What kydos knows about you.

kydos is a self-restriction app. You block apps on your own phone, and a friend you designate — your keyholder — must approve any override. We have built kydos to need as little of your data as possible to do that job, and to keep what we do need close to the device. This policy explains, in plain language, what we collect, what we never collect, and how to remove your account.

What we collect

Your phone number

kydos uses phone-number sign-in. When you create an account we send a one-time SMS code (an OTP) to verify the number, and we store the number so you and your keyholders can find each other. We do not use email accounts, passwords, or social log-ins, and we do not ask for your real name.

Commitments, override requests, and the audit log

When you create a commitment (a set of apps to block) and when you request or resolve an override, kydos records the event so the system can enforce the rules and so your keyholder has the context they need to decide. This includes the request's state (pending, granted, denied, expired, cancelled), the timestamps, and which keyholder approved or denied. The audit log is append-only — once written, an entry cannot be edited or deleted by anyone, including us. That is intentional: the integrity of the log is what makes the commitment device meaningful.

Device push token

To deliver an override request to your keyholder's phone, we store the Apple Push Notification service (APNs) token that iOS gives us. When a token becomes invalid (for example, you uninstall the app) we mark it and stop sending to it.

Basic operational telemetry

Our backend logs the kinds of requests it handles (for example, "an override request was approved") so we can diagnose outages. These logs are short-lived operational records, not a profile of you.

What we never collect

• We do not include third-party analytics, advertising, or tracking SDKs in the iOS app. There is no Google Analytics, no Facebook SDK, no Mixpanel, no Amplitude, no Segment, no AppsFlyer — none of it.
• We do not have access to the list of apps you choose to block. iOS's Family Controls framework gives the app an opaque, device-local, cryptographically-signed handle that represents your selection. We store the handle on our backend so the rule can survive a reinstall, but the handle is meaningless off your device — neither we nor your keyholder can decode it to learn which apps you picked. Your keyholder sees only counts and labels (for example, "5 apps, 1 category").
• We do not see your screen time, app usage, location, contacts, photos, or microphone. kydos does not request those permissions and the iOS DeviceActivityMonitor extension runs in a sandbox with a strict memory ceiling and no network access.
• We do not sell or rent your data. kydos has no advertising business and no plans for one.

Where your data lives

Account records, commitments, override requests, and the audit log are stored in Supabase, our managed Postgres provider. Push notifications go through Apple's APNs gateway. SMS one-time codes are sent through Supabase's SMS provider. We use HTTPS for all transport between your device and our backend.

Inside Postgres, access to your rows is enforced by row-level security policies: you can read your own data and your keyholders can read only the commitments they are assigned to guard.

What lives only on your device

Two important things never leave your phone: the decoded Family-Controls selection (described above) and the live shield state. Even our servers cannot tell your phone to unlock past a grant's expiry — the device is the source of truth for whether the shield is currently up. This is not a policy choice; it is enforced by how the iOS app is built.

Keyholders and what they see

When you invite someone to be a keyholder and they accept, they can see the commitments they are assigned to: the title, the schedule, the counts of selected apps, and the override requests you send them. They cannot see your other commitments, other override requests, or any commitment they are not assigned to.

Children

kydos is not directed at children under 13 and we do not knowingly collect data from them. If you believe a child has created an account, contact us and we will delete it.

Deleting your account

Account deletion is handled through our support flow. Because login is by phone-OTP only, deletion requires re-verifying control of the phone number on the account. Email support@kydos.app from any address; we will send a one-time code to the phone number you specify and, once verified, delete your account.

Deletion removes your profile, your commitments, your push tokens, and your override requests. The append-only audit log retains the cryptographic record of past state transitions but the rows it references are removed, so the log is no longer linked to a live account.

Changes to this policy

If we materially change what we collect or how we use it, we will update this page and the "last updated" date at the top. For material changes that affect existing users, we will surface a notice in the app on next launch.

Contact

Questions, requests, or concerns: email support@kydos.app.