Privacy Policy

Last Updated: January 16, 2025

1. Who We Are

Kaft ("we", "us", "our") operates the Kaft mobile application and related services (the "Service"). We act as the data controller under applicable data protection laws, including the GDPR.

2. What Data We Collect

We collect only data required to operate, personalize, and secure the Service.

2.1 Account & Authentication Data

Depending on how you sign up, we collect:

  • Email address
  • Authentication identifiers from Apple or Google (we do not receive your passwords)
  • Account ID and login metadata
  • Profile information (name, profile picture)
  • Country of residency and timezone (for personalization and scheduling)

2.2 User Preferences & Content Data

  • Selected topics, interests, language, tone, and podcast length
  • Saved episodes and listening history
  • Playback position (to resume where you left off)
  • Generated podcast audio files linked to your account
  • Feedback and interaction data (likes, dislikes, reactions)
  • Chat and Q&A interactions (if you use the chat feature to ask questions about podcast content, we store your questions and our AI-generated responses)

2.3 Push Notification Data

If you enable push notifications, we collect:

  • Device push notification token
  • Notification preferences and timing settings

This data is used solely to deliver notifications about your daily podcasts.

2.4 Usage & Analytics Data

We collect limited usage data to understand how the app is used, including:

  • Session activity
  • Feature usage
  • App performance and error events
  • Device and OS information (non-identifying)

This data is collected via Vexo Analytics.

2.5 What We Do Not Collect

  • No precise location data
  • No contact lists
  • No biometric identifiers
  • No sensitive personal data (as defined under GDPR Article 9)

3. How We Use Your Data

We process personal data strictly for the following purposes:

  • Creating and managing user accounts
  • Authenticating users via Apple, Google, or email
  • Generating, storing, and delivering personalized podcast content
  • Allowing users to re-listen to saved podcast episodes
  • Sending push notifications when your daily podcast is ready
  • Improving content relevance, quality, and system performance
  • Monitoring app stability, security, and misuse
  • Communicating essential service-related messages

Legal Bases (GDPR)

  • Contractual necessity (Article 6.1.b)
  • Legitimate interest (Article 6.1.f)
  • Consent, where required (Article 6.1.a)

4. Audio Content & AI Processing

Kaft uses automated systems, including AI models, to:

  • Aggregate and analyze news content
  • Generate podcast scripts
  • Produce synthetic audio podcasts tailored to user preferences
  • Answer questions about podcast content via chat

Audio Storage

  • Generated podcast audio files are stored long-term
  • Files remain available in the user's saved content section
  • Audio is linked to the user account and not shared publicly

Automated processing does not produce legal or similarly significant effects on users.

5. Analytics (Vexo)

We use Vexo Analytics to understand how users interact with the app.

  • Analytics data is aggregated and used for product improvement
  • We do not use analytics for advertising profiling
  • Data is not sold or shared for third-party marketing purposes

Where required, analytics operate on a legitimate interest basis, with data minimization applied.

6. Data Storage & Security

6.1 Hosting & Infrastructure

All user data, including audio files, is stored on Amazon Web Services (AWS) infrastructure. AWS acts as a data processor under GDPR-compliant agreements.

6.2 Security Measures

We apply reasonable technical and organizational measures, including:

  • Encrypted data transmission (TLS)
  • Controlled access and role-based permissions
  • Secure cloud storage and backups
  • Secure token storage on your device using platform keychain/keystore
  • Monitoring for unauthorized access
  • Rate limiting on authentication endpoints

No system is infallible, but security is treated as a priority.

7. Data Sharing

We do not sell personal data.

We share limited data only with trusted service providers necessary to operate Kaft, including:

  • Cloud infrastructure providers (AWS)
  • Authentication providers (Apple, Google)
  • Analytics provider (Vexo)
  • AI providers (OpenAI for podcast script generation and chat responses)
  • Text-to-speech providers (ElevenLabs for audio generation)
  • News content providers (Event Registry for news article sourcing)
  • Push notification services (Expo for notification delivery)
  • Email providers (for OTP verification emails)

All partners operate under contractual data protection obligations.

8. International Data Transfers

Some service providers may process data outside the European Economic Area. When this occurs, we rely on:

  • EU Standard Contractual Clauses
  • Other lawful safeguards required under GDPR

9. Data Retention

  • Account data is retained while your account remains active
  • Stored podcast audio remains available until deleted by the user or account termination
  • Chat history is retained until account deletion
  • Analytics and technical logs are retained only as long as necessary

You may request deletion of your account and associated data at any time.

10. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion
  • Restrict or object to processing
  • Receive a copy of your data (data portability)
  • Withdraw consent at any time

Requests can be made at: hello@kaft.ai

You also have the right to lodge a complaint with a supervisory authority.

UK Residents: You may also lodge complaints with the UK Information Commissioner's Office (ICO) at ico.org.uk.

10.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to Know: What personal information is collected and how it's used
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information
  • Right to Non-Discrimination: Equal service regardless of privacy choices

Categories of Personal Information Collected:

  • Identifiers (name, email, IP address)
  • Internet activity (app usage, preferences)
  • Geolocation (country, timezone)
  • Audio information (generated podcasts)

To exercise these rights, contact us at hello@kaft.ai.

11. Children's Privacy

Kaft is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you believe a child has provided us with personal information, please contact us at hello@kaft.ai and we will promptly delete such information.

12. Changes to This Policy

We may update this Privacy Policy as the Service evolves. Material changes will be communicated through the app or via email.

13. Contact

For privacy-related questions or requests:

Email: hello@kaft.ai