← Back to Kenki
Privacy Policy
Last Updated: April 2026
Summary: Your health data belongs to you. We do not sell it. We do not share it with advertisers. We use it solely to provide you with the Kenki service. You may export or delete your data at any time.
1. Information We Collect
Health Data You Provide
The core purpose of Kenki is to store and display the health information you choose to track. This includes:
- Vitals such as blood pressure, heart rate, temperature, blood oxygen, respiratory rate, and blood glucose.
- Body measurements including weight, height, BMI, body fat percentage, and waist or hip measurements.
- Nutritional information including food intake, calorie counts, macronutrients, and water consumption.
- Medication details including names, dosages, schedules, and reminders.
- Sleep data including duration, quality ratings, and patterns.
- Menstrual health data including cycle tracking, symptoms, and flow.
- Dental records including appointments, procedures, and provider notes.
- Supplement information including types, dosages, and schedules.
- Appointment records including provider names, dates, and personal notes.
Account Information
- Your email address.
- Your name, if you choose to provide it.
- Your password, which is cryptographically hashed. We never see or store your actual password in plain text.
- Your account preferences and settings.
Technical Data Collected Automatically
- Device type and browser information.
- IP address, used solely for security and abuse prevention purposes.
- Push notification tokens, if you have enabled notifications.
- General usage patterns, including pages visited and features accessed.
Information We Do Not Collect
- Social Security numbers or government identifiers.
- Insurance or billing information, except as required for subscription payments.
- Genetic or biometric data.
- Location or geolocation data.
- Contacts, phone records, or other device data.
2. How We Use Your Data
| Purpose | Data Used |
|---|
| Displaying your personal health dashboard | Health data you enter |
| Sending reminders and notifications | Medication schedules, push notification tokens |
| Authenticating your account | Email address, hashed password |
| Improving the Service | Aggregated, anonymized usage patterns |
| Security and abuse prevention | IP address, device information |
| Providing customer support | Email address, account information |
| Processing payments | Handled by our payment processor; we do not store payment card details |
3. How We Store and Protect Your Data
- Database: Your data is stored in Supabase, a cloud-hosted PostgreSQL database with encryption at rest.
- Data in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
- Security Infrastructure: Cloudflare provides DDoS protection and SSL termination for the Service.
- Authentication: Supabase Auth handles user authentication with bcrypt password hashing.
- Access Controls: Row-level security ensures that you can only access your own data. No other user or administrator can view your health records.
- Backups: Automated, encrypted database backups are maintained to ensure data integrity and disaster recovery.
4. Data Retention
We retain your personal information for as long as your account remains active. Following account deletion, we apply the following retention schedule:
- Health data is permanently deleted within thirty (30) days of account closure.
- Account information is permanently deleted within thirty (30) days of account closure.
- Backup copies are purged within ninety (90) days of account closure.
- Anonymized, aggregated analytics data that cannot be linked to any individual may be retained indefinitely for service improvement purposes.
5. Data Sharing
We do not sell your data. We do not sell, rent, trade, or otherwise make available your personal health information to advertisers, data brokers, or any third party for marketing or commercial purposes.
We share data only with the following service providers, and only as necessary to operate the Service:
| Provider | Purpose | Data Shared |
|---|
| Supabase | Database hosting and authentication | All user data (encrypted at rest) |
| Cloudflare | Content delivery, security, and DNS | IP addresses and request metadata |
| Resend | Transactional email delivery | Email addresses only |
| USDA FDC | Food and nutrition database lookups | Food search queries; no user identifiers are transmitted |
We may also disclose your information when required to do so by law, to protect the safety of our users or the public, or to enforce our Terms & Conditions.
6. Cookies and Local Storage
Kenki uses the following client-side storage mechanisms:
- Authentication tokens stored in your browser's local storage to maintain your signed-in session.
- Theme preference stored locally to remember your display mode selection (dark or light).
- Cloudflare security cookies, which are set by Cloudflare for performance and security purposes and are not controlled by Kenki.
We do not use tracking cookies, advertising cookies, or third-party analytics cookies of any kind.
7. Your Rights
Regardless of your location, you have the following rights with respect to your personal information:
- Right of Access: You may view all personal data that we hold about you.
- Right to Export: You may download your data in standard, portable formats through Settings, then Data Export.
- Right to Correction: You may update or correct any inaccurate personal data at any time.
- Right to Deletion: You may request the complete and permanent deletion of your account and all associated data.
- Right to Restrict Processing: You may ask us to limit the manner in which we process your data.
- Right to Object: You may opt out of any non-essential data processing.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within thirty (30) days.
If you are a California resident, please refer to our California Residents page for information regarding additional rights available to you under the CCPA and CPRA.
8. Data Breach Notification
In the event of a data breach that affects your personal information, we will take the following steps:
- Notify affected users via email within seventy-two (72) hours of discovering the breach.
- Provide a description of the data that was affected and the remedial actions we are undertaking.
- Report the breach to relevant governmental authorities as required by applicable law.
- Provide guidance on protective steps you may take in response.
9. Children's Privacy
The Service is not intended for individuals under the age of thirteen (13). We do not knowingly collect personal information from children under thirteen. If you believe that a child under thirteen has provided personal information to us, please contact us at [email protected] and we will take prompt action to delete such information.
10. International Users
Kenki is operated in the United States of America. If you access the Service from a location outside the United States, please be aware that your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer and to the processing of your data in accordance with this Privacy Policy and applicable United States law.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. For material changes, we will provide you with notice via email or through the Service at least thirty (30) days before the revised policy takes effect. The "Last Updated" date at the top of this page indicates the date of the most recent revision.
12. Contact Us
For privacy inquiries, data access requests, or concerns about our data practices, please contact us at:
See also: Terms & Conditions · Privacy Practices · California Residents · User Bill of Rights