Privacy Policy

Effective date: June 29, 2026
Last updated: June 29, 2026

Draft notice: This policy is a working draft prepared for the kurozu iOS mobile app release. It should be reviewed by qualified legal counsel before publication.

This Privacy Policy describes how kurozu ("we," "us," or "our") collects, uses, and shares information when you use the kurozu mobile application for iOS (the "App").

By creating a cloud account or using cloud-connected features, you acknowledge this Policy. The App is local-first: you can build and use timelines on your device without signing in.

Contact: hello@example.com

1. Summary

Local-first by default. Core timeline features work offline without an account. Data you create in local-only mode stays on your device unless you choose to copy it elsewhere.
Cloud is opt-in. Signing in enables cloud sync, account features, and (when available on your plan) AI-assisted fact extraction.
We do not sell your data or use your timeline content to train AI models.
Diagnostics and analytics. We use Sentry for crash reporting and Firebase Analytics (Google) for privacy-conscious product analytics. These tools are configured not to receive your timeline text, health records from Apple Health, or similar sensitive content.
Account deletion removes your cloud account and cloud timelines from our servers immediately. Local timelines on your device are not deleted by that action.

2. Scope

This Policy applies to the iOS App. It does not cover third-party websites, AI tools, or apps you paste exported text into, or services we do not operate.

The App may be distributed under a display name configured at build time (for example, "Timeline" or "kurozu"). References to "the App" mean the kurozu iOS application regardless of icon label.

3. Information you provide

3.1 Timeline and fact content

You may create timelines and facts, including titles, descriptions, tags, time expressions, and fact-type labels.

Mode	Where it is stored	Transmitted to us
Local-only	On your device (SQLite)	No, unless you use cloud features or AI Add
Cloud-synced	On your device (cache) and our servers	Yes — when you create, edit, sync, or delete cloud timelines

You choose what to enter. Content may include health-related or other sensitive information if you type it.

3.2 Account and authentication

If you sign in, we process:

Email address (magic-link sign-in, or from Google / Sign in with Apple when enabled)
Authentication identifiers (Supabase user ID, OAuth provider metadata)
Display name (Sign in with Apple may provide your name on first sign-in)

We do not use passwords for magic-link sign-in.

Sign in with Apple may provide a private relay email address. That address may represent a separate cloud account from the same person using a different sign-in method.

3.3 AI Add (premium, cloud, online)

When you use AI Add, the App sends to our backend:

Your prompt text (up to 20,000 characters)
Timeline title and ID
Fact-type definitions
Short summaries of existing facts (description and time)

Our backend forwards a constructed prompt to a third-party AI provider (such as Google Gemini or Anthropic) to propose candidate facts. You review proposals before anything is saved.

We log metadata only about AI requests (for example, character count, latency, success) — not full prompt text.

3.4 Export

Export to AI builds plain text on your device and copies it to your clipboard. We do not receive export payloads on our servers.

3.5 Support and feedback

If you email us, we receive whatever you include in your message.

4. Information collected automatically

4.1 Crash and error reporting (Sentry)

We use Sentry to collect crash reports and technical errors, such as:

Stack traces and error messages
App version, build number, and OS version
Device model and locale
Anonymous session or crash identifiers

We configure Sentry not to include timeline content, fact text, authentication tokens, email addresses, or Apple Health data in crash reports.

4.2 Product analytics (Firebase Analytics)

We use Google Firebase Analytics to understand how the App is used. Events may include, for example:

Onboarding completion
Authentication started / succeeded / failed (provider type only, not credentials)
Move-to-cloud started / succeeded / failed
AI Add started / succeeded / failed

We do not send timeline titles, fact descriptions, health data, or email addresses to Firebase Analytics.

Firebase Analytics may collect standard device and app identifiers as described in Google's privacy documentation. We do not use the App for cross-app advertising or sell analytics data.

4.3 Network and session data

When you use cloud features, our API receives:

Your Supabase access token (JWT) for authentication
Request metadata (timestamps, endpoint, HTTP status, latency)

We do not intentionally log full timeline descriptions, export payloads, or complete AI prompts in server logs.

4.4 Local device data (not transmitted)

The App stores on your device:

A device-generated local account ID (not sent to our servers)
App preferences (for example, language choice, last-opened timeline)
Cached cloud timelines when signed in (purged on sign-out or account deletion)

We use connectivity checks locally to show online/offline state. We do not transmit a history of your network status.

5. Apple Health (preview feature)

On supported iPhones, the App includes a preview panel that can read Apple Health data (for example, steps, heart rate, sleep) only after you grant HealthKit permission.

Data is processed on your device to produce summary text.
Nothing is saved to the App's database or uploaded to our servers automatically.
The preview does not write data to Apple Health.

This feature is not a medical device and is not intended to diagnose or treat any condition.

6. How we use information

We use information to:

Provide local and cloud timeline functionality
Authenticate you and manage your account
Sync cloud timelines across sessions
Operate AI Add when you request it and your plan allows it
Delete cloud data when you delete your account
Diagnose crashes and improve stability (Sentry)
Understand feature usage and improve the App (Firebase Analytics)
Respond to support requests
Comply with law and protect our rights

We do not use your timeline content to train machine-learning models.

7. How we share information

We share information only as follows:

Recipient	Purpose	Data shared
Supabase	Authentication	Email, OAuth tokens/IDs, session data
Google	Sign in with Google; optional AI processing via our backend	OAuth profile data; AI prompts when Gemini is the provider
Apple	Sign in with Apple; HealthKit (on device)	OAuth data via Apple; health metrics stay on device unless you type them elsewhere
Anthropic (if configured)	AI Add processing	Prompt content via our backend
Our hosting provider	Cloud API and database	Cloud timelines, facts, account metadata
Sentry	Crash reporting	Technical diagnostics (no timeline content)
Google (Firebase)	Product analytics	Event names and non-content properties

We may disclose information if required by law or to protect safety, rights, or property.

We do not sell personal information.

8. Data retention

Data	Retention
Local-only timelines	On your device until you delete them or uninstall the App
Cloud timelines and facts	Until you delete them, delete your account, or we terminate the service
Account record	Until you delete your account
AI request metadata logs	Deleted when your account is deleted
Sentry / Firebase	Per those providers' retention settings; we configure minimal retention where possible

9. Account deletion

You can delete your cloud account from Settings in the App.

When you confirm deletion:

We immediately delete your cloud timelines, facts, and related server data.
We delete your Supabase authentication user.
The App purges cached cloud data on your device and signs you out.

Local-only timelines on your device are not deleted by account deletion. To remove local data, delete those timelines in the App or uninstall the App.

Sign-out removes cloud data from your device cache but does not delete server-side cloud data.

If deletion fails due to a technical error, contact us at hello@example.com.

10. Security

We use industry-standard measures including HTTPS for API traffic, authenticated access to cloud data, and separation of local and cloud account namespaces on device.

No method of transmission or storage is completely secure. You are responsible for securing access to your device.

11. Children

The App is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. Contact us if you believe a child has provided us information.

12. International transfers

We and our service providers may process information in countries other than where you live. Those countries may have different data-protection laws. By using cloud features, you consent to such transfers subject to applicable safeguards.

13. Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, or port personal information, or to object to or restrict certain processing.

Local data: manage directly in the App or by uninstalling.
Cloud data: edit or delete in the App; delete your account to remove server copies.
Analytics: iOS may offer device-level controls for analytics and tracking; the App does not use Apple's App Tracking Transparency prompt for advertising tracking.
HealthKit: revoke permission in iOS Settings → Privacy & Security → Health.

To exercise rights or ask questions, contact hello@example.com.

14. Changes to this Policy

We may update this Policy. We will post the revised version at this URL and update the effective date. Material changes may be communicated in the App or by email where appropriate. Continued use after changes take effect constitutes acknowledgment.

15. Contact

kurozu
Email: hello@example.com

For App Store privacy nutrition labels, our practices should match the disclosures in this Policy. Third-party SDKs (including Sentry and Firebase) may publish their own privacy manifests bundled with the App.