KavroBack to planner

Privacy Policy

Effective 17 April 2026

1. Who we are

This Privacy Policy explains how Kavro (“we”, “us”, “our”) collects and uses your personal data when you use the Kavro service at kavro.app. We act as the data controller for the information described here.

2. What we collect

We collect the minimum data needed to run the service:

  • Account data - your email address, name (if provided), and a Kavro user ID, via our authentication provider Clerk.
  • Your content - the tasks, lists, and backlog items you create inside Kavro.
  • Billing data - if you subscribe, Stripe collects your payment details. We only receive a subscription status and a customer ID; we never see or store full card numbers.
  • Calendar data - if you connect Google Calendar, we store OAuth tokens securely so we can read your upcoming events. You can disconnect at any time.
  • Usage logs - standard server logs (IP address, user agent, timestamps) to keep the service secure and debug issues.

3. How we use your data

We use your data to:

  • run and maintain Kavro;
  • authenticate you and secure your account;
  • process subscription payments;
  • send transactional emails (welcome, receipts, important updates);
  • send occasional product emails you can unsubscribe from at any time;
  • comply with legal obligations.

We do not sell your personal data and we do not use your tasks or notes to train AI models.

4. Legal bases (UK/EU users)

We rely on the following legal bases under UK GDPR / GDPR: performance of contract (to provide the service you signed up for), legitimate interests (to keep the service secure and improve it), consent (for optional integrations such as Google Calendar, and marketing emails), and legal obligation (e.g. keeping financial records).

5. Who we share data with

We use a small number of trusted processors to run Kavro. They only handle your data to provide services to us:

  • Clerk - authentication and account management.
  • Stripe - subscription billing.
  • Vercel - hosting and delivery.
  • Neon - database hosting.
  • Resend - transactional email delivery.
  • Google - only if you choose to connect your Google Calendar.

We may also share data if required by law, to protect our rights, or in connection with a business sale or restructure.

6. International transfers

Some of our processors are based outside the UK/EU. Where data is transferred internationally we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

7. How long we keep data

We keep your account data while your account is active. If you delete your account, we remove your content within 30 days, except where we need to keep limited records to meet legal, tax, or accounting obligations.

8. Your rights

Depending on where you live, you may have the right to access, correct, delete, export, or restrict the processing of your personal data, and to object to processing or withdraw consent. To exercise any of these rights, email hello@kavro.app. UK/EU users also have the right to lodge a complaint with their local data protection authority.

9. Cookies and tracking

Kavro uses only the cookies strictly necessary to keep you signed in and to operate the service. We do not use third-party advertising or cross-site tracking cookies.

10. Security

We use HTTPS, encrypted storage, and least-privilege access controls to protect your data. No system is perfectly secure, so please use a strong password and keep your account credentials safe.

11. Children

Kavro is not intended for anyone under 16. We do not knowingly collect data from children. If you believe a child has signed up, contact us and we will delete the account.

12. Changes

We may update this Privacy Policy from time to time. Material changes will be notified by email or in-app.

13. Contact

Privacy questions or requests? Email hello@kavro.app.

Terms of ServiceBack to Kavro