We use cookies to ensure you get the best experience on our website.

GOT IT
Get started

Privacy Policy

Last updated: June 11, 2025

1. Information We Collect

1.1 Information You Provide Directly

When you create an account and use Kilova, we collect the following information:

  • Account Information: Your name and email address
  • Menstrual Cycle Data: Period length, duration, and dates to provide cycle tracking and syncing functionality
  • Tasks and Events: Personal productivity data including tasks, events, and calendar entries you create within the app
  • Payment Information: If you subscribe to premium features, payment details are processed through Stripe (we do not store your payment card information directly)

1.2 Information We Collect Automatically

When you use Kilova, we may automatically collect:

  • Technical Information: Basic device and browser information necessary for the app to function properly
  • Usage Data: Information about how you interact with our service to improve functionality

1.3 Information from Third-Party Services

If you choose to connect third-party services:

  • Google Account: If you sign in with Google, we receive your basic profile information (name, email)
  • Google Calendar: If you integrate Google Calendar, we access your calendar data to sync with your cycle and productivity tracking

2. How We Use Your Information

We use your personal information for the following purposes:

2.1 Service Provision

  • To provide and maintain the Kilova cycle syncing and productivity features
  • To sync your menstrual cycle data with your tasks and calendar
  • To enable Google Calendar integration when requested
  • To process payments for premium subscriptions
  • To provide customer support and respond to your inquiries

2.2 Service Improvement

  • To analyze usage patterns and improve our service
  • To develop new features and functionality
  • To ensure technical functionality and identify issues

2.3 Communication

  • To send important service-related notifications
  • To send marketing communications (with your consent)
  • To provide updates about new features or changes to our service
  • To comply with applicable laws and regulations
  • To protect our rights and prevent fraud or abuse
  • To respond to legal requests and enforce our terms of service

If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on the following legal grounds:

  • Contract: Processing necessary to provide the Kilova service you’ve requested
  • Consent: For marketing communications and optional features like Google Calendar integration
  • Legitimate Interest: For service improvement, security, and fraud prevention

4. How We Share Your Information

4.1 Third-Party Service Providers

We share your information with trusted third-party providers who help us operate our service:

  • Supabase: Database and backend services (data stored in US-West region with SOC 2 Type 2 compliance)
  • Stripe: Payment processing for premium subscriptions
  • Google: Authentication services and calendar integration (when you choose to connect)

We may disclose your information if required by law, legal process, or to protect the rights, property, or safety of Kilova, our users, or the public.

4.3 What We Don’t Do

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5. International Data Transfers

Kilova is operated from Spain, but our service providers may process your data in other countries, including the United States. When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place:

  • Our database provider Supabase maintains SOC 2 Type 2 compliance and provides appropriate security measures
  • We rely on adequacy decisions, standard contractual clauses, or other approved transfer mechanisms
  • All data transfers comply with applicable data protection laws

6. Data Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures:

  • Encryption: All data is encrypted at rest (AES-256) and in transit (TLS)
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Regular Audits: Our service providers undergo regular security audits and compliance assessments
  • Secure Infrastructure: We use enterprise-grade cloud infrastructure with robust security measures However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

  • Active Accounts: We retain your data while your account remains active
  • Inactive Accounts: We may retain data for inactive accounts to allow you to reactivate your service
  • Deleted Accounts: When you delete your account, we will delete your personal data within 30 days, except where retention is required by law
  • Legal Requirements: Some data may be retained longer to comply with legal obligations

8. Your Rights and Choices

8.1 Account Management

You can access and manage your personal information through your Kilova account:

  • View and edit your profile information
  • Update your menstrual cycle data
  • Modify your tasks and events
  • Delete your account and all associated data

8.2 GDPR Rights (EEA, UK, Switzerland Users)

If you are located in the EEA, UK, or Switzerland, you have additional rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we process your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw consent for processing based on consent

8.3 Marketing Communications

You can opt out of marketing communications at any time by:

  • Using the unsubscribe link in our emails
  • Updating your preferences in your account settings
  • Contacting us directly

9. Children’s Privacy

While Kilova does not have specific age restrictions, we are committed to protecting the privacy of minors. If you are under 18, please ensure you have parental consent before using our service. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes:

  • We will notify you by email or through our service
  • We will update the “Last Updated” date at the top of this policy
  • Continued use of our service after changes constitutes acceptance of the updated policy

Our service may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party services. We encourage you to read the privacy policies of any third-party services you use.

12. Data Protection Officer and Supervisory Authority

For users in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with applicable data protection laws.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: hello@palomachiara.com We will respond to your inquiries within 30 days (or sooner as required by applicable law).
  • Note: This Privacy Policy is effective as of the date listed above. By continuing to use Kilova after any changes to this policy, you acknowledge that you have read and agree to the updated terms.