Draft. Pending legal review before any public launch. The substance reflects how the product actually works today; the language has not been reviewed by counsel.

Privacy policy

Last updated: 2026-05-28.

Kelohna AI is a personal day-planner. We think your day belongs to you. This page explains what data we collect to make the product work, who we share it with, how long we keep it, and how you can access or delete all of it on your own.

1. What we collect

• Account. Email address (for sign-in via magic link), timezone, display name, optional role / location, and your self-reported ADHD identification and medication-window answers from onboarding.
• Content you write. Morning ritual entries (Wish / Outcome / Obstacle / Plan), task drafts and subtasks, end-of-day journal text, mood, goals, commitments, and any notes in your memory compartments (chronotype, vision, patterns, projects, preferences, reflections).
• Plans Kelohna AI generates for you.The time-blocked day, the AI's rationale, the interruption log, and shutdown completion stats.
• Usage signal. Six anonymous funnel events (signup, onboarding completion, first morning ritual, first shutdown, day-7 active, day-30 active). Your user ID is hashed with a per-instance salt before it leaves the server, so the analytics processor never sees your account row.
• Errors. When something crashes, we capture stack traces and request context. We aggressively scrub journal text, task titles, WOOP fields, and any other user-typed content before sending. The error tool sees only your hashed ID.
• Billing. When you start a paid plan, Stripe captures your payment details and billing address. We mirror your subscription status, customer ID, and billing country / province locally to gate the app and enforce regional policy. We never see your card number.

2. Who we share it with

We use a small set of processors to deliver the product. Each sees only the data it needs to do its job.

• Supabase — database, auth, file storage. Hosts your account row and all the content above.
• Anthropic — generates your day plan, task breakdowns, reshuffles, memory proposals, and stuck-button reset suggestions. Each call sends only the input needed for that call; we do not train models on your data.
• Voyage AI— generates the search / journal-page embeddings used by Kelohna AI's second-brain retrieval. Only the text being embedded is sent.
• Stripe — payment processing. Handles your card details directly; we receive only metadata about the subscription.
• PostHog — anonymous funnel telemetry. Sees only the six event names and your hashed ID.
• Sentry — error tracking. Sees scrubbed stack traces and your hashed ID.
• Slack— when you tap the in-app "Tell me what's off" button, your message (with hashed ID) is delivered to a private Slack channel we read.
• Resend (Phase 5) — sends the welcome and trial-reminder emails to your address.
• Vercel — hosts the app itself. Sees standard request metadata (IP, user-agent).

We do not sell your data, run targeted advertising, or share anything with third parties outside this list. If we ever need to change this list we'll update this page and surface a notice in the app.

3. Where the data lives

Today, primary storage is Supabase's US region. PostHog can be moved to its EU instance if you set up your own instance and prefer Canadian-adjacent residency. Backups follow Supabase's retention policy (currently 7 days on the free tier).

4. How long we keep it

• While your account is active — as long as you keep using Kelohna AI.
• After you delete your account— we drop your rows on submit (the delete cascades across every table in one transaction). Backups age out within Supabase's retention window, no later than 30 days.
• Anonymous telemetry — PostHog and Sentry retention follow their default policies (typically 12 months for events, 90 days for errors). Because we never send your raw user ID, these rows cannot be linked back to you.

5. Your rights under PIPEDA

Kelohna AI is built and operated in Canada. The Personal Information Protection and Electronic Documents Act ("PIPEDA") gives you the following rights:

• Right of access. Use Settings → Export your data to download everything we hold about you as a JSON dump and as per-day Markdown. The export streams server-side; we never retain a copy.
• Right of correction. All user-edited fields (profile, goals, journal, memory compartments) are editable in the app. The vision compartment is intentionally AI-write-blocked at the database level — you are the only author.
• Right of erasure. Use Account → Delete account. The deletion happens server-side via Supabase's admin auth path and cascades across every owned table.
• Right to withdraw consent. Same path: deleting your account withdraws all consent.
• Right to lodge a complaint. You can contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.

6. Health-adjacent claims

Kelohna AI is a productivity / wellness product. It is not a medical device, and nothing in the product or marketing should be read as treating, diagnosing, curing, or preventing ADHD or any other condition. Where the product asks about medication, that is to schedule cognitive work inside your stated focus window — it is not medical advice.

7. Children

Kelohna AI is not designed for and is not directed to anyone under 13. If you believe a child has signed up, contact us and we will remove the account.

8. Changes to this policy

If we make a meaningful change, we'll update the "last updated" date above and surface a notice in the app the next time you sign in.

9. Contact

Questions, requests, complaints: write us at privacy@kelohna.xyz (placeholder — replace with your real contact before launch).