Kisdo Privacy Policy

1. Introduction

Kisdo ("we," "us," or "our") is a nature observation journal app designed exclusively for nature enthusiasts to document plant and animal observations—including capturing photos, recording species details, using built-in species identification, organizing entries by ecological environment, and generating a "Nature Calendar." This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data when you use our App. By downloading, installing, or using Kisdo, you acknowledge that you have read, understood, and agree to the practices described in this Policy. We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws of the United Kingdom.

2. What Data We Collect

We only collect data that is necessary to provide, improve, and secure the Kisdo App and its features. The data we collect falls into two categories: Personal Data (information that identifies or can be linked to you) and Non-Personal Data (information that cannot be used to identify you, even when combined with other data).

2.1 Personal Data

We may collect the following Personal Data, depending on your use of the App:

Account Information: If you choose to create a Kisdo account (optional), we collect your email address. This helps us verify your account, send important updates (e.g., policy changes or security alerts), and respond to your support requests.
Location Data: If you enable location permissions in your device settings, we collect your approximate or precise location (e.g., GPS coordinates) to tag your nature observations with the correct "observation location." This data is only collected when you actively create an observation entry and consent to location tagging.
User-Generated Content (UGC) with Personal Links: Any photos, notes, or observation details you submit that include personal information (e.g., a photo of you alongside a plant, or a note mentioning your full name) are considered Personal Data. You control whether to include such information in your entries.

2.2 Non-Personal Data

We collect Non-Personal Data to analyze App usage, fix technical issues, and enhance user experience. This includes:

Technical Data: Device model, operating system (OS) version, App version, unique device identifiers (e.g., IMEI or UUID, stripped of personal identifiers), and network type (e.g., Wi-Fi or cellular).
Usage Data: Features you access (e.g., "species identification" or "Nature Calendar"), frequency and duration of App sessions, time spent on specific tasks (e.g., editing an observation entry), and error logs (to troubleshoot crashes or glitches).
Anonymized Observation Data: Aggregated, non-identifiable data about observations (e.g., "100 users recorded cherry blossom sightings in April")—this data is stripped of all personal information (e.g., location tags are generalized to a region, not a precise address) and used only to improve App features or share nature-related insights (e.g., seasonal trend reports for users).

3. How We Use Your Data

We use your data solely for purposes that are compatible with the App's core functionality and disclosed in this Policy. Below are the specific uses:

3.1 To Provide and Maintain the App

Store your observation entries (photos, species names, location tags, notes) locally on your device by default. If you enable cloud backup (optional), we store this data on secure servers to ensure you can recover your entries if you switch devices or reinstall the App.
Use your location data (with consent) to auto-fill the "observation location" field for your entries, eliminating the need for manual input.
Use your email address (if you have an account) to send account-related notifications (e.g., password reset links) and critical App updates (e.g., security patches).

3.2 To Improve and Personalize the App

Analyze usage data to identify popular features (e.g., which ecological environment categories users prefer) and optimize UI/UX (e.g., simplifying the observation entry process).
Refine the built-in species identification tool: We use anonymized observation data (e.g., photos of plants/birds with confirmed species names) to train and improve the tool's accuracy—no personal data is used for this training.
Personalize your "Nature Calendar": Use your recorded species sighting dates to auto-generate a timeline of seasonal shifts (e.g., marking when you first spotted migratory birds each year) tailored to your observations.

3.3 To Ensure Security and Compliance

Monitor for and prevent fraudulent activity, unauthorized access, or misuse of the App (e.g., detecting unusual login attempts to protect your account).
Comply with legal obligations under UK law (e.g., responding to valid court orders or regulatory requests for data, if required).

3.4 To Communicate with You

Respond to your support inquiries sent to ksidobishenrr456@zohomail.com (we use your email address to follow up on your questions).
Send optional, non-intrusive updates (e.g., tips for using the "Nature Calendar" or alerts about local nature events)—you can opt out of these communications at any time via the App's settings.

4. How We Store Your Data

We prioritize the security of your data and use industry-standard measures to protect it from unauthorized access, loss, or theft:

4.1 Storage Location

Local Storage: Most of your data (observation entries, photos, notes) is stored directly on your device by default. We do not access or process this local data unless you explicitly enable cloud backup.
Cloud Storage: If you use cloud backup, your data is stored on secure servers hosted by reputable third-party providers (compliant with GDPR) in the European Union. We never store your data in regions with inadequate data protection laws.

4.2 Storage Duration

Personal Data: We retain your email address (if you have an account) until you delete your account. Your location data is retained only as part of your observation entries (you can delete individual entries or disable location permissions at any time).
Observation Data: Local observation data remains on your device until you delete it. Cloud-stored observation data is retained until you disable cloud backup or delete your account (after which it is permanently erased within 7 days).
Non-Personal Data: Anonymized usage data and technical data are retained for 12 months after collection (to track long-term App performance) and then deleted or further anonymized.

4.3 Security Measures

Encrypt data in transit (using TLS 1.3) when you sync observation entries to the cloud or send messages to our support team.
Encrypt data at rest (using AES-256 encryption) for cloud-stored data.
Restrict access to your data: Only authorized Kisdo team members (e.g., support staff) can access your Personal Data, and only for legitimate purposes (e.g., resolving a support ticket).
Regularly update security protocols and conduct vulnerability assessments to protect against emerging threats.

5. How We Disclose Your Data

We never sell, rent, or share your Personal Data with third parties for marketing purposes. We only disclose your data in the following limited circumstances:

5.1 To Trusted Third-Party Service Providers

We work with third parties who assist us in operating the App, but these providers are bound by strict confidentiality agreements and can only use your data to perform services on our behalf. Examples include:

Cloud storage providers (to host your backup data, as noted in Section 4.1).
Email service providers (to send account-related notifications or support responses).
Analytics tools (to collect non-Personal Data about App usage—these tools do not have access to your Personal Data).

5.2 For Legal Compliance or Safety

We may disclose your data if required by law (e.g., to comply with a court order, subpoena, or regulatory investigation) or to protect our legal rights (e.g., responding to claims that your use of the App violates third-party rights).
We may disclose data in emergency situations to protect your safety or the safety of others (e.g., if your observation entries indicate a risk to wildlife or public health, and we need to notify relevant authorities).

5.3 In the Event of a Business Transaction

If Kisdo is acquired, merged, or sells all or part of its assets, your data may be transferred to the new owner—but the new owner will be bound by this Privacy Policy (or a similar policy that protects your data to the same standard). We will notify you of such a transfer via email (if you have an account) or a pop-up in the App.

6. Your Data Rights Under GDPR

As a user in the United Kingdom, you have the following rights under GDPR regarding your Personal Data. We make it easy to exercise these rights:

6.1 Right to Access

You can request a copy of all Personal Data we hold about you (e.g., your account information, cloud-stored observation entries). To exercise this right, email us at ksidobishenrr456@zohomail.com with the subject line "Data Access Request." We will respond within 30 days.

6.2 Right to Correct Inaccurate Data

If your Personal Data is incorrect (e.g., a typo in your email address or an incorrect location tag), you can update it directly in the App (e.g., edit your account settings or observation entries) or contact us to correct it.

6.3 Right to Erasure ("Right to Be Forgotten")

You can request that we delete all your Personal Data:

Delete your account: Go to the App's "Settings" > "Account" > "Delete Account"—this will erase your email address and all cloud-stored observation data.
Delete local data: Delete individual observation entries or uninstall the App (uninstalling will remove all local data from your device).

For additional erasure requests, email us at ksidobishenrr456@zohomail.com with the subject line "Data Erasure Request." We will confirm deletion within 30 days.

6.4 Right to Restrict Processing

You can ask us to stop processing your Personal Data (e.g., pause cloud backup of your observation entries). To do this, adjust your App settings (e.g., disable cloud backup) or contact us for assistance.

6.5 Right to Data Portability

You can request to receive your Personal Data in a structured, machine-readable format (e.g., a CSV file of your observation entries) so you can transfer it to another service. Email us at ksidobishenrr456@zohomail.com with the subject line "Data Portability Request" to exercise this right.

6.6 Right to Withdraw Consent

You can withdraw consent for data collection/processing at any time:

Disable location permissions: Go to your device's "Settings" > "Kisdo" > "Location" and select "Never."
Opt out of non-essential emails: Click the "Unsubscribe" link at the bottom of any promotional email, or adjust your App's "Notification" settings.

Withdrawing consent will not affect the lawfulness of processing based on consent before withdrawal.

7. Children's Privacy

Kisdo is not intended for use by children under the age of 13. We do not knowingly collect Personal Data from children under 13. If we learn that we have collected data from a child under 13 without parental consent, we will immediately delete that data. If you are a parent or guardian and believe your child has used Kisdo, please contact us at ksidobishenrr456@zohomail.com to request deletion.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in App features, laws, or our data practices. When we make material changes:

We will post the updated Policy in the App (via a pop-up notification) and on our website (if applicable).
We will notify you via email (if you have an account) at least 7 days before the changes take effect.

Your continued use of Kisdo after the effective date of the updated Policy constitutes acceptance of the changes. We encourage you to review this Policy periodically.

9. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your data, please contact us at:

Email: ksidobishenrr456@zohomail.com

Response Time: We will respond to all inquiries within 30 business days.

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO), the independent authority for data protection in the UK.