Privacy
Policy.

Kavrylo collects only what is strictly necessary to make the service work. Nothing more.

• Account data — your email address and the password you choose (stored hashed, never in plain text) when you sign up.
• Messages — the content of the conversations you have through the app, stored on secure infrastructure to enable delivery and history.
• Technical data — basic connection information such as timestamps and IP addresses, generated automatically by the server when you use the service.
• OAuth tokens — if you sign in via Google or Apple, we receive a token and your email address from that provider. We do not receive your password or full profile.

Your data is used for one purpose: making Kavrylo work for you.

• Authenticating you when you sign in.
• Delivering messages between you and the people you talk to.
• Keeping your conversation history accessible to you.
• Diagnosing technical problems if something breaks.

Your data is never used for advertising, never sold, never shared with data brokers, and never analyzed to build a profile of you. There is no algorithm deciding what you see — you see what people send you, in order.

Messages are stored in a database to make the service work — so you can retrieve your history, and so messages arrive even if you're offline.

This is a personal project, not a surveillance product. The value of Kavrylo depends entirely on you being able to trust it.

If full end-to-end encryption (where even the server cannot read messages) is added in the future, this policy will be updated to reflect that.

Kavrylo relies on a small number of third-party services to function. Each one is chosen carefully.

• Supabase — handles authentication and database storage. Your account data and messages are stored on their infrastructure. Supabase is GDPR-compliant and can be configured to store data in the EU. Supabase privacy policy →
• Google / Apple — only if you choose to sign in via OAuth. These providers share only your email address and a token with Kavrylo. Their own privacy policies govern what they collect on their end.

No advertising networks, tracking pixels, analytics platforms, or social media SDKs are embedded on this site.

Your data is stored on Supabase servers. Depending on configuration, this may be located in the European Union or the United States. Supabase applies standard security practices including encryption at rest and in transit.

Your data is kept for as long as your account exists. If you delete your account, your messages and account information will be permanently removed from the database. There are no hidden backups retained for commercial purposes.

If the service were to shut down, users would be informed and given a reasonable window to export or retrieve their data before deletion.

Regardless of where you live, you have the following rights with respect to your data:

• Access — you can ask what data is stored about you at any time.
• Correction — you can ask to correct inaccurate data.
• Deletion — you can request permanent deletion of your account and all associated data.
• Portability — you can request a copy of your data in a readable format.
• Objection — you can object to any processing you're not comfortable with.

To exercise any of these rights, simply get in touch. As a personal project, these requests are handled directly and personally — not by a support bot or a ticketing system.

If this policy changes in a way that affects your rights or how your data is used, you will be notified — either by email or by a visible notice on the site — before the change takes effect.

Minor clarifications or wording updates may happen without notice, but the effective date at the top of this page will always reflect when the last meaningful change was made.

This policy will never be updated to quietly introduce advertising, data selling, or tracking. If the project ever moves in a direction that would require that, users will be told clearly and given the option to leave.

Kavrylo is a personal project. If you have any questions about this policy, want to exercise your rights, or simply want to understand something better — reach out directly. There's a real person on the other side.