Privacy Policy
Kokuko GmbH ("we", "us", "our") operates the Kokuko mobile application and web service (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.
This policy is written in plain language. If you have questions, contact us at privacy@kokuko.app.
1. Who We Are
Kokuko is a collaborative household management platform that helps groups of people ("Circles") coordinate tasks, shared finances, items, and schedules.
- Data controller: Kokuko GmbH
- Contact: privacy@kokuko.app
2. Information We Collect
2.1 Information You Provide
| Data | Purpose | Required? |
|---|---|---|
| Email address | Account creation, passwordless login (OTP), service communications | Yes |
| First and last name | Display name within your Circles | Yes |
| Timezone, locale, currency | Localised experience | No |
| Additional info | Free-text profile field | No |
2.2 Information Generated Through Use
| Data | Purpose |
|---|---|
| Task completions, assignments, points | Fairness tracking within Circles |
| Expenses, splits, settlements | Shared finance management |
| Shopping lists | Household inventory management |
| AI conversation messages and images | AI-assisted features |
| Notification preferences and delivery status | Communication delivery |
| Circle activity logs | Accountability and audit trail |
2.3 Information Collected Automatically
| Data | Purpose |
|---|---|
| IP address, user agent | Login security, fraud prevention |
| Device token (FCM) | Push notification delivery |
| Device platform, app version, OS version | Service compatibility |
| Device identifier (iOS: Identifier for Vendor / Android: app-generated UUID) | Push notification routing and device management, linked to your account |
| Device locale and region (inferred from device system settings) | Language localisation; sent with every API request via request headers |
| Feedback email device info (model, OS version, app version, build number) | Support troubleshooting; included when you submit in-app feedback via email |
2.4 Information We Do NOT Collect
- Passwords (authentication is passwordless via one-time codes)
- Payment card details (handled entirely by our payment processors)
- Location data
- Contacts or address book
- Browsing history or cross-app tracking data
- Special category data (health, biometric, political, religious, etc.)
- Motion sensor data (the iOS app reads accelerometer and gyroscope data on-device solely for a UI parallax animation — this data is never transmitted or stored)
3. How We Use Your Information
We use your information for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and operate the Service | Contract necessity (Art. 6(1)(b)) |
| Authenticate your identity via OTP | Contract necessity |
| Manage Circle membership and collaboration | Contract necessity |
| Track tasks, expenses, items, and fairness points | Contract necessity |
| Deliver notifications (email, push, in-app) | Contract necessity / Legitimate interest |
| Provide AI-assisted features | Contract necessity / Consent |
| Manage subscriptions and entitlements | Contract necessity |
| Prevent fraud and ensure security | Legitimate interest (Art. 6(1)(f)) |
| Monitor system health and fix errors | Legitimate interest |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Send marketing communications (only with consent) | Consent (Art. 6(1)(a)) |
We do not use your data for:
- Advertising or ad targeting
- Selling to third parties
- Behavioural profiling without consent
- Automated decision-making that produces legal effects
4. How We Share Your Information
We do not sell your personal information. We share data only with the following service providers ("processors") who act on our instructions:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| DigitalOcean | Cloud hosting, database, file storage | All service data | EU (Frankfurt) |
| Postmark | Email delivery (OTP codes, notifications) | Email address, message content | United States |
| Apple Push Notification service (APNs) | iOS push notification delivery routing | Device push tokens, notification payload | United States |
| Firebase Cloud Messaging (Google) | Push notification delivery (iOS and Android) | Device FCM tokens, notification content | Multi-region |
| Firebase Crashlytics (Google) | Crash and error reporting (Android) | Stack traces, log excerpts, device model, OS version, app version | Multi-region |
| Google Gemini (AI processing) | AI-assisted features | User messages, uploaded images including receipt photographs | Multi-region |
| Apple App Store | iOS subscription billing | Signed purchase transaction receipts | United States |
| Google Play Billing | Android subscription billing | Signed purchase transaction receipts | United States |
| Stripe | Web payment processing (future) | Payment references only | United States |
| Sentry | Backend error monitoring | Error context, user ID (no PII) | US/EU |
All processors are bound by Data Processing Agreements (DPAs) or equivalent contractual protections.
What we share within your Circle
Other Circle members can see:
- Your display name (first and last name)
- Your task completions, assignments, and fairness points
- Your expenses, splits, and settlement status
- Your activity within the Circle
Other Circle members cannot see:
- Your email address
- Your notification preferences
- Your data from other Circles
5. International Data Transfers
Our primary infrastructure is located in the European Union (Frankfurt, Germany). When we transfer data outside the EU/EEA, we ensure protection through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Addenda with appropriate safeguards
- Adequacy decisions where applicable
This applies to transfers to Postmark (US), Apple (US), Firebase/Google (multi-region), and Sentry (US/EU).
6. Data Retention
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Email OTP codes | 10 minutes | Automatic expiry |
| JWT authentication tokens | 30 days | Blacklisted on logout |
| In-app notifications | 90 days | Automated daily cleanup |
| Notification delivery logs | 30 days | Automated daily cleanup |
| Data export files | 7 days | Automatic deletion |
| Inactive device tokens | 30 days | Soft-deactivated |
| Task, expense, and item data | Duration of Circle | Preserved for audit trail |
| Account data | Duration of account | Anonymised on erasure |
| Circle activity logs | Permanent | User reference anonymised on erasure |
When you delete your account, we:
- Immediately anonymise your email, timezone, locale, and additional info
- Hard-delete your OTP codes, login records, authentication tokens, notifications, device tokens, consent records, and data exports
- Preserve your first and last name for Circle history traceability
- Retain your user record as an anonymised anchor so shared records (task completions, expenses) remain intact for other Circle members
6.1 Local On-Device Storage
The mobile apps store certain data locally on your device:
| Storage | Contents | Cleared on logout? |
|---|---|---|
| Secure keychain (iOS) / EncryptedSharedPreferences (Android) | JWT authentication tokens | Yes |
| UserDefaults (iOS) / DataStore (Android) | FCM token, last-used Circle, UI preferences, onboarding state | No — persists across logouts |
| App cache directory | JSON snapshots of tasks, expenses, and items | Yes |
| In-memory image cache | Downloaded image thumbnails | Yes |
The FCM device token and certain UI state values persist across logouts. They contain no directly identifiable personal information beyond the device token used for push routing.
On Android, the app disables legacy cloud backup (allowBackup="false"). However, the DataStore file — which may include the FCM token and the app-generated device UUID — is not explicitly excluded from Google Drive backups on Android 12 and above. You can manage or disable Google Drive backup in your Android device settings.
7. Your Rights
7.1 Rights Under GDPR (EU/EEA, Switzerland, UK)
You have the right to:
| Right | How to Exercise |
|---|---|
| Access your data (Art. 15) | Request a data export via Settings → Data Export |
| Rectify your data (Art. 16) | Edit your profile via Settings |
| Erase your data (Art. 17) | Delete your account via Settings → Privacy & Data |
| Port your data (Art. 20) | Download your data export (JSON format) |
| Object to processing (Art. 21) | Manage consent preferences via Settings |
| Withdraw consent | Toggle consent settings at any time |
We respond to data subject requests within 30 days. Contact privacy@kokuko.app for requests we cannot handle through the app.
You also have the right to lodge a complaint with your local data protection authority.
7.2 Rights Under US State Privacy Laws
If you are a resident of California (CCPA/CPRA), Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), or other US states with privacy legislation:
- Right to know: You may request the categories and specific pieces of personal information we collect about you.
- Right to delete: You may request deletion of your personal information.
- Right to opt out of sale: We do not sell your personal information. No opt-out is necessary.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
- Right to correct: You may request correction of inaccurate personal information.
We do not use or disclose sensitive personal information for purposes other than providing the Service. We do not engage in cross-context behavioural advertising.
To exercise these rights, contact privacy@kokuko.app or use the in-app settings.
7.3 Rights Under New Zealand Privacy Act 2020
If you are in New Zealand, you have the right to:
- Access your personal information (Principle 6)
- Request correction of your personal information (Principle 7)
- Know how your data is collected and used (Principles 1–4)
We will respond to requests within 20 working days. If we refuse a request, we will provide reasons and inform you of your right to complain to the Office of the Privacy Commissioner.
7.4 Rights Under South Africa POPIA
If you are in South Africa, under the Protection of Personal Information Act (POPIA):
- You have the right to access, correct, and delete your personal information.
- You may object to the processing of your personal information.
- You may lodge a complaint with the Information Regulator.
- We process your data based on contractual necessity or your consent.
Contact privacy@kokuko.app to exercise your rights.
7.5 Rights Under Australian Privacy Act
If you are in Australia, under the Australian Privacy Principles (APPs):
- You have the right to access and correct your personal information (APPs 12–13).
- You may complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs.
- We will respond to access requests within 30 days.
- We take reasonable steps to protect your data from misuse, interference, loss, and unauthorised access.
Cross-border disclosure: Our data is primarily stored in the EU (Frankfurt). We ensure overseas recipients comply with equivalent privacy standards via contractual obligations.
7.6 Rights Under Latin American Privacy Laws
Brazil (LGPD): You have rights to confirmation of processing, access, correction, anonymisation, portability, deletion, information about sharing, and revocation of consent. Contact our data controller at privacy@kokuko.app. You may file a complaint with the ANPD (Autoridade Nacional de Proteção de Dados).
Argentina (PDPA): You have rights to access, rectification, deletion, and objection. We process data based on contractual necessity or consent.
Chile, Colombia, Mexico, Peru, Uruguay: You have rights to access, correct, and delete your personal data under applicable local legislation. These rights can be exercised via privacy@kokuko.app or through in-app settings.
8. Security
We implement the following measures to protect your data:
- Passwordless authentication — eliminates credential theft risk
- OTP codes hashed before storage
- JWT tokens with rotation and blacklisting
- TLS encryption for all data in transit
- HSTS with 1-year duration
- Private storage with signed, time-limited URLs for sensitive files (receipts, data exports)
- Role-based access control within Circles (Admin/Moderator/Member)
- No PII in application logs or error monitoring
- Principle of least privilege for database and infrastructure access
- Email addresses never exposed to other users through any API endpoint
9. Children's Privacy
Kokuko is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16 without parental consent.
If you believe a child has provided us with personal information without appropriate consent, contact privacy@kokuko.app and we will delete it promptly.
10. AI Features
Our AI features use third-party AI models to provide intelligent assistance within the Service. When you use AI features:
- Your messages and uploaded images are sent to our AI processing provider (Google Gemini) for analysis. This includes photographs captured through the in-app document scanner for receipt scanning, to-do list scanning, and shopping list scanning. Receipt images may contain financial information such as merchant names, amounts, and dates.
- Your email address and Circle member identities are not sent to the AI provider.
- Google does not use your data to train their models (per Google API terms of service).
- AI responses are recommendations only — no automated decisions with legal effect.
- AI usage is rate-limited and cost-monitored.
You can choose not to use AI features. They are optional and user-initiated.
11. Cookies and Tracking
The Kokuko API does not use cookies for tracking. We use:
- JWT tokens for authentication (stored client-side)
- No third-party tracking pixels, analytics scripts, or advertising SDKs
- No cross-context tracking
The iOS app bundles Firebase SDKs for push notifications. Firebase Analytics is included as a transitive dependency of FirebaseMessaging but is explicitly disabled (IS_ANALYTICS_ENABLED = false in the app configuration). The app clears any SDK-generated temporary files on launch. No analytics events are sent to Google from the iOS app.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy with a new effective date
- Sending an in-app notification or email for significant changes
Your continued use of the Service after changes constitutes acceptance of the updated policy.
13. Contact Us
For privacy-related questions, data subject requests, or complaints:
- Email: privacy@kokuko.app
- Subject line: "Privacy Request" or "Data Subject Request"
We aim to respond within 30 days (20 working days for New Zealand residents).
If you are unsatisfied with our response, you may lodge a complaint with your local data protection authority:
| Jurisdiction | Authority |
|---|---|
| EU | Your local Data Protection Authority |
| UK | Information Commissioner's Office (ICO) |
| Switzerland | Federal Data Protection and Information Commissioner (FDPIC) |
| United States | Your state Attorney General |
| New Zealand | Office of the Privacy Commissioner |
| South Africa | Information Regulator |
| Australia | Office of the Australian Information Commissioner (OAIC) |
| Brazil | Autoridade Nacional de Proteção de Dados (ANPD) |