Kdence — Privacy Policy

Effective date: 14 July 2026

Data controller: George Zoiade, Romania. Contact for privacy matters: privacy@k-dence.app


1. In plain language

Kdence helps you plan and track personal tasks, goals, focus time, and weekly reflections. To make the app work — and to improve it over time — we collect a small amount of information about how you use it. Here's the short version:

This document explains the details.


2. Who runs Kdence

Kdence is developed and operated as a solo project by:

George Zoiade Romania

Contact for anything privacy-related: privacy@k-dence.app

For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and Romanian Law 190/2018, I am the data controller for the personal data processed through Kdence.


3. What we collect and why

3.1 Data you enter yourself

When you use Kdence, you create tasks, goals, reflections, and focus sessions. This content lives on your device (in the app's local database). If you're signed in, it's also synced to our cloud database (Supabase) so it survives across devices and reinstalls.

We collect this because it's literally what the app is for. Without it, there's nothing to display.

Legal basis (GDPR Art. 6(1)(b)): performance of the service you asked for.

3.2 Account and profile data

During onboarding we ask a small set of profiling questions:

If you sign in with email or Google, we also collect:

We use this to personalize the app's suggestions (e.g. scheduling advice that matches your work hours) and to sign you in on other devices.

Legal basis (GDPR Art. 6(1)(b)): performance of the service.

3.3 Usage analytics (opt-in during onboarding for EU users, on by default elsewhere)

We record anonymous events about how you interact with the app: which screens you open, which buttons you tap, when you complete a task, when you finish a focus session, when a streak breaks. These events help us understand which features actually help people build habits — and which ones don't.

What the events contain: durable IDs (task ID, category ID), enums (priority, time segment), and numeric counts (elapsed minutes, streak length).

What they never contain: the text of your tasks, goals, or reflections. Payloads are restricted to structural data by design — free-form text never enters the analytics pipeline.

We use two systems to store this:

You can turn this off at any time in Settings → Privacy → "Share usage data". For users in the EU/EEA, the onboarding flow asks you to explicitly opt in; the default is off.

Legal basis (GDPR Art. 6(1)(a) or (f)): your consent (EU/EEA) or our legitimate interest in improving the product (elsewhere). If you turn it off, we stop collecting these events immediately.

3.4 Diagnostic data

If the app crashes or hits an unexpected error, Firebase Crashlytics records a report so we can find and fix the bug. Reports include the device model, OS version, and a stack trace — no personal content from your tasks or reflections.

Legal basis (GDPR Art. 6(1)(f)): legitimate interest in delivering a working app.

3.5 Data we don't collect

For clarity, here's what Kdence does not collect:


4. Who else sees your data

Kdence uses two third-party service providers to operate. Each processes data on our behalf under a written data-processing agreement.

Provider Purpose Where data is stored Their privacy policy
Supabase (Supabase Inc., USA / EU) Cloud database + authentication EU (Frankfurt region) supabase.com/privacy
Firebase / Google (Google LLC, USA) Crash reports + high-level analytics Global (Google-controlled) policies.google.com/privacy

We do not sell your data to anyone. We do not share your data with advertisers.

For transfers of data outside the EU/EEA (Firebase), the transfers rely on the European Commission's Standard Contractual Clauses (SCCs) or equivalent GDPR-approved mechanisms.


5. How long we keep your data

You can trigger immediate deletion at any time — see Section 7.


6. Where your data is stored


7. Your rights

Under GDPR and Romanian Law 190/2018, you have the following rights over your personal data. You can exercise any of them by emailing privacy@k-dence.app. We respond within 30 days (extendable by 60 more days if the request is complex, with prior notice).

Requests are free of charge. If a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse — but this is rare and we'll explain the reason.

More detail: the GDPR Addendum sets out the legal basis for each category of processing and the precise mechanism for exercising each right. For EU/EEA users, it is the authoritative source wherever it and this policy differ.


8. What happens when you delete your account

When you tap Settings → Danger Zone → Delete Account:

  1. All your tasks, goals, focus sessions, reflections, categories, and profile data are permanently deleted from the local device and from our Supabase database. This is immediate and irreversible.
  2. Your analytics event history is purged from our Supabase user_engagement_events table.
  3. Your Firebase Analytics record is anonymized (Google's data-retention controls handle the final deletion within 60 days).
  4. Your authentication record is retained for 30 days for fraud-prevention purposes, then permanently deleted.
  5. You'll be signed out on all devices.

If you'd rather delete a specific piece of data (a single task, goal, etc.) without deleting your whole account, use the in-app delete on that item.


9. Children

Kdence is not intended for children under 16. This is aligned with Romanian Law 190/2018 Art. 8, which sets the digital-consent age at 16.

By using Kdence, you confirm you are at least 16 years old, or that you have permission from a parent or legal guardian.

If you're a parent or guardian and you believe your child under 16 has provided us data, please email privacy@k-dence.app and we will delete it.


10. Cookies and tracking technologies

The Kdence mobile app does not use cookies.

Our public marketing website (k-dence.app), if any, may use minimal privacy-friendly analytics (e.g. server-side counts). Any cookies used there will be disclosed in a separate cookie notice on the site itself.

We do not use tracking pixels, ad networks, or cross-app tracking identifiers.


11. Security

We take reasonable technical and organizational measures to protect your data:

No system is perfectly secure. In the event of a data breach affecting your personal data, we will notify you and the Romanian data-protection authority (ANSPDCP) within 72 hours of discovery, as required by GDPR.


12. Changes to this policy

We may update this policy from time to time — for example, when we add new features or change service providers. Material changes will be communicated in-app before they take effect. Non-material updates (typos, clarifications) will be published to this page with an updated "Effective date" at the top.

Older versions of this policy are archived in the app's public repository.


13. Contact

For anything privacy-related — questions, requests, complaints — email:

privacy@k-dence.app

Response time: within 30 days of your request.

If you're not satisfied with our response, you can lodge a complaint with:

ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal) dataprotection.ro B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania

Or your local EU/EEA data-protection authority if you're outside Romania.