Privacy Policy
Kivaia – an app by ClayFactor GmbH
Effective: May 2026
At a Glance
We built Kivaia privacy-first. This Privacy Policy describes what that means in detail.
The most important point in one sentence: Your data only leaves your device when you explicitly trigger it — for example, for an AI analysis, iCloud sync, or when you actively share content.
What this means in practice:
- For your health, activity, and journal data we operate no servers of our own — it stays locally on your device (or in your iCloud, if enabled).
- iCloud sync is disabled by default. If you enable it, your data lives in your private iCloud — not with us.
- When you actively share content in the app (sharing features, e.g. a recipe via link), we store a temporary copy on our server in Germany for 30 days. Anyone who has the link can view and forward the shared content — see §3.7 for details.
- We never sell data to third parties.
- You can delete all app data yourself at any time.
1. Controller
The controller responsible for data processing is:
ClayFactor GmbH
Herderstraße 38
66292 Riegelsberg, Germany
Commercial Register: HRB 111746 (Local Court Saarbrücken)
Managing Director: Jens Thelemann
Contact for data protection inquiries:
Email: privacy@clayfactor.com
2. Data Minimisation as a Founding Principle
Kivaia is a lifestyle app that supports you in maintaining a balanced lifestyle and exploring longevity topics. It is built to operate with minimal data processing:
- No central server for your health and journal data — the only exception is actively triggered sharing features (see §3.7).
- No account on our systems — Sign in with Apple is optional and creates nothing on our side.
- No proprietary telemetry and no advertising tracking.
- No cookies, no third-party scripts in the app.
- No data sharing with third parties, except the processors named in section 4.
3. What Data Is Processed?
3.1 Data You Enter
You enter this data in the app and it stays on your device.
Profile data (optional):
- First name
- Date of birth (for minimum-age verification and age-appropriate recommendations)
- Profile picture
Body and lifestyle data (optional):
- Height, weight
- Biological sex
- Fitness level
- Training equipment
- Nutrition preferences, allergies, intolerances
Nutrition diary:
- Meals (photos, text entries)
- Times, estimated nutritional values
- Water intake
Activities:
- Workouts, exercises, training plans
- Manual activity entries
3.2 Data via Apple HealthKit (optional, Art. 9 GDPR)
If you connect Apple HealthKit, Kivaia can read selected values. These are particularly sensitive and are processed only with your explicit consent.
- Vital signs: heart rate, HRV, resting heart rate, blood pressure, SpO₂, respiratory rate, body temperature
- Activity: steps, distance, active/basal calories, workout minutes, VO₂ Max
- Sleep: sleep duration, phases, mindfulness sessions
- Body composition: BMI, body fat, lean mass
This data is processed locally and is only transmitted to Google Gemini if you have separately consented to AI data processing (see 4.2).
3.3 Photo Data
- Meal and activity photos are stored locally in the app database.
- For meal analysis, the photo is temporarily transmitted to Google Gemini (see 4.2).
- GPS metadata is not extracted or stored from meal photos.
3.4 Technical Data
- Apple system crash reports: If you have consented in
iOS Settings → Privacy & Security → Analytics & Improvements → Share with App Developers, Apple forwards anonymised crash reports to us. We cannot draw conclusions about your person from them. You control this setting exclusively in iOS, not in Kivaia. - Proprietary telemetry: none.
3.5 Beta Sign-Up via kivaia.app
You can sign up for the closed beta at kivaia.app. When you do, we process the following data:
- Email address (entered by you)
- Site language (
deoren) - Timestamp of sign-up
What does not enter our CSV: The beta sign-up CSV itself contains no IP address, no user agent and no referrer. Technical data that is unavoidably written to the general web server log is described separately in §3.6 — it is not merged with the sign-up data. No cookies, no trackers, and no advertising or analytics scripts are loaded.
Purpose: To contact you manually with a TestFlight invitation link for the closed beta, and to keep you informed during the beta period about beta status and the App Store launch.
TestFlight delivery: Once we review your sign-up, we invite you to the beta via Apple's TestFlight service. For this purpose, we transfer your email address to Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork T23 YK84, Republic of Ireland. Apple processes it as our processor (Art. 28 GDPR) for the purpose of TestFlight delivery. The legal basis remains Art. 6(1)(b) GDPR.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures taken at your request).
Storage location: Sign-up data is stored exclusively on our webspace at hosting provider IONOS SE (Elgendorfer Str. 57, 56410 Montabaur, Germany) in a plain CSV file located outside the publicly accessible web root. There is no transfer to third parties.
Notification: In parallel, we receive an internal email at info@clayfactor.com so we can respond promptly. This email contains the same sign-up data.
Retention: We retain your sign-up data until the end of the beta phase, but no longer than 24 months from sign-up. You can request deletion informally at any time by emailing privacy@clayfactor.com.
Spam protection: The form uses a technical honeypot field for bot defence. No content-level inspection takes place.
3.6 Server log files (kivaia.app website)
When you access the kivaia.app website, our hosting provider IONOS SE stores server log files transmitted automatically by your browser. These contain:
- Browser type and version (user agent)
- Operating system
- Referrer URL
- IP address
- Time of server request
Server log files are stored for a maximum of 8 weeks and are then automatically deleted. This data is not merged with the sign-up data from §3.5 or other data sources.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and error-free operation of the website).
Processor agreement: A data processing agreement (Art. 28 GDPR) is in place with IONOS SE.
3.7 Actively Triggered Content Sharing
Kivaia offers features that let you actively share content from the app with others via a link. This currently applies to recipes (recipe sharing); further content types such as meals may follow. More sensitive content types will be assessed separately before being activated.
When you actively share a recipe, the app stores a temporary copy on our server in Germany and makes it available under a short, unlisted link. You then forward that link yourself to the people you want to share the recipe with.
What is stored on our server in this process:
- The content of the shared item (name, data, instructions) — scope depends on the content type
- For content with a photo: the photo, automatically resized to 1200×630 pixels and compressed to approximately 300 KB or less (JPG) on upload
- Creation and expiry timestamp (technically required to drive the automatic deletion)
- A non-reversible SHA256 hash of your IP address, combined with a non-public salt. This hash is used exclusively to limit the number of share operations per device (rate limiting) and cannot be reversed back to the original IP.
What is not processed in this context:
- No user identifier, no email address, no account data
- No plain-text IP address
- No tracking cookies, no advertising or analytics scripts
- No referrer data, no recipient data — we do not know whom you share the link with
Note on the link: The link contains a random, 8-character ID and is therefore effectively unguessable; we do not index it and we exclude search engines via robots.txt. Because the content is accessible to anyone who has the link, there is no recipient restriction. Please only share recipes — including any photos — that you are comfortable forwarding.
Retention: Shared content and photos are automatically deleted from our webspace 30 days after creation. Deletion happens both opportunistically with every new share operation (lazy cleanup) and via an additional daily cleanup job. Both mechanisms permanently remove the data from active storage.
Backups: Our hosting provider IONOS performs rolling backups of our webspace with a retention window of 14 days. Recipe-share data is included in these backups. The maximum possible lifespan of a shared copy including backups is therefore 44 days, after which the data is irrecoverably gone across all backup tiers.
Access and erasure: Because a share operation does not store a user identifier, a meaningful access or erasure request requires that you yourself provide the specific share link (or the ID it contains). In that case, we can delete the corresponding entry on request before the 30 days have elapsed. Requests can be sent to privacy@clayfactor.com. This version of the feature does not offer an active in-app revocation option; the automatic expiry after 30 days is, however, guaranteed without exception.
Storage location: Data is stored exclusively on our webspace at IONOS SE (Elgendorfer Str. 57, 56410 Montabaur, Germany). The data centres used are located in Germany. No third-country transfer takes place; no US cloud provider is involved.
Legal basis:
- For providing the sharing function and storing the shared content: Art. 6(1)(b) GDPR (performance of contract — the feature is part of the app's service and is rendered exclusively in response to your active action).
- For storing the IP hash for rate-limiting purposes: Art. 6(1)(f) GDPR (legitimate interest in preventing abuse and protecting infrastructure availability).
Processor agreement: A data processing agreement (Art. 28 GDPR) is in place with IONOS SE for the hosting operation.
4. External Services and Processors
4.1 Apple HealthKit
HealthKit is an Apple component on your device. Data from HealthKit does not leave the device through HealthKit itself. Apple has its own privacy terms for it.
You manage permissions in iOS Settings → Privacy & Security → Health → Kivaia.
4.2 Google Gemini (AI Analysis)
For AI-supported features, Kivaia uses Google Gemini:
- Meal analysis: identification of foods in photos
- Coach chat: text-based answers to your questions
- Voice coaching (Premium): speech output via local TTS combined with coach chat
Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
What is transmitted:
- Meal photos (for image analysis)
- Text requests to the coach
- Context data for personalised responses (e.g. nutrition goals, preferences, meal history)
- Only with separate consent for AI data processing, additionally selected HealthKit contexts (e.g. steps, sleep, heart-rate metrics)
What is never transmitted:
- Profile picture
Role: Google is our processor (Art. 28 GDPR).
Third-country transfer:
- Google is certified under the EU-US Data Privacy Framework (adequacy decision of 10 July 2023).
- Additionally: EU Standard Contractual Clauses (Art. 46(2)(c) GDPR).
Note: Google does not use the transmitted data for advertising and does not train its models on your personal content.
More: https://policies.google.com/privacy
Withdrawal: You can disable AI data processing at any time in the app settings under “AI Data Processing”.
4.3 Apple iCloud (optional, Premium)
If you enable iCloud sync (a Premium feature), your app data is mirrored to your private iCloud database:
- Default setting: disabled
- Storage location: your private iCloud — we have no access
- Encryption: in transit and at rest
- Purpose: sync between your Apple devices
Apple acts as a processor for you here, not for us. More: https://www.apple.com/legal/privacy/
4.4 Open Food Facts (optional)
When you scan a food barcode, the app queries Open Food Facts using only the barcode — a non-profit, open database. No personal data is transmitted.
https://world.openfoodfacts.org/
4.5 Bundeslebensmittelschlüssel (BLS)
The official German food database is bundled locally with the app. No network transmission takes place.
5. Legal Bases
| Processing | Legal basis |
|---|---|
| Provision of app features (input, local storage) | Art. 6(1)(b) GDPR (performance of contract) |
| Beta sign-up via kivaia.app | Art. 6(1)(b) GDPR (pre-contractual measures on request) |
| HealthKit integration | Art. 6(1)(a) + Art. 9(2)(a) GDPR (explicit consent) |
| AI analysis via Google Gemini | Art. 6(1)(a) GDPR (consent); for health context additionally Art. 9(2)(a) |
| iCloud sync | Art. 6(1)(a) GDPR (consent) |
| Apple system crash reports | Art. 6(1)(f) GDPR (legitimate interest); controlled via iOS |
| Actively triggered content sharing (30-day storage) | Art. 6(1)(b) GDPR (performance of contract); rate-limit hash: Art. 6(1)(f) GDPR |
| Premium contract handling | Art. 6(1)(b) GDPR (Apple handles payment processing) |
6. Storage Location and Retention
- Locally on your device: as long as you have the app installed. Upon uninstallation, all local app data is removed by iOS.
- iCloud (when enabled): in your private iCloud, controlled by your iCloud settings.
- Google Gemini: requests are processed temporarily. Long-term storage takes place under Google's privacy terms.
- With us (health, activity, and journal data): we do not store this data on servers of our own.
- Shared content (sharing features): on our IONOS webspace in Germany, 30 days from creation, then automatically deleted; backup lifespan max. 44 days (see §3.7).
- Beta sign-up data (website): on our IONOS webspace in Germany, until the end of the beta phase, max. 24 months (see 3.5).
Tax and commercial-law-relevant data (invoicing and contract data for Premium): Apple, as the contract partner for payment, handles these. We do not receive personal data about the buyer from Apple.
7. Your Rights
7.1 What You Can Do Yourself at Any Time
- Delete app data: uninstall the app — all local data is removed by iOS. iCloud copies are deleted in iOS iCloud settings.
- Unlinking Sign in with Apple: We don’t store the optional Apple link on our side — it lives only on your device and in your private iCloud. It is removed together with the app data when you uninstall the app or delete the iCloud data in iOS settings.
- Revoke HealthKit access: iOS Settings → Privacy & Security → Health → Kivaia
- Disable iCloud sync: app settings
- Disable AI data processing: app settings → “AI Data Processing”
7.2 Your Rights Under GDPR
- Access (Art. 15): privacy@clayfactor.com
- Rectification (Art. 16): directly in the app or by email
- Erasure (Art. 17): see 7.1 — we hold no central copies
- Restriction (Art. 18): privacy@clayfactor.com
- Data portability (Art. 20): Since we do not process personal data on servers of our own, transfer by us is effectively moot. You can back up your local app data using standard Apple mechanisms (iCloud backup, encrypted local backup via Mac/PC). HealthKit data is exported directly from the Apple Health app.
- Objection (Art. 21): privacy@clayfactor.com
- Withdrawal of consent (Art. 7(3)): see 7.1, possible at any time
7.3 Right to Lodge a Complaint
You may lodge a complaint with a supervisory authority. The authority responsible for us is:
Unabhängiges Datenschutzzentrum Saarland
The State Commissioner for Data Protection and Freedom of Information
Fritz-Dobisch-Straße 12, 66111 Saarbrücken, Germany
Email: poststelle@datenschutz.saarland.de
Website: https://www.datenschutz.saarland.de/
8. Minimum Age
Kivaia is not intended for persons under 16 years of age. This corresponds to the GDPR standard for independent consent in Germany.
We deliberately do not run our own age check and rely on two mechanisms:
- Apple App Store age rating and Family Sharing: Apple records the date of birth of the Apple ID and enforces the App's age rating at the device level. Parents can use Apple Family Sharing to control which apps minors can download and use.
- Self-declaration: By using the App, you confirm that you are at least 16 years old.
If we receive concrete indications that a person under 16 is using the App, we block access and delete the associated data.
Note on the two layers: The App Store age rating refers to the content suitability of the app and may be lower (typically 12+ for lifestyle apps). The minimum age of 16 stated here concerns GDPR-compliant consent to data processing and applies independently of the Apple rating. Both layers exist in parallel — Apple controls access to content, this document governs the contract and data processing.
9. Data Security
- Encryption locally (iOS Data Protection) and in transit (TLS 1.3)
- Secure authentication via Sign in with Apple (optional)
- Secure Enclave for security-critical keys
- Data minimisation as a founding principle
In the unlikely event of a data breach, we will report it to the supervisory authority within 72 hours and inform affected users where there is a high risk.
10. Changes to This Privacy Policy
We update this policy when app features or the legal landscape change. We will inform you of significant changes at least 30 days before they take effect via in-app notification. The current version is always available in the app under Settings → “Privacy”.
11. Summary by Data Type
| Data type | Storage location | Transmitted to whom? | Legal basis |
|---|---|---|---|
| Profile data | Local / iCloud (optional, Premium) | — | Contract |
| Meals + photos | Local / iCloud (optional) | Google Gemini for photo/coach analysis | Consent |
| HealthKit values | Local | Google Gemini only with AI consent | Explicit consent |
| Workouts / activities | Local / iCloud (optional) | — | Contract |
| Apple crash reports | Apple (anonymous, aggregated) | — | Legitimate interest |
| Shared content (name, data, instructions, optional photo) | IONOS webspace (DE), max. 30 days | — | Contract |
| Beta sign-up (email + language + timestamp) | IONOS webspace (DE), outside the web root; internal copy to info@clayfactor.com | — | Pre-contractual measure |
12. Authoritative Version
This is an English translation of the German original. In case of any discrepancies between the German and English versions, the German version shall prevail.
13. Contact
ClayFactor GmbH
Herderstraße 38
66292 Riegelsberg, Germany
Email: privacy@clayfactor.com
We typically respond within 14 days.
Effective: May 2026
← Back to Kivaia overview