Kivaia

Privacy Policy

Kivaia – an app by ClayFactor GmbH

Effective: June 2026

At a Glance

We built Kivaia privacy-first. This Privacy Policy describes what that means in detail.

The most important point in one sentence: Your data only leaves your device when you explicitly trigger it — for example, for an AI analysis or when you actively share content.

What this means in practice:

1. Controller

The controller responsible for data processing is:

ClayFactor GmbH
Herderstraße 38
66292 Riegelsberg, Germany
Commercial Register: HRB 111746 (Local Court Saarbrücken)
Managing Director: Jens Thelemann

Contact for data protection inquiries:
Email: privacy@clayfactor.com

2. Data Minimisation as a Founding Principle

Kivaia is a lifestyle app that supports you in maintaining a balanced lifestyle and exploring longevity topics. It is built to operate with minimal data processing:

3. What Data Is Processed?

3.1 Data You Enter

You enter this data in the app and it stays on your device.

Profile data (optional):

Body and lifestyle data (optional):

Nutrition diary:

Activities:

3.2 Data via Apple HealthKit (optional, Art. 9 GDPR)

If you connect Apple HealthKit, Kivaia can read selected values. These are particularly sensitive and are processed only with your explicit consent.

This data is processed locally and is only transmitted to Google Gemini if you have separately consented to AI data processing (see 4.2).

3.3 Photo Data

3.4 Technical Data

3.4a Trial and Optional Sign in with Apple

To manage the trial, the app sends an Apple-signed AppTransaction JWS to our server. If you optionally use Sign in with Apple, the app may additionally send an Apple identity token to the server. The server verifies Apple's signature, app audience, and environment. We permanently store only:

We store no email address, no name, no plain Apple ID, and no plain AppTransaction ID for this purpose. If you optionally use Sign in with Apple for profile prefill, the app may store the profile data provided by Apple locally in your profile.

When you choose Delete Account in the app, we delete active server-side trial/account bindings and, for accounts linked with Sign in with Apple, revoke the Apple authorization on the server. To prevent abuse and enforce the one-trial rule, after deletion we retain only a minimal, non-login proof that a free trial has already been used: a pseudonymous one-way identifier, deletion status, and deletion timestamp. This proof contains no Apple ID, no AppTransaction ID, no binding token, no profile, and no content, and it cannot be used as an active account.

3.5 Support and Contact Requests via kivaia.app

The website provides direct email links for support and privacy requests. When you contact us, we process the following data:

Purpose: To answer your request, provide support for app, subscription, privacy, and shared-link topics, and document the communication where necessary.

Legal basis: Art. 6(1)(b) GDPR (contract or pre-contractual measures), Art. 6(1)(f) GDPR (communication, support, abuse prevention), and, where applicable, Art. 6(1)(c) GDPR (legal obligations).

Storage location: Support and contact requests are processed in our email systems. Public website areas do not store these messages.

Retention: We retain contact requests only as long as required for processing. Resolved requests are routinely deleted after no more than 24 months, unless legal retention obligations or legitimate proof interests require longer storage. You can request deletion informally at any time by emailing privacy@clayfactor.com.

3.6 Server log files (kivaia.app website)

When you access the kivaia.app website, our hosting provider IONOS SE stores server log files transmitted automatically by your browser. These contain:

Server log files are stored for a maximum of 8 weeks and are then automatically deleted. This data is not merged with support or contact requests from §3.5 or other data sources.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and error-free operation of the website).

Processor agreement: A data processing agreement (Art. 28 GDPR) is in place with IONOS SE.

3.7 Actively Triggered Content Sharing

Kivaia offers features that let you actively share content from the app with others via a link. This currently applies to recipes (recipe sharing); further content types such as meals may follow. More sensitive content types will be assessed separately before being activated.

When you actively share a recipe, the app stores a temporary copy on our server in Germany and makes it available under a short, unlisted link. You then forward that link yourself to the people you want to share the recipe with.

What is stored on our server in this process:

To protect against abuse, the server additionally calculates a non-reversible SHA256 hash of your IP address, combined with a non-public salt, when a share is created. This hash is not stored in the recipe record; it is kept separately as a short-lived rate-limit counter and removed from active storage after no more than 24 hours.

What is not processed in this context:

Note on the link: The link contains a random, 8-character ID and is therefore effectively unguessable; we do not index it and we exclude search engines via robots.txt. Because the content is accessible to anyone who has the link, there is no recipient restriction. Please only share recipes — including any photos — that you are comfortable forwarding.

Retention: Shared content and photos are automatically deleted from our webspace 30 days after creation. Deletion happens both opportunistically with every new share operation (lazy cleanup) and via an additional daily cleanup job. Both mechanisms permanently remove the data from active storage.

Backups: Our hosting provider IONOS performs rolling backups of our webspace with a retention window of 14 days. Recipe-share data is included in these backups. The maximum possible lifespan of a shared copy including backups is therefore 44 days, after which the data is irrecoverably gone across all backup tiers.

Access and erasure: Because a share operation does not store a user identifier, a meaningful access or erasure request requires that you yourself provide the specific share link (or the ID it contains). In that case, we can delete the corresponding entry on request before the 30 days have elapsed. Requests can be sent to privacy@clayfactor.com. This version of the feature does not offer an active in-app revocation option; the automatic expiry after 30 days is, however, guaranteed without exception.

Storage location: Data is stored exclusively on our webspace at IONOS SE (Elgendorfer Str. 57, 56410 Montabaur, Germany). The data centres used are located in Germany. No third-country transfer takes place; no US cloud provider is involved.

Legal basis:

Processor agreement: A data processing agreement (Art. 28 GDPR) is in place with IONOS SE for the hosting operation.

4. External Services and Processors

4.1 Apple HealthKit

HealthKit is an Apple component on your device. Data from HealthKit does not leave the device through HealthKit itself. Apple has its own privacy terms for it.

You manage permissions in iOS Settings → Privacy & Security → Health → Kivaia.

4.2 Google Gemini via Firebase AI Logic (AI Analysis)

For optional AI-supported features, Kivaia uses Google Gemini via Firebase AI Logic. The recipient is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, via Firebase AI Logic (Google/Firebase). Requests are routed through Firebase AI Logic/Firebase App Check so app requests are protected and are not sent through a Gemini key stored in the app.

Purpose: The main purpose is to provide personalised recommendations and AI assistance within the app, for example meal/photo analysis, nutrition and recipe suggestions, planning, companion responses, and activity, sleep, and recovery guidance.

Possible categories: Depending on the AI feature you use, photos, text/voice transcripts, companion content, meal and nutrition data, goals, dietary profile, activity, sleep, recovery, and body metrics may be transmitted. Not every category is transmitted with every request; Kivaia sends only the data needed for the specific AI feature.

Protection and storage: Kivaia does not send direct personal identifiers such as name, email address, Apple ID, trial identifier, or AppTransaction ID to Gemini and does not keep a Gemini request or response history on its own servers that is assigned to a locally stored user profile. Depending on the feature, requests may still contain app context such as goals, dietary profile, meal, activity, sleep, recovery, or body values. Google may log API requests and responses for a limited time under the Gemini logging rules.

Details: The full purposes, data categories, data minimisation rules, voice notes, and withdrawal consequences are available in the separate AI Data Processing document.

Optionality and withdrawal: AI features are optional. Manual tracking and non-AI features remain available without consent; photo analysis, companion, and other AI features stay disabled. You can revoke consent at any time in the app settings under “AI Data Processing”.

Role: Google is our processor (Art. 28 GDPR).

Third-country transfer:

Note: According to official Gemini documentation, prompts and responses are not used for product improvement by default unless the project owner actively shares them. Google may log requests and AI responses for a limited time, including to detect abuse and meet legal obligations.

More: https://policies.google.com/privacy
More about Gemini logging: https://ai.google.dev/gemini-api/docs/logs-policy

4.3 Apple iCloud (optional)

If you enable iCloud sync, your app data is mirrored to your private iCloud database. Synchronisation is controlled separately through your Apple/iCloud settings:

Apple acts as a processor for you here, not for us. More: https://www.apple.com/legal/privacy/

4.4 Open Food Facts (optional)

When you scan a food barcode, the app queries Open Food Facts using only the barcode — a non-profit, open database. No personal data is transmitted.

https://world.openfoodfacts.org/

4.5 USDA FoodData Central (optional)

For food text search, the app queries the public US food database USDA FoodData Central. Only the search term and, where applicable, a brand name are transmitted — no account or health data. The request is routed through our own server proxy on Google Firebase infrastructure in Frankfurt (EU); your device never communicates with USDA directly. To prevent abuse, the app verifies its integrity via Apple App Attest (Firebase App Check); the device attestation token processed in this step does not allow any conclusions about you or your content.

https://fdc.nal.usda.gov/

4.6 Bundeslebensmittelschlüssel (BLS)

The official German food database is bundled locally with the app. No network transmission takes place.

5. Legal Bases

ProcessingLegal basis
Provision of app features (input, local storage)Art. 6(1)(b) GDPR (performance of contract)
Support and contact requests via kivaia.appArt. 6(1)(b) GDPR (contract / pre-contractual measures); Art. 6(1)(f) GDPR (communication, abuse prevention); where applicable Art. 6(1)(c) GDPR
HealthKit integrationArt. 6(1)(a) + Art. 9(2)(a) GDPR (explicit consent)
AI analysis via Google GeminiArt. 6(1)(a) GDPR (consent); for health context additionally Art. 9(2)(a)
Food database lookups (Open Food Facts, USDA via our own proxy) incl. app integrity checkArt. 6(1)(b) GDPR (performance of contract); integrity check: Art. 6(1)(f) GDPR (abuse prevention)
iCloud syncArt. 6(1)(a) GDPR (consent)
Apple system crash reportsArt. 6(1)(f) GDPR (legitimate interest); controlled via iOS
Actively triggered content sharing (30-day storage)Art. 6(1)(b) GDPR (performance of contract); rate-limit hash: Art. 6(1)(f) GDPR
Trial management and optional Sign in with AppleArt. 6(1)(b) GDPR (performance of contract); Art. 6(1)(f) GDPR (abuse prevention)
Premium contract handlingArt. 6(1)(b) GDPR (Apple handles payment processing)

6. Storage Location and Retention

Tax and commercial-law-relevant data (invoicing and contract data for Premium): Apple, as the contract partner for payment, handles these. We do not receive personal data about the buyer from Apple.

7. Your Rights

7.1 What You Can Do Yourself at Any Time

7.2 Your Rights Under GDPR

7.3 Right to Lodge a Complaint

You may lodge a complaint with a supervisory authority. The authority responsible for us is:

Unabhängiges Datenschutzzentrum Saarland
The State Commissioner for Data Protection and Freedom of Information
Fritz-Dobisch-Straße 12, 66111 Saarbrücken, Germany
Email: poststelle@datenschutz.saarland.de
Website: https://www.datenschutz.saarland.de/

8. Minimum Age

Kivaia is not intended for persons under 16 years of age. This corresponds to the GDPR standard for independent consent in Germany.

Single age threshold: Kivaia's App Store age rating is deliberately set to 16+ — aligned with the GDPR minimum age stated here. This means the legal consent threshold and technical access through the App Store age rating, Screen Time, and Family Sharing refer to the same age threshold.

We deliberately do not run our own age check. By using the app, you confirm that you are at least 16 years old. If we receive concrete indications that a person under 16 is using the app, we block access and delete the associated data.

9. Data Security

In the unlikely event of a data breach, we will report it to the supervisory authority within 72 hours and inform affected users where there is a high risk.

10. Changes to This Privacy Policy

We update this policy when app features or the legal landscape change. We will inform you of significant changes at least 30 days before they take effect via in-app notification. The current version is always available in the app under Settings → “Privacy”.

11. Summary by Data Type

Data type Storage location Transmitted to whom? Legal basis
Profile dataLocal / iCloud (optional)Contract
Meals + photosLocal / iCloud (optional)Google Gemini for photo/companion analysisConsent
HealthKit valuesLocalGoogle Gemini only with AI consentExplicit consent
Workouts / activitiesLocal / iCloud (optional)Contract
Pseudonymous trial identifier / used-trial proofIONOS webspace GermanyContract / legitimate interest
Apple crash reportsApple (anonymous, aggregated)Legitimate interest
Shared content (name, data, instructions, optional photo)IONOS webspace (DE), max. 30 daysContract
Support/contact request (email, content, voluntary details)Email systems of ClayFactor GmbHContract / legitimate interest / where applicable legal obligation

12. Authoritative Version

This is an English translation of the German original. In case of any discrepancies between the German and English versions, the German version shall prevail.

13. Contact

ClayFactor GmbH
Herderstraße 38
66292 Riegelsberg, Germany
Email: privacy@clayfactor.com

We typically respond within 14 days.

Effective: June 2026

← Back to Kivaia overview