Privacy Policy

KYVRO is the data controller for personal data processed through the KYVRO service. For privacy questions, contact our Data Protection Office at privacy@kyvro.app.

• Account data: email, phone, display name, avatar, date of birth, language, password hash, auth provider IDs.
• Creator & KYC data: legal name, address, government ID, selfie verification, tax ID, payout account — collected only when you opt into monetization.
• Content: reels, live streams, chat messages, polls, gifts, comments, profile bio.
• Commerce: gem purchases, gift history, payout requests, refund and chargeback records.
• Device & technical: IP address, device model, OS, app version, crash logs, performance metrics, advertising/device identifiers where permitted.
• Usage: pages viewed, streams watched, interactions, follows, search queries, session duration.
• Communications: support tickets, reports of violations, emails you send us.

• Provide and operate live streaming, reels, chat, gifting, and recommendations.
• Process payments, gem balances, creator payouts, refunds, and chargebacks.
• Verify age, identity, and tax status of creators.
• Detect and prevent fraud, abuse, spam, and content-policy violations.
• Improve product quality, debug crashes, and run aggregated analytics.
• Send service messages and, with consent, marketing communications.
• Comply with legal obligations (tax, AML, sanctions, court orders).

We rely on: contract (to provide the service), legitimate interests (security, fraud prevention, product analytics), consent (marketing, optional cookies, sensitive features), and legal obligation (tax, KYC, law-enforcement requests).

KYVRO is not directed at children under 13 and we do not knowingly collect data from them. Users aged 13–17 ("Teens") may only use KYVRO with verifiable consent from a parent or legal guardian and with parental controls enabled.

For Teen accounts we apply additional protections by default: restricted discovery, disabled DMs from strangers, hidden location and contact data, blocked monetization, spending limits, and stricter content filters. Parents and guardians are responsible for supervising the Teen's use, reviewing their settings, and monitoring purchases made on devices they own.

To review, export, correct, or delete a Teen's data, or to revoke consent, contact guardians@kyvro.app. We honor verified guardian requests within 7 days.

If we learn that we have collected personal data from a child under 13 without required consent, we will delete it promptly.

We share personal data only with:

• Service providers acting on our behalf — cloud hosting, video/audio streaming infrastructure (e.g. LiveKit), payment processors and app stores (Stripe, Apple, Google, RevenueCat), authentication (Supabase), email/SMS delivery, analytics and crash reporting, KYC/identity providers.
• Other users, for content you publish or interactions you initiate (your username, public profile, streams, comments, public gift history).
• Law enforcement and regulators, when legally compelled or where we believe in good faith that disclosure is necessary to prevent imminent harm, fraud, or violation of these Policies.
• Corporate transactions, in connection with a merger, acquisition, or sale of assets, subject to equivalent privacy protections.

We never sell personal data, and we never share it for cross-context behavioral advertising.

Personal data may be processed in countries other than where you live, including the United States and the European Union. Where required, we use Standard Contractual Clauses, UK IDTA addenda, or equivalent safeguards.

We keep account data for the life of your account and for up to 24 months after closure to handle disputes, fraud, and legal obligations. Financial and tax records are retained for up to 10 years where required by law. Public content you delete is removed from feeds immediately and from backups within 90 days.

Subject to local law, you can:

• Access, correct, or export your data from Settings → Account → Data.
• Delete your account and associated content from Settings → Account → Delete.
• Object to or restrict certain processing, including marketing.
• Withdraw consent for optional features without affecting prior processing.
• Lodge a complaint with your local data-protection authority.
• Exercise CCPA/CPRA rights (right to know, delete, correct, limit). KYVRO does not sell or share personal information as those terms are defined under California law.

To exercise rights manually, write to privacy@kyvro.app. We respond within 30 days.

We use encryption in transit (TLS) and at rest, role-based access control, row-level security on our database, audit logging, and regular third-party penetration tests. No system is perfectly secure; report vulnerabilities to security@kyvro.app.

We use strictly-necessary cookies/local storage for authentication and security, and optional cookies for analytics and preferences. You can manage non-essential cookies from the in-app cookie banner or your browser settings.

We will notify material changes by email or in-app at least 14 days before they take effect. The "Last updated" date above always reflects the current version.

• Privacy: privacy@kyvro.app
• Security: security@kyvro.app
• Child safety: childsafety@kyvro.app
• Parents & guardians: guardians@kyvro.app