specific, declared purposes. We collect the following categories of information:
(a) Account Information
Data: Email address and (optional) name, provided via Sign in with Apple (which may be anonymised using Apple's "Hide My Email" feature).
Purpose: Account creation, authentication, secure access to your content, customer support.
Lawful Basis: Contract.
(b) User-Provided Inputs ("Personalisation Data")
Data: Information you provide to personalise your sessions — including, for example, your goals, desired future identity, challenges or areas you want to work on, onboarding answers, preferences, journal entries, reflections, and any other text or data you submit in the App.
Purpose: To tailor the content of your visualisations, scripts, and audio sessions; to maintain your session history; to deliver a continuous and evolving personalised experience over time.
Why we retain this data over time: Because the Service is designed to deliver a personalised experience that adapts and compounds based on your ongoing inputs, we retain your Personalisation Data for the lifetime of your account. You may request deletion at any time (see Section 9).
Lawful Basis: Contract (this processing is necessary to provide the Service you signed up for).
Note: Please avoid submitting special-category data under Art. 9 GDPR (e.g., health data, data revealing racial or ethnic origin, religious beliefs, sexual orientation, biometric data). The App is not designed to process such data, and submitting it is at your own risk.
(c) Generated Content (Scripts and Audio)
Data: Text scripts and audio files generated for you by our AI systems based on your Personalisation Data.
Purpose: To allow you to replay, review, and continue sessions over time; to build a personal library of your sessions.
Storage: Stored in your account within our backend (Google Firebase Firestore for text and metadata; Firebase Storage for audio files).
Sharing: Never sold, never shared with third parties for advertising, and accessible only to you.
Lawful Basis: Contract.
(d) Session and Usage History
Data: Which sessions you have listened to, how you have engaged with them (e.g., completion, skip, favourite, replays), and in-app events related to the Service.
Purpose: To help you track your progress, to tailor future suggestions, and to improve the Service.
Lawful Basis: Contract (for history shown to you) and Legitimate Interests (for aggregated service improvement).
(e) Device and Technical Data
Data: Device model, operating system version, App version, language, time zone, crash logs, and diagnostic information.
Purpose: To deliver the App correctly, diagnose errors, and maintain security.
Lawful Basis: Legitimate Interests.
(f) Push Notification Tokens
Data: An opaque push notification identifier ("push token") issued by Apple to your device and registered with Expo, which relays notifications to Apple's APNs.
Purpose: To deliver in-app notifications (e.g., daily session reminders) where you have enabled notifications.
Control: You can disable notifications in your iOS Settings at any time.
Lawful Basis: Legitimate Interests, combined with your OS-level notification permission.
(g) Advertising and Measurement Data
Data: Your device's Identifier for Advertisers (IDFA), subject to your consent via Apple's App Tracking Transparency ("ATT") prompt.
Purpose: To measure the performance of advertising campaigns that direct users to install the App. If you grant tracking permission, anonymised or hashed conversion and purchase events may be shared with Meta (Facebook) and Google Ads solely for advertising measurement purposes.
Important limits: We do NOT share your name, email, Personalisation Data, generated content, session history, or any other sensitive personal data with advertising partners. We do not engage in "cross-context behavioural advertising" beyond the ATT-gated measurement described here.
Lawful Basis: Consent (GDPR Art. 6(1)(a); ATT framework).
(h) Analytics Data
Data: Anonymised or pseudonymised usage events (e.g., onboarding completion, button taps, app launches, feature usage) collected via PostHog and Google Firebase Analytics.
Purpose: To understand aggregate usage patterns, diagnose issues, and improve the Service.
Lawful Basis: Legitimate Interests.
Note: We do not share analytics data with advertising partners, and we do not use it to create profiles about you for cross-site/cross-app advertising.
(i) Payment and Subscription Data
Data: Subscription status, transaction identifiers, product identifiers, and purchase history.
Purpose: To grant and maintain your access to paid features.
Storage: Transactions are processed by Apple via the App Store, with paywall/entitlement support from Superwall. We do NOT receive, process, or store your payment card details.
Lawful Basis: Contract and Legal Obligation (tax/accounting).
(j) Cookies (Website Only)
Essential cookies: Used to maintain your session and ensure basic Website functionality.
Non-essential cookies: If used, deployed only with your consent via our Website cookie banner.
Management: You can disable cookies in your browser settings; this may affect Website functionality.
(k) What We Do NOT Collect
For the avoidance of doubt, we do NOT collect any of the following:
Your voice or any audio from your device microphone. The Service generates synthetic speech from text scripts primarily via Google (Gemini), with ElevenLabs used as a fallback provider; we do not record, capture, or process your voice.
Biometric identifiers of any kind, including face prints, voice prints, or fingerprints.
Health data, medical records, or diagnostic information about any health condition.
Your device contacts, photos, or files outside what you voluntarily submit in the App.
Your precise geolocation. We may infer an approximate country from your IP address for analytics and compliance purposes.
3. Purpose Limitation and Data Minimisation
We collect only the data we need for the specific purposes described above. Personalisation Data is used to tailor content for you — not for advertising, not for third-party sale, and not for any purpose incompatible with the purpose for which it was collected. We do not combine your Personalisation Data with advertising data, and we do not share it with advertising partners.
4. Data Accuracy and Security
Accuracy: You can update your profile and inputs within the App. If data is inaccurate and you cannot correct it yourself, contact info@koily.app.
Security: We implement industry-standard technical and organisational measures, including encryption in transit (TLS), encryption at rest for Firebase-stored data, role-based access controls, multi-factor authentication for administrative access, vendor due diligence, and written data-processing agreements with all processors. No system is fully secure; you use the Service at your own risk.
5. Storage Limitation and Retention
We retain personal information (e.g., email, user-submitted text) until your account is deleted, unless longer retention is needed for legal compliance, dispute resolution, or Service delivery.
Account data and Personalisation Data: retained for the lifetime of your account, then deleted within 30 days of account deletion, except where longer retention is required by law (e.g., tax/accounting obligations).
Generated content (scripts, audio): retained until account deletion or until you delete the item yourself within the App.
You can delete your account at any time via App Settings or by contacting info@koily.app. Deletion is permanent and cannot be undone.
Anonymized data may be retained indefinitely.
6. Privacy by Design and by Default
We apply Privacy by Design and by Default principles (Art. 25 GDPR) from product inception onward, including:
Authentication via Sign in with Apple with optional email relay ("Hide My Email").
No voice, biometric, health, contact, or precise-location data collection.
Minimal data passed to third-party processors, limited to what is strictly necessary.
ATT-gated identifier access for advertising measurement.
Explicit consent flows for all non-essential processing.
Pseudonymisation and aggregation of analytics data.
7. Data Processors (Sub-Processors)
We rely on the following processors to operate the Service. We maintain data-processing agreements as required.
Apple Inc.: Sign in with Apple; App Store payment and subscription processing; push notifications (APNs); App Tracking Transparency. Region: USA / global. See: apple.com/legal/privacy.
Google LLC (Firebase): Authentication (Firebase Auth); Firestore database; Cloud Storage for generated audio; Firebase Analytics; Crashlytics. Region: USA / global. See: firebase.google.com/support/privacy.
Anthropic PBC (Claude API): Generation of session text, prompts, and personalised suggestions based on your Personalisation Data. Region: USA. See: anthropic.com/privacy.
Google LLC (Gemini API): Generation of session scripts and synthesis of audio content based on your Personalisation Data. Region: USA / global. See: policies.google.com/privacy.
ElevenLabs, Inc.: Text-to-speech synthesis (converting generated scripts into synthetic audio). Region: USA. See: elevenlabs.io/privacy.
PostHog Inc.: Product analytics (anonymised/pseudonymised usage events). Region: USA / EU (as configured). See: posthog.com/privacy.
Superwall, Inc.: Paywall rendering and subscription entitlement management. Does not store payment card data. Region: USA. See: superwall.com/privacy.
Exponent, Inc. (Expo / EAS): Over-the-air updates, push-token relay to Apple's APNs, and EAS Hosting for our backend API routes. Region: USA. See: expo.dev/privacy-explained.
Meta Platforms, Inc.: Advertising measurement via Facebook SDK (ATT-gated; anonymised/hashed conversion events only). Region: USA / global. See: facebook.com/privacy.
Google Ads: Advertising measurement (ATT-gated; anonymised/hashed conversion events only). Region: USA / global. See: policies.google.com/privacy.
All processors are bound by contractual obligations regarding confidentiality, security, use limitation, sub-processing, breach notification, and return or deletion of data upon termination.
Anthropic, Google (Gemini), and ElevenLabs process your Personalisation Data only as our processors under contract, and they do not use your data to train their underlying AI models, subject to their published enterprise/API terms applicable to our account.
8. How We Use Your Information
We use your information to:
Provide, operate, and maintain the Service.
Authenticate you and manage your account.
Generate personalised session scripts and audio using our AI processors.
Display your session history, allow replays, and track progress.
Process subscriptions and manage access entitlements.
Send essential service communications (e.g., account changes, security notices) and, with your consent, optional product updates.
Measure the effectiveness of advertising (only with ATT consent) via anonymised/hashed conversion events.
Analyse aggregated usage to improve features and fix bugs.
Prevent fraud, abuse, and illegal activity.
Comply with legal obligations and enforce our Terms.
9. Your Data Subject Rights
Under GDPR, UK GDPR, and applicable laws, you have the following rights in relation to your personal data:
Right to be informed: This Privacy Policy.
Right of access (Art. 15): Request a copy of the personal data we hold about you.
Right to rectification (Art. 16): Correct inaccurate or incomplete data.
Right to erasure (Art. 17): Request deletion ("right to be forgotten"), subject to lawful retention requirements.
Right to restrict processing (Art. 18): Limit how we use your data.
Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
Right to object (Art. 21): Object to processing based on legitimate interests.
Automated decision-making (Art. 22): We do not make decisions that produce legal or similarly significant effects on you solely by automated means. Our AI generates content for you; it does not make decisions about you.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
California Residents (CCPA/CPRA)
Right to know what personal information we collect, use, disclose, and retain.
Right to delete personal information we hold about you.
Right to correct inaccurate personal information.
Right to opt out of the "sale" or "sharing" of personal information. Rizzard does not sell personal information as defined by CCPA.
Right to limit use and disclosure of sensitive personal information.
Right to non-discrimination for exercising your rights.
You can exercise these rights via App Settings (for account deletion and data export) or by emailing info@koily.app. We respond within one month (GDPR) or 45 days (CCPA), extendable as permitted by law. We may need to verify your identity before acting on your request. Requests may be denied if legally permitted (e.g., unverifiable identity).
10. Data Protection Contact
Rizzard OÜ is not statutorily required to appoint a Data Protection Officer under Art. 37 GDPR. We maintain a dedicated privacy contact for all data-protection inquiries: info@koily.app.
11. International Data Transfers
We are established in Estonia (EU). Several of our processors (including Apple, Google, Anthropic, ElevenLabs, PostHog, Superwall, Meta, and Expo) are based in the United States or process data globally. When personal data is transferred outside the EU/EEA, we rely on:
Standard Contractual Clauses ("SCCs") adopted by the European Commission (Commission Decision (EU) 2021/914);
The EU–U.S. Data Privacy Framework (or equivalent adequacy decision), where the processor is certified; and/or
Other safeguards permitted under Chapter V GDPR (Arts. 44–49).
We ensure such transfers comply with GDPR (e.g., via Standard Contractual Clauses) and CCPA where applicable.
12. Data Breach Notification
If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, AKI) within 72 hours of becoming aware of the breach, in accordance with Art. 33 GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected users without undue delay, in accordance with Art. 34 GDPR. Our processors are contractually required to notify us of any breach without undue delay.
13. Sharing Your Information
We share your information only as described in Section 7 (Processors) and as follows:
Legal compliance: We may disclose information to comply with applicable law, legal process, or government request, or to protect our rights, property, or safety (or that of our users or the public).
Business transfers: In connection with a merger, acquisition, financing, reorganisation, or sale of assets, your data may be transferred to the successor entity, subject to this Privacy Policy or a successor policy with comparable protections. We will provide notice where required.
With your consent: For any other purpose disclosed at the time we collect the information, or with your separate consent.
We do not sell your personal information (as defined under CCPA). We do not share your Personalisation Data, generated content, or session history with advertising partners. Face Data and voice data are not collected (see Section 2(k)).
14. AI Processing
The Service uses AI systems from Anthropic (Claude) and Google (Gemini) to generate session text and scripts. Audio is primarily synthesised by Google (Gemini); ElevenLabs serves as a fallback audio provider. The specific AI providers we use, and their respective roles, may change from time to time as the underlying technology and our provider relationships evolve. You should be aware that:
Your Personalisation Data is transmitted to these AI providers for processing.
These providers process your data only as our processors under contract and do not use it to train their foundation models, subject to their published enterprise/API terms applicable to our account.
AI-generated content is non-deterministic and may be inaccurate, incomplete, or unexpected. Please see our Terms and Conditions for full disclaimers.
AI-generated content should not be relied upon for medical, psychological, legal, financial, or similar professional decisions (see Section 15 and our Terms and Conditions).
15. Medical/Health Disclaimer
Koily is not a medical device, therapy platform, mental-health service, or healthcare provider. We do not collect, process, or store data for any medical, therapeutic, diagnostic, treatment, or healthcare purpose. The Service is a wellness-entertainment and self-improvement tool only. Please review our Terms and Conditions for detailed disclaimers regarding the nature and limitations of the Service.
16. Child Users
The Service is intended for adults aged 18 and over. We do not knowingly collect personal data from children under 18. If we become aware that we have collected data from a child under 18, we will delete it promptly. If you believe we may hold data about a child, please contact info@koily.app so we can investigate and act accordingly.
17. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the Service, legal requirements, or our data practices. Updates will be posted on koily.app/privacy at least 7 days before taking effect, unless immediate effect is required by law. For material changes that affect your rights, we will provide additional notice (e.g., via in-app alert or email) where required. Continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.
18. Contact and Supervisory Authority
Data Controller:
Rizzard OÜ
Narva mnt 5
10117 Tallinn
Estonia
Email / Privacy Contact: info@koily.app
Website: koily.app
Lead Supervisory Authority: Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, AKI), www.aki.ee.
You may also lodge a complaint with the supervisory authority in your country of residence. UK users: the Information Commissioner's Office (www.ico.org.uk). California residents: the California Attorney General.
19. Additional Information for California Residents
Under the CCPA (as amended by the CPRA), California residents have specific rights described in Section 9 above. In addition:
In the preceding 12 months we have collected the categories of personal information described in Section 2 (identifiers, customer-account information, commercial information relating to subscriptions, internet/network activity, and inferences derived from Personalisation Data).
We have disclosed personal information to processors (Section 7) for business purposes only.
We do NOT sell personal information, and we do NOT "share" personal information for cross-context behavioural advertising beyond the ATT-gated advertising measurement described in Section 2(g) (if enabled by you).
We do not knowingly sell or share the personal information of consumers under 16 years of age.
To exercise your CCPA rights, email info@koily.app with "CCPA Request" in the subject line. We may need to verify your identity before acting on your request.