Last updated: July 16, 2026
1. Introduction
This Privacy Policy explains how Kiomora ("we," "our," or "us") collects, uses, stores, and deletes your data when you use the Kiomora mobile application (Android package: com.kiomora.app) and our website at https://kiomora.com. If you have any questions, you can contact us at [email protected].
2. Data We Collect
We collect the information needed to provide Kiomora and the information you choose to save. This includes:
- Account data: Collected through Firebase Authentication, such as your email, user ID, authentication provider, and profile information if provided.
- App profile and settings: Display name, goals, preferences, and app settings.
- SuperLog inputs and results: Text you enter, audio or images you choose to submit, transcripts, processing results, and the reviewable structured logs created from a SuperLog.
- Health and wellness logs: Data related to food, water, fasting, sleep, activity, steps, weight, progress, mood, mind, stress, and wellness.
- Connected health data: Supported step or health data accessed only after you grant the relevant device permission.
- Expense logs: Spending logs and categories.
- Notes and archive: Notes, saved memories, logs, and daily, weekly, or monthly summaries.
- Ask Kiomora: Questions you submit, relevant saved app context used to answer them, and the responses returned to you.
- Private agent connections: If you connect ChatGPT, Codex, Claude Code, or another compatible MCP client, we store the connection name, approved permissions, revocable OAuth tokens in hashed or protected form, and limited connection-security metadata. Kiomora does not receive the password for your external agent account.
- Compete data: Friend/group participation, leaderboard statistics, share preferences, and steps ranking (where applicable).
- Subscription data: Product, entitlement, purchase, renewal, and trial status received from Google Play, the Apple App Store, and RevenueCat. We do not receive your full payment-card number.
- Support data: Emails and messages sent to our support team.
- Technical data: Device, browser, app version, diagnostic, security, and usage information where needed to operate, protect, or troubleshoot the service.
3. Where App Data Is Processed
Kiomora uses Firebase and Google Cloud services for account authentication, cloud storage, databases, and backend operations. Some media may remain on your device, while text, transcripts, selected inputs, and structured logs may be sent to our backend or processing providers when needed for a feature you use. Kiomora is not an end-to-end encrypted or zero-knowledge service.
SuperLog and some Ask Kiomora requests may send the content required for that request to the OpenAI API for processing. OpenAI states that API data is not used to train its models by default unless the customer opts in, and that standard abuse-monitoring retention may apply. We do not opt in to use Kiomora user content for model training.
When you privately connect an external agent through Kiomora's Model Context Protocol (MCP) service, the external provider processes your instructions under its own account terms and privacy policy. Kiomora returns only the user-owned data requested through an approved tool call and records changes made through that connection. The MCP service does not independently send your life data to an agent without a tool request from the connected client.
4. Health Data Permissions
Access to health data is strictly permission-based. On Android, Kiomora may use Health Connect step data with your explicit permission. On iOS, Kiomora requests Apple Health / HealthKit permission before accessing supported health data.
Your health and fitness data is used solely to provide app features such as step tracking, progress, wellness indicators, and leaderboard/compete features (where applicable). We do not sell your health data, and we do not use your health data for advertising. You can revoke these permissions at any time from your Android Health Connect settings or iOS Apple Health privacy settings.
5. How We Use Data
We use the data we collect to:
- Provide app features and functionality.
- Turn your SuperLog input into structured logs.
- Show your health, progress, expense, and notes history.
- Generate daily summaries and archives.
- Answer "Ask Kiomora" questions based on your saved data.
- Let an agent you explicitly authorize read, create, or correct supported Kiomora records through private MCP tools.
- Calculate and display wellness and progress indicators.
- Show Compete leaderboards based on your user-controlled sharing preferences.
- Provide free features, a three-day SuperLog access period for new accounts, and Kiomora Plus entitlements.
- Enforce fair-use, security, and service limits without publishing internal processing rules.
- Provide customer support and fix bugs.
- Improve the safety and reliability of our app.
6. Automated Processing and Accuracy
SuperLog and some other features use automated processing. These outputs can be incomplete or wrong. SuperLog shows a confirmation screen so you can review, edit, add, or remove suggested logs before saving. You remain responsible for checking important information. Kiomora does not provide medical, emergency, financial, tax, or investment advice.
7. Service Providers and Sharing
We share only the information reasonably needed for a provider to perform its role. Providers may include Firebase and Google Cloud for authentication, storage, databases, and backend operations; OpenAI for supported processing; RevenueCat for entitlement and subscription status; Google Play and Apple for app distribution and billing; and email or diagnostic providers for support and reliability. When you authorize a private MCP connection, requested tool results are returned to the external agent provider you selected, such as OpenAI or Anthropic. These providers process information under their own terms and privacy commitments. Kiomora does not sell your personal data or health data.
We may also disclose information when required by law, to protect users or the service, to investigate abuse or security incidents, or as part of a business transfer where permitted by law.
8. Website Analytics and Cookies
Google Analytics 4 and Microsoft Clarity load on kiomora.com only after you select Accept analytics. If accepted, they may process page views, clicks, scroll activity, session interactions, approximate location, and browser or device information to help us improve the website. We do not use these tools to show personalized advertising.
If you reject analytics, Kiomora does not load those analytics tags. Your choice is stored in your browser so the website can remember it. You can change or withdraw your choice at any time using Privacy settings in the website footer. Withdrawing consent clears the first-party analytics cookies we can control and reloads the page without the analytics tags.
9. Data Security
We use reasonable administrative and technical safeguards. Firebase services used by Kiomora support encryption in transit, and relevant services such as Firebase Authentication, Cloud Firestore, Cloud Functions, and Cloud Storage support encryption at rest. Kiomora is not end-to-end encrypted, and no online system can guarantee absolute security.
Private agent connections use OAuth authorization, short-lived access tokens, rotating refresh tokens, and server-side entitlement and ownership checks. You should connect only agents you trust. Instructions, plugins, websites, or other content processed by a connected agent may influence its tool calls. You can review and revoke active connections at kiomora.com/connections.
10. Data Retention
We retain account data and saved content while your account is active and as needed to provide Kiomora. Support, security, billing, and legal records may be retained for a reasonable period based on their purpose. After deletion, residual copies may remain temporarily in protected backups or where retention is required for security, billing, fraud prevention, or law.
Agent connection records and tokens are retained while the connection is active and for a limited security or troubleshooting period after revocation. Access tokens expire automatically. Revoking a connection prevents its existing tokens from accessing Kiomora.
11. Account Deletion and Data Portability
You can delete your account inside the app or by emailing [email protected] from your account email. Deletion removes your account profile and user-owned app data from active systems, subject to the retention limits above. Store payment records are controlled by Google Play or Apple. Deleting your Kiomora account does not automatically cancel a store subscription.
Kiomora does not currently provide a complete self-service data export or account archive. Kiomora Plus users may retrieve supported records through an authorized MCP client, but that limited retrieval is not a complete export of every account field, file, or service record. You may contact support with an access or privacy request. We will respond as required by applicable law, but we do not promise an export format that the product does not currently support.
12. Children
Kiomora is not directed to children below the minimum age required to consent to online services in their location. We do not knowingly collect personal data from a child who cannot lawfully provide consent. Contact us if you believe a child has provided data improperly.
13. Your Choices and Rights
Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing of your personal data, or to withdraw consent. You can update information in the app, revoke health permissions in device settings, disconnect private agents from the Connections page, change website analytics consent in the footer, and request account deletion. Email [email protected] for a privacy request. We may need to verify your identity.
14. International Processing
Kiomora and its providers may process information in India, the United States, and other countries where they operate. Data-protection laws may differ from those in your location. We use provider terms and safeguards intended to support lawful transfers where required.
15. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes by updating the date at the top of this policy.
16. Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us at [email protected].
Legal Entity & Address:
ARYAN SINGH2/ 202 -B CBCID COLONY
Vikalp Khand 2, Gomti Nagar, Lucknow
Lucknow - 226010
India (IN)
Email: [email protected]