This policy explains what personal data Kiku collects, how we use it, and the rights available to you.
1. Personal data we collect
Kiku does not run its own authentication service. We rely on Supabase to create accounts and store user credentials.
1. Information Collection
Kiku uses Supabase Auth to provide single sign-in via Apple and Google. We only receive the basic account data those providers supply to create and manage your account.
2. How we use this information
We use your account data solely to authenticate you, authorize access to your Kiku workspace, and operate core features such as password resets and email notifications. Audit-log entries are consulted only when investigating suspicious activity or application errors.
Kiku also integrates the standard Google Analytics SDK for crash reports and high-level usage metrics; no Supabase Auth data is shared with Google.
3. Third-party processing
Your data is processed by Supabase Inc. (our sub-processor) and stored on their EU-hosted Postgres infrastructure. Supabase acts as a data processor under GDPR, while Kiku remains the data controller. We do not otherwise sell or share personal data.
4. Data security
Supabase provides encryption at rest, SSL/TLS in transit, row-level security, and server-side password hashing (bcrypt). We keep administrative access to the authentication tables strictly limited to authorised staff.
5. Your rights
You may request a copy, correction, or erasure of your personal data at any time by emailing privacy@kiku.email. Deleting your account deletes the
corresponding records in auth.users; Supabase removes associated audit-log entries
automatically once their retention window lapses.
6. Retention
• Account data persists until you delete the account or we are legally required to remove it.
• Audit-log entries are retained by Supabase for at least 30 days (longer on paid plans) and
then purged.
• Back-ups created by Supabase are held for up to 30 days before automatic recycling.
7. International compliance
Kiku endeavours to comply with all applicable data-protection laws, including GDPR (EU/UK) and CCPA (California).
8. Contact
Questions or concerns? Email privacy@kiku.email.
Changes to this policy
We may update this page to reflect changes in our practices. Continued use of Kiku after an update constitutes acceptance of the revised policy.
By using Kiku you agree to this Privacy Policy. If you do not agree, please discontinue use of the app.
Effective date: 6 July 2025