Your data lives on your phone.
Not ours.

1. Who we are

Kriva.ai ("Kriva", "we", "our", "us") provides a women's health and symptom-tracking application available on iOS. This policy explains how we handle information when you visit our website or use our mobile app.

2. What we collect — and what we don't

On your device (local storage)

When you use Kriva, the following information is stored locally on your device and is not transmitted to us by default:

• Cycle, period, mood, energy, and symptom logs
• Custom preferences and reminder times
• Generated reads and pattern insights
• Onboarding answers (age range, conditions you flag, etc.)

This data never leaves your device unless you take a specific action (such as enabling backup or contacting support and choosing to attach data).

Cross-device sync (your iCloud, never ours)

If you're signed into iCloud on your device, your logs sync across your own devices (iPhone, iPad, future Mac) through Apple's CloudKit private database. To be clear about what this means:

• The data lives in your iCloud account, not on any server Kriva operates.
• Kriva cannot read, decrypt, copy, or recover that data. We have no access.
• Disabling iCloud or signing out keeps the app working locally — sync just pauses.
• Deleting the app, or wiping data from Profile → Privacy, also removes the CloudKit copy. Apple's standard iCloud data-management controls apply.

Daily AI readings

The morning, afternoon, and evening readings are generated by a third-party AI provider (Anthropic). For each reading:

• Relevant signals (cycle day, recent symptoms, sleep, mood, recent journal text if any) are sent to the AI provider over an encrypted connection.
• The AI provider returns the reading and we render it. The provider does not retain your inputs for training and does not link them to an identity we have ever shared.
• Kriva does not store the inputs on any server. The reading itself is cached on your device for 8 hours so the app stays responsive.

Optional sign-in

Sign in with Apple is optional. When you use it, Apple gives the app a stable pseudonymous user identifier and (if you allow it) an email or Apple's private-relay address. These are stored in the device Keychain only. Kriva does not currently send sign-in data to any server. If we later introduce a paid plan, the identifier may be used for entitlement verification at that point — never for marketing.

Information we collect automatically

• Analytics — on by default, configurable in Profile → Analytics. We send a small fixed set of anonymous events (no name, no email, no symptom names, no question text, no journal text) tied to a per-install random UUID. The data is strictly anonymous and used only to see which features matter and where people get stuck. One tap turns it off; the off state is honoured per install.
• Crash and hang diagnostics — collected on-device by Apple's MetricKit and Xcode Organizer. We see crashes from TestFlight and App Store builds with the same level of detail Apple provides to every developer; no personal data is included.

You can turn analytics off in Profile → Analytics. The setting is remembered per install.

What we do not collect

• We do not collect your real name, phone number, or home address.
• We do not access your contacts, photo library, microphone, or location unless you explicitly grant permission for a specific feature.
• We do not run third-party advertising or behavioural tracking.
• We do not sell, rent, or trade your data.

3. How we use information

• To run the app on your device and surface daily reads and patterns to you.
• To restore your data if you reinstall the app and have backup enabled.
• To respond to support requests you initiate.
• To diagnose bugs and improve performance, using anonymised data only.
• To comply with legal obligations when required.

4. Sensitive health data

Information about your menstrual cycle, mood, symptoms, and related signals is sensitive personal data. We treat it accordingly:

• By design, this data is never sent to us unless you enable backup.
• Backed-up data is end-to-end encrypted; we cannot decrypt it.
• We will never share this data with employers, insurers, advertisers, or law enforcement except where compelled by valid legal process — and even then we can only hand over encrypted blobs we cannot read.

5. Sharing with third parties

The only third parties involved in Kriva are infrastructure providers that strictly process data on our behalf:

• Apple / Google — for sign-in and app distribution.
• Cloud storage provider — to host encrypted backup blobs and crash logs.

Each is bound by data-processing agreements. We do not share data with advertisers, data brokers, or analytics vendors that build user profiles.

6. Your rights

You have the right to:

• Access — view all data Kriva stores about you, directly inside the app.
• Delete — wipe local data by deleting the app, and delete cloud backup from Settings.
• Export — download your logs as a portable JSON file from Settings.
• Object — opt out of anonymous diagnostics.
• Withdraw consent — disable cloud backup at any time.

If you are in the EU/UK, India, California, or another jurisdiction with applicable data protection law, these rights are guaranteed under that law. To exercise them, open the app and go to Settings → Privacy → Submit a request, or DM us on X at @kriva_ai.

7. Data retention

Local data persists until you delete the app or wipe it from Settings. Encrypted cloud backups persist until you disable backup or delete your account. Anonymised diagnostics are retained for up to 90 days, then aggregated or deleted.

8. Children's privacy

Kriva is intended for users aged 13 and over. We do not knowingly collect data from children under 13. If you believe a child under 13 is using Kriva, please contact us so we can remove their data.

9. International users

Kriva is available worldwide and our team is based in India. If you use Kriva from outside India, your data — if you enable optional backup — may be processed in India or in the region where our cloud provider operates. We apply the same privacy protections to all users, everywhere.

10. Security

We use modern encryption (AES-256 at rest, TLS 1.3 in transit) for all backed-up data. Local-only data is protected by your device's own security model. No system is perfectly secure, but our local-first design means there is very little of yours on our servers to protect in the first place.

11. Changes to this policy

If we materially change this policy, we will notify you inside the app before the changes take effect and update the date above. We will not retroactively reduce your rights without your explicit consent.

12. Contact us

The fastest way to reach us:

• DM on X: @kriva_ai
• In-app: Settings → Send feedback

Kriva.ai — available worldwide, team based in India.