Privacy Policy for Kestralis

Last Updated: February 7, 2026
Effective Date: February 7, 2026

Introduction

Welcome to Kestralis ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Kestralis mobile application (the "App").

Kestralis is a visual scheduling application designed to help individuals with autism, neurodivergent needs, and cognitive challenges create and manage predictable daily routines.

By using the App, you agree to the collection and use of information in accordance with this Privacy Policy.

Contact Information

If you have questions about this Privacy Policy, please contact us:

Email: support@kestralis.app
Website: https://kestralis.app

Information We Collect

1. Personal Information You Provide

When you create an account, we collect:

Email Address: Used for account creation, authentication, and communication
Name (Optional): Used for personalization within the app
Password: Securely hashed and encrypted (we never store plain-text passwords)

2. Automatically Collected Information

When you use the App, we automatically collect:

App Usage Data (via Firebase Analytics)

Device information (model, operating system version, unique device identifiers)
App interactions (features used, screens visited, buttons clicked)
Session duration and frequency
App version and build number
Geographic location (country/region level, not precise location)

Crash and Diagnostic Data (via Firebase Crashlytics)

Stack traces and error logs
Device state at time of crash
App version information
Anonymous device identifiers

3. User-Generated Content

The following data is stored locally on your device and is NOT automatically sent to our servers:

Schedules: Your created schedules and tasks
Task Information: Titles, descriptions, and notes
Images: Photos you add to tasks (stored locally)
Preferences: App settings, theme choices, contrast levels

Cloud Sync (Premium/Pro Only):

If you subscribe to Premium or Pro and enable cloud sync, your schedules are backed up to Firebase Cloud Firestore
This is opt-in and can be disabled at any time
You can delete cloud backups from the app settings

4. Payment Information

We do NOT collect or store payment information directly. All in-app purchases and subscriptions are processed by:

Google Play Store (for Android devices)
Apple App Store (for iOS devices)

These platforms handle all payment processing according to their own privacy policies. We only receive:

Subscription status (active/canceled/expired)
Product ID purchased
Anonymous transaction identifiers

We do not have access to your credit card numbers, billing addresses, or other payment details.

5. Advertising Data (Free Tier Only)

If you use the free, ad-supported version of Kestralis, Google AdMob may collect:

Device advertising ID
IP address
Device information
Ad interaction data

This data is used to serve personalized ads. You can:

Opt out of personalized ads in your device settings (Android: Settings → Google → Ads)
Upgrade to Premium to remove all ads
Disable ads in app settings (you may see fewer features)

See Google's Privacy Policy for more information.

How We Use Your Information

We use the collected information for the following purposes:

1. To Provide and Improve the App

Account Management: Create and manage your account
Authentication: Securely log you in and maintain your session
Feature Delivery: Provide core scheduling and task management features
Personalization: Customize the app experience based on your preferences
Cloud Sync: Backup and sync schedules across devices (Premium/Pro only)

2. To Analyze and Improve Our Services

Usage Analytics: Understand how users interact with the app
Feature Development: Identify popular features and areas for improvement
Bug Fixes: Detect and resolve crashes and technical issues
Performance Optimization: Improve app speed and reliability

3. To Communicate with You

Service Notifications: Important updates about your account or the app
Subscription Management: Renewal reminders, payment confirmations
Customer Support: Respond to your inquiries and requests
Product Updates: Inform you about new features (you can opt out)

4. To Ensure Security and Prevent Fraud

Account Security: Protect against unauthorized access
Fraud Prevention: Detect and prevent fraudulent transactions
Compliance: Comply with legal obligations and protect our rights

5. To Serve Advertisements (Free Tier)

Ad Delivery: Display relevant advertisements via Google AdMob
Ad Personalization: Show ads based on your interests (can opt out)

We do NOT use your schedule content, task descriptions, or photos for advertising purposes.

How We Share Your Information

We do NOT sell your personal information to third parties. We only share your information in the following limited circumstances:

1. Service Providers

We share information with trusted third-party service providers who assist us in operating the App:

Firebase (Google LLC)

Purpose: Authentication, cloud storage, analytics, crash reporting
Data Shared: Email, device info, usage data, crash logs
Privacy Policy: https://firebase.google.com/support/privacy

Google AdMob (Google LLC)

Purpose: Serving advertisements (free tier only)
Data Shared: Device advertising ID, IP address, ad interactions
Privacy Policy: https://policies.google.com/privacy

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

2. Legal Requirements

We may disclose your information if required by law or in response to:

Court orders or legal processes
Government or regulatory requests
Protection of our rights, property, or safety
Prevention of fraud or illegal activity
Compliance with applicable laws and regulations

3. Business Transfers

If Kestralis is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change in ownership or control of your personal information.

4. With Your Consent

We may share your information for other purposes with your explicit consent.

Data Storage and Security

Where Your Data is Stored

Local Storage: Schedules, tasks, and images are stored locally on your device using Hive (encrypted database)
Secure Storage: Account credentials are stored using Flutter Secure Storage (encrypted)
Cloud Storage (Optional): Cloud sync uses Firebase Cloud Firestore (Google Cloud Platform)
Server Location: Firebase servers are located in the United States

Security Measures

We implement industry-standard security measures to protect your information:

Encryption in Transit: All data transmitted between the app and our servers uses HTTPS/TLS encryption
Encryption at Rest: Local data is encrypted using platform-specific secure storage
Password Security: Passwords are hashed using SHA-256 with salt before storage
Firebase Security: Protected by Firebase Authentication and Firestore security rules
Regular Audits: We regularly review our security practices

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

Account Data: Retained until you delete your account
Usage Analytics: Aggregated data retained indefinitely (anonymized)
Crash Logs: Retained for 90 days
Local Data: Stored on your device until you delete the app or clear data
Cloud Backups: Stored until you disable cloud sync or delete your account

Your Rights and Choices

You have the following rights regarding your personal information:

1. Access Your Information

You can access your account information and schedules within the app at any time.

2. Update Your Information

You can update your email address and name in the app settings.

3. Delete Your Account

To delete your account and all associated data:

In-App: Go to Settings → Account → Delete Account
Email: Contact support@kestralis.app with your request

Upon deletion:

Your account will be permanently deleted within 30 days
All cloud-synced data will be removed from our servers
Local data will be removed from your device
This action is irreversible

4. Opt Out of Analytics

You cannot fully opt out of Firebase Analytics while using the app, as it's integral to app functionality. However, you can:

Enable "Limit Ad Tracking" on your device (iOS)
Reset your advertising ID (Android)

5. Opt Out of Personalized Ads

To disable personalized advertising:

Android: Settings → Google → Ads → Opt out of Ads Personalization
iOS: Settings → Privacy → Advertising → Limit Ad Tracking
In-App: Upgrade to Premium to remove all ads

6. Disable Cloud Sync

If you have Premium or Pro:

Go to Settings → Cloud Sync → Disable
Your data will only be stored locally

7. Export Your Data

To request a copy of your data, contact support@kestralis.app. We will provide your data in a machine-readable format within 30 days.

8. Lodge a Complaint

If you believe we have violated your privacy rights, you can file a complaint with:

Email: support@kestralis.app
Data Protection Authority: Contact your local data protection authority (e.g., ICO in UK, CNIL in France)

Children's Privacy (COPPA Compliance)

Kestralis is NOT directed at children under the age of 13. While the app is designed to help individuals with special needs (including children), it is intended to be set up and managed by parents, guardians, or caregivers.

We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@kestralis.app, and we will delete such information.

For Parents and Guardians:

You are responsible for creating and managing accounts for children
Use strong passwords and keep login credentials secure
Monitor app usage and settings
Review schedules and content regularly

International Data Transfers

Kestralis is operated internationally. If you are located outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States (where Firebase servers are located).

By using the App, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

For European Users (GDPR Compliance):

We comply with the General Data Protection Regulation (GDPR)
Firebase is Privacy Shield certified for EU-US data transfers
You have the right to request access, correction, deletion, and portability of your data
You have the right to object to processing and withdraw consent

Third-Party Links and Services

The App may contain links to third-party websites or services (e.g., social media platforms, support pages). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

Third-Party Services We Use

Firebase (Google LLC): https://firebase.google.com/support/privacy
Google AdMob (Google LLC): https://policies.google.com/privacy
Google Play Services (Google LLC): https://policies.google.com/privacy
Apple App Store (Apple Inc.): https://www.apple.com/legal/privacy/

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

When we make changes:

We will update the "Last Updated" date at the top of this policy
We will notify you via email (if you have an account) or in-app notification
For material changes, we will provide at least 30 days' notice

Your continued use of the App after changes take effect constitutes your acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know

You have the right to request information about:

Categories of personal information we collect
Sources of personal information
Purposes for collecting or sharing personal information
Categories of third parties with whom we share information

Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

Right to Opt-Out of Sale

We do NOT sell your personal information. We do not and will not sell your data.

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

How to Exercise Your Rights

To exercise your CCPA rights, contact us at support@kestralis.app with the subject line "CCPA Request." We will respond within 45 days.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing

We process your personal information based on:

Consent: You consent to our use of your information
Contract: Necessary to provide our services
Legitimate Interests: To improve and secure our services
Legal Obligations: To comply with applicable laws

Your GDPR Rights

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restriction: Limit how we use your data
Right to Data Portability: Receive your data in a portable format
Right to Object: Object to our processing of your data
Right to Withdraw Consent: Withdraw consent at any time

How to Exercise Your Rights

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority.

Accessibility

We are committed to making this Privacy Policy accessible to everyone. If you have difficulty reading this policy due to a disability, please contact us at support@kestralis.app, and we will provide it in an alternative format.

Consent

By using Kestralis, you consent to:

The collection and use of your information as described in this Privacy Policy
The transfer of your data to the United States and other countries
The use of cookies and similar technologies (where applicable)

You can withdraw your consent at any time by:

Deleting your account
Uninstalling the app
Contacting us at support@kestralis.app

Questions and Feedback

We value your privacy and welcome your questions or feedback about this Privacy Policy.

Please contact us:

Email: support@kestralis.app
Website: https://kestralis.app
In-App: Settings → Support → Contact Us