Plain-language privacy

Your health is not ad inventory.

Effective July 13, 2026 · Beta policy

Kivo does not sell personal data, use Apple Health data for advertising, or store food photos on the KivoAI gateway.

Who operates Kivo

Kivo is operated by Pragmatic Developments Inc. Questions or privacy requests can be sent to admin@pragmatic.onl.

Data you choose to keep in Kivo

The iPhone app stores your profile, goals, plans, meals, pantry, favorite foods, coaching conversation, check-ins, and workout history in the app’s protected container. Direct AI-provider credentials and Kivo session tokens are stored in Apple Keychain.

If you choose Continue with Apple, Kivo also encrypts a copy of this Kivo history and stores it in Kivo’s account service so you can recover it on another device. This is a Kivo account backup, not iCloud or CloudKit storage. If you choose private on-device mode, Kivo does not create that account backup. Apple may include the app’s protected local files when you enable and restore a full-device iCloud Backup, subject to your Apple settings.

Apple Health and Fitness

Health access is optional and controlled by Apple’s permission sheet. Depending on what you approve, Kivo may read activity, workouts and routes, sleep, heart and recovery trends, body measurements, and nutrition. Kivo may write meals, Kivo-only workouts, weight, or body composition when you separately enable those features. Health data is used to provide the app’s fitness, nutrition, and recovery experience; it is not used for advertising or sold.

Apple Health remains the source of truth. Kivo does not put raw HealthKit samples or workout routes in iCloud or its account backup. A backup can contain Kivo’s own logged meals, plans, check-ins, goals, coaching history, and compact workout-history entries shown in the app. On a new device, you must authorize Health again before Kivo can rebuild live Health context.

Sharing Health context with AI is a separate opt-in. Kivo creates a compact summary of useful trends and baseline differences rather than sending raw HealthKit sample history.

AI processing

KivoAI

When you use KivoAI, relevant text context—such as your prompt, goals, current plan, food log summary, and any Health trend summary you enabled—is sent through Kivo’s managed gateway to the model provider selected by Kivo. The gateway does not persist prompt or response text. It records operational metadata such as an opaque account ID, request ID, model route, token counts, status, and time so it can enforce limits, troubleshoot failures, and understand cost.

Your own provider

If you connect your own AI provider or external agent, Kivo sends the same relevant text context directly to the endpoint you configure. That provider’s terms, retention, and privacy practices apply. Kivo cannot control a user-configured endpoint.

Food photos and barcodes

Food photos are analyzed on device with Apple Vision. The text labels and any description you add may be sent to the selected AI for a nutrition estimate; Kivo does not upload the original photo to its managed gateway. Barcode lookups use Open Food Facts, whose community data may be incomplete. You can edit every result.

Accounts, feedback, and support

For Sign in with Apple, Kivo receives Apple’s stable subject identifier and, when Apple supplies them, your name and relay or account email. The KivoAI service stores this account record, secure session records, and the encrypted Kivo account backup described above. Friend-beta device access stores a one-way hash of a random installation identifier and does not enable cross-device backup. Feedback sent inside Kivo stores the category, message, app version, account reference, and time; no health samples or photos are automatically attached.

Retention and deletion

Local data remains until you erase it, delete the app, or use account deletion. Managed account, encrypted backup, session, usage, and feedback records remain while your account is active and for only as long as reasonably needed to run and secure the beta. You can initiate permanent deletion inside Kivo under Settings → Account & deletion. See the deletion guide.

Security and transfers

Kivo uses HTTPS, Keychain storage, encrypted platform storage, opaque session tokens, short operational logs without prompt text, and server-side quotas. No system can promise absolute security. AI processors may operate in other countries; where required, Kivo will use appropriate contractual safeguards before public launch.

Age and medical limits

The beta is intended for adults. Kivo is a general fitness and nutrition coaching tool, not a medical device, emergency service, or replacement for qualified care.

Changes

Material changes will be dated here and, when appropriate, explained in the app before new data use begins.