KickMint Privacy Policy

Effective April 9, 2026 · Last updated May 13, 2026 · Version 1.7

What we collect: nothing

KickMint V1.0 keeps everything on your device. No account, no analytics, no ads, no sync. Your tasks, voice transcripts, AI prompts, AI outputs, cycle data, sleep data, medication timing, profile answers, and completion notes never leave your phone.

The only thing that crosses our network is an optional one-time download of the on-device AI model from models.kick-mint.com on first launch. After that download finishes, the app is fully offline. We do not sell data. We do not profile you. We have no advertising business.

iCloud Backup of your task data (when enabled in iOS Settings) is encrypted by Apple and gated on your Apple ID. KickMint never sees those bytes either.

This is enforced in code, not just policy. iosApp/Sources/App/PrivacyInfo.xcprivacy declares NSPrivacyTracking=false and an empty NSPrivacyCollectedDataTypes, matching the App Store Connect "No, we do not collect data from this app" answer. The sync subsystem ships dormant in the binary (no UI entry point, no automatic startup) and will activate in V1.1 when a pairing UI ships.

1. Who we are

KickMint is an iOS productivity app for adults with ADHD and similar executive-function differences, distributed worldwide via the Apple App Store and described at kick-mint.com.

In this policy, "we", "us", and "our" refer to:

• Controller / publisher: Povilas Konopackas, operating as an individual-activity practitioner (Individualios veiklos pažymėjimas) under Certificate No. 1503311, Republic of Lithuania.
• Registered address: Akacijų g. 14-2, Raudondvario k., LT-14258, Lietuva (Lithuania).
• Contact for privacy matters: [email protected]
• Contact for legal notices: [email protected]
• EU/EEA representative (Article 27 GDPR): Not required. The controller is established in the European Union (Republic of Lithuania), so the Article 27 representative-appointment requirement does not apply under GDPR Article 3(1).
• UK representative (UK GDPR Art. 27): Not appointed. We rely on the exemption in UK GDPR Article 27(2): our processing of UK residents' data is occasional, is not of a large scale, does not include special categories of data under Article 9 or criminal-offence data under Article 10, and is unlikely to result in a risk to the rights and freedoms of natural persons given that the only data reaching our servers is pseudonymous identifiers and ciphertext we cannot decrypt.
• Data Protection Officer: Not appointed. We are not subject to the mandatory DPO requirement under GDPR Article 37(1) because (a) we are not a public authority, (b) our core activity does not require regular and systematic monitoring of data subjects on a large scale, and (c) our core activity does not involve large-scale processing of special categories of data under Article 9.
• Lead supervisory authority: Valstybinė duomenų apsaugos inspekcija (State Data Protection Inspectorate of the Republic of Lithuania), L. Sapiegos g. 17, LT-10312 Vilnius, Lithuania. Website: https://vdai.lrv.lt. You may lodge a complaint with VDAI under GDPR Article 77.

2. Plain-language data summary

Statutory basis for this disclosure format: California Civil Code section 1798.100(a) requires a business to inform consumers of the categories of personal information collected at or before collection. Our answer to all enumerated CCPA categories is "not collected", so we list each category to make that affirmative claim verifiable. GDPR Article 13(1)(c) requires the purpose and lawful basis for each processing activity; where we do not collect data we have no Article 13 obligation for that category, but we list it for transparency.

3. The on-device AI

KickMint includes a Qwen 2.5 1.5B large language model in GGUF format, executed locally on your iPhone using llama.cpp. This model is downloaded from a Cloudflare R2 bucket on first launch (a one-time download of roughly 1 GB) and runs entirely on your device thereafter.

What this means in practice:

• Every AI feature (task breakdown, suggestion ranking, capture parsing) runs on your phone with no network call to us during inference.
• Your prompts, the model's intermediate state, and the model's outputs are never transmitted to any server we control.
• AI telemetry (latency, token counts, fallback rate) is stored in a local table named ai_telemetry, which is in SyncManager.nonSyncableTables and therefore never included in sync payloads.
• The model file itself is downloaded over HTTPS without authentication. Cloudflare's standard server logs may record the IP that requests the file. Those logs are operated by Cloudflare under their own privacy terms and are used for abuse prevention and content delivery, not user profiling.

If we ever change inference to a hybrid or cloud model, we will update this policy, notify users in-app at least 30 days before the change, and require explicit opt-in for any cloud inference.

4. Voice capture (on-device only)

When you use voice capture, KickMint uses Apple's SFSpeechRecognizer with the requiresOnDeviceRecognition = true flag set unconditionally. This forces speech recognition to run entirely on your iPhone using the on-device dictation model.

If your device or locale does not support on-device dictation (older hardware, an iOS version below 17, or a locale without an installed model), voice capture is disabled at the surface and the microphone button is hidden. We never fall back to Apple's cloud speech-recognition servers, even when the on-device path is unavailable. Audio never leaves your device. Raw audio is never written to disk.

The transcribed text becomes the task title or completion note you see on screen, identical to text you would have typed yourself.

5. Completion notes

You can attach an optional freeform note to any task when you finish it (typed or dictated). Notes are stored on-device in your task database and are visible in the Done segment of the task list and in the task detail sheet.

Notes are included in iCloud Backup with the rest of the main task DB when you have iCloud Backup enabled in iOS Settings, and in iTunes / Finder local backups if you make those. Apple's backup encryption protects them in transit and at rest. KickMint never reads completion notes (the app's logging discipline forbids interpolation of the field anywhere in the binary). If you write health, financial, or relationship details, treat the note like any other note on your phone.

You can erase any individual note at any time from the task detail sheet (Note section > Edit > Erase note). You can erase all task data by uninstalling KickMint.

6. iCloud Backup (cross-device continuity)

Your main task database (tasks, focus sessions, preferences, profile answers, body check-ins, journal entries, completion notes) is included in your iPhone's standard iCloud Backup if you have iCloud Backup enabled in iOS Settings. This is the path that lets "I got a new iPhone, restore from backup, all my tasks are there" actually work.

The backup is encrypted in transit and at rest with keys Apple manages on your behalf and gated on your Apple ID password plus two-factor authentication. KickMint never sees those bytes. If you opt into Apple's Advanced Data Protection, the backup is end-to-end encrypted with a key only you hold, so not even Apple can read it.

You can disable iCloud Backup for KickMint specifically in iOS Settings > [your name] > iCloud > iCloud Backup > Apps Backing Up to iCloud, and your data will then live only on the device.

The two analytics-only tables (ai_telemetry, onboarding_events) stay excluded from iCloud Backup regardless of your global setting. They contain only structural performance counters, never user content, and have no portability value to you.

7. Sync between your own devices (V1.2.0+: opt-in, end-to-end encrypted, Pro feature)

Starting with V1.2.0, KickMint Pro users can pair two or more of their own devices to keep tasks in sync. The feature is off by default, requires a Pro subscription (or one-time Lifetime purchase), and is initiated by the user from Settings > Sync. KickMint uses end-to-end encryption: every task, session, and preference payload that leaves your device is encrypted with AES-256-GCM under a 32-byte symmetric "group key" that is generated on your first paired device and transferred to additional devices only via a one-shot, 5-minute-expiring QR code displayed on-screen and scanned through the second device's camera. The group key is stored in the iOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly and kSecAttrSynchronizable = false, so it never leaves your devices through iCloud Keychain or any other path.

KickMint's sync server (sync.kick-mint.com, hosted on Cloudflare Workers + D1) sees only ciphertext for every task, session, and preference payload. It can never read your task titles, notes, completion times, energy levels, or any other content. Each request is signed by an Ed25519 device key that is also Keychain-bound and non-syncable.

Limited server-visible metadata. When (and only when) you have actively paired at least one device, the sync server sees: a pseudonymous sync_group_id (random UUID, generated on first device), per-device device_id (random UUID), the device_name you type when pairing (default "iPhone" / "iPad", server-visible plaintext), and standard HTTP request timing plus source IP retained 7 days for abuse rate-limit only. None of these are linked to your Apple ID, email, name, or any external identifier.

Recipients. Cloudflare, Inc. (CDN + edge compute, GDPR-compliant standard contractual clauses, no decryption capability) is the sole third party.

Retention. Encrypted operation payloads are kept on the server for 90 days to allow newly-paired or recently-offline devices to catch up; after 90 days the worker auto-deletes them. Tombstones (records that an item was deleted) ride along with the same window. Server-side request logs (timing, source IP) are kept 7 days for abuse rate-limit only and never linked to your sync content.

Opt-out. Open Settings > Sync > Paired Devices, tap any device row, choose "Remove device" (revokes that device's signing key server-side and broadcasts a revocation event to remaining devices). Tap "Unpair this device" at the bottom to remove the current device from the group, zero its Keychain group key, and stop emitting any sync traffic. Your local task data is preserved either way.

Lawful basis (GDPR Art. 6(1)(a)). The QR scan is your affirmative opt-in action.

Free-tier vs Pro. Pairing is a Pro feature (subscription or Lifetime). Free-tier users see a paywall in place of the pairing UI; their app emits zero sync traffic.

If you do not enable sync, the app emits no traffic to sync.kick-mint.com at all. The standard iOS path for moving your data between devices remains iCloud Backup (see section 6).

7a. Optional iOS integrations added in V1.1.x (HealthKit, Calendar, Motion, Location)

Versions 1.1.4 through 1.1.5 added four optional iOS-system integrations that surface useful context inside KickMint. Each one is off by default, requires the standard iOS system permission prompt, and processes data entirely on your device. None of these integrations transmit any data to KickMint servers or any third party. They can each be revoked at any time from iOS Settings > Privacy & Security.

• Apple Health (Sleep Analysis + Menstrual Flow), V1.0+. Read-only on-demand reads, never persisted in the app's database, never transmitted. Sleep informs adaptive step pacing; cycle data informs the optional cycle-rhythm pill on the Today tab. GDPR Art. 9(2)(a) explicit-consent basis.
• Calendar (EventKit), V1.1.5. Reads only event start and end times (never titles, never attendees) to power the Waiting Mode Relief feature, which surfaces "you have a 17-minute window before your next meeting" suggestions. Zero persistence, zero network egress. GDPR Art. 6(1)(a) explicit-consent basis.
• Motion (CMMotionActivityManager), V1.1.5. Activity-change triggers for if-then plans ("when I stop walking, drink water"). Activity samples are evaluated transiently and discarded; nothing is persisted. GDPR Art. 6(1)(a) explicit-consent basis.
• Location (CoreLocation, significant-location-change), V1.1.5. Powers "when I get home" / "when I leave work" task triggers against places you set up yourself in Settings. The trigger evaluator only learns whether the device crossed a user-tagged region's boundary; precise coordinates are never logged. GDPR Art. 6(1)(a) explicit-consent basis.

Apple Privacy Nutrition Label note: under Apple's framework, "collected" means data the developer receives. Because these four integrations never reach KickMint's servers, none of them flip the App Store label answer for V1.1.x. The V1.2.0 sync feature in section 7 above does flip the label (see section 9 for the V1.2.0 server-visible metadata that triggers this).

8. Lawful basis for processing (EU/UK GDPR)

Because KickMint V1.0 processes no personal data on our servers, the only relevant Article 6 bases are:

• Performance of a contract under GDPR Article 6(1)(b) for the on-device app itself: when you install KickMint, we provide the productivity features the app advertises, all running on your device.
• Legitimate interests under Article 6(1)(f) for the optional one-time AI model download: we need to deliver the model file and Cloudflare needs minimal connection metadata (your IP, TLS handshake) to serve the request. The legitimate interest is delivering the feature you opted into; the impact is the standard CDN footprint of any HTTPS download.
• Legal obligation under Article 6(1)(c) for retaining purchase records to the extent required by Lithuanian tax and accounting law, typically 10 years under the Lithuanian Accounting Law and the Law on Tax Administration. Apple, as merchant of record for App Store in-app purchases, holds the authoritative transaction records; we hold no separate copy.

We do not rely on consent under Article 6(1)(a) for the core app because no personal data is collected in V1.0. When sync ships in V1.1, this section will be updated to add the contract-performance basis for the sync feature itself.

9. Third-party processors

In V1.0, the only third party that receives any data related to your use of KickMint is Apple, and only in three contexts:

1. App Store distribution. Apple collects data about app downloads per their own privacy policies.
2. In-app purchases via StoreKit 2. Apple processes the payment transaction; KickMint receives only a transaction ID and receipt.
3. iCloud Backup of the main task database (if you have iCloud Backup enabled in iOS Settings). Apple stores the encrypted backup snapshot on your behalf, gated on your Apple ID password and two-factor authentication. KickMint never sees those bytes.

Apple Inc.

• What they do for us: App Store distribution, StoreKit 2 in-app purchase processing, iCloud Backup of the main task DB when you have it enabled, push notifications via APNs (if you enable them), device-level crash and performance reports if you have opted in via iOS Settings.
• What data they receive directly from you: payment information, App Store account identifier, device telemetry, iCloud Backup contents per Apple's policies. We never see any of this.
• Apple's privacy policy: apple.com/legal/privacy
• App Store data and privacy: apple.com/legal/privacy/data/en/app-store

Cloudflare, Inc. (CDN for the AI model download; sync server for V1.2.0+ Pro tier)

• What they do for us: Hosts the on-device AI model file as a static download from models.kick-mint.com. From V1.2.0, also hosts the encrypted sync server at sync.kick-mint.com (Cloudflare Workers + D1 database) for Pro users who have actively paired devices. The sync server only ever sees AES-256-GCM ciphertext for task / session / preference content; KickMint's encryption keys never leave the user's paired devices.
• What data they process: for the model download, standard HTTPS metadata (your public IP, TLS handshake, User-Agent) for the single optional first-launch fetch. For the sync server (V1.2.0+, only when you have paired), the same HTTPS metadata plus the limited application-layer metadata enumerated in section 7: pseudonymous sync_group_id, per-device device_id, the device_name you typed, and HTTP timing logs retained 7 days for abuse rate-limit. The sync content itself is end-to-end encrypted ciphertext.
• Cloudflare's privacy policy: cloudflare.com/privacypolicy
• Cloudflare DPA (covering both the model CDN and the sync server activity): cloudflare.com/cloudflare-customer-dpa

We use no analytics SDK, no advertising SDK, no crash-reporting SDK other than Apple's built-in opt-in service, no attribution SDK, no fingerprinting library, no third-party tracking pixel, and no tag manager.

10. International data transfers

In V1.0, no personal data is transmitted outside your device. There are no international data transfers to disclose.

The optional AI model download from models.kick-mint.com may be served from Cloudflare edge nodes worldwide, including US points of presence. The request carries only standard HTTPS connection metadata (IP, TLS handshake) and no application payload, so the transfer is not personal-data-intensive in the GDPR sense.

If V1.1 sync activates, this section will be updated with EU-US SCCs, UK Addendum, and Swiss-US framework references.

11. Your rights

All users

• Delete the app to delete the data. Because all data is on your device, uninstalling KickMint deletes it. iCloud Backup snapshots are then aged out by Apple per your iCloud Backup settings.
• Export. Me tab > Privacy & Data > Export my data creates a JSON file you can save anywhere.
• Erase a single completion note. Tap the completed task in the Done segment > Edit > Erase note. Confirms before deleting.
• Wipe onboarding answers / analytics. Me tab > Settings > Privacy > Delete my onboarding answers / Delete my analytics history.
• Disable iCloud Backup for KickMint. iOS Settings > [your name] > iCloud > iCloud Backup > Apps Backing Up to iCloud > toggle KickMint off.

EU/EEA, UK, and other GDPR-style users

Under GDPR Articles 15-22 and equivalent UK provisions, you have the rights of access, rectification, erasure, restriction, portability, and objection.

• Right of access (Art. 15): because all data is stored on your device in V1.0, you can view it directly within the app, or use the built-in data export to receive a JSON copy. We hold nothing on our servers that is associable with your account.
• Right to rectification (Art. 16): you can correct or update any data in the app at any time, tasks, preferences, and settings are all editable directly.
• Right to erasure (Art. 17, "right to be forgotten"): the in-app deletion controls listed above plus uninstall together cover the full erasure surface that we control. If you have iCloud Backup enabled, the most recent backup snapshot may still contain a copy until iOS overwrites it. Apple controls iCloud Backup retention; you can wipe the snapshot via iOS Settings > Apple ID > iCloud > Manage Storage.
• Right to portability (Art. 20): the in-app Export creates a JSON file containing your tasks, focus sessions, and preferences.
• Right to restriction (Art. 18) and objection (Art. 21): because processing happens exclusively on your device, you control processing directly, you can pause, limit, or stop using any feature at any time.
• Right to lodge a complaint (Art. 77): you may complain to any supervisory authority. Our lead supervisory authority is the State Data Protection Inspectorate of the Republic of Lithuania (VDAI), vdai.lrv.lt. You may also complain to your own national authority, for example the UK ICO at ico.org.uk, the Irish DPC at dataprotection.ie, or any other EU/EEA national authority.

California users (CCPA / CPRA)

Under California Civil Code section 1798.100 et seq., you have the rights of access, deletion, correction, opt-out of sale or sharing for cross-context behavioral advertising, and limit on use of sensitive personal information.

• Right to know (1798.110, 1798.115): ask [email protected]. In V1.0 we hold no personal information on our servers. We have no source from which we sold or shared personal information because we do not sell or share.
• Right to delete (1798.105): see the in-app deletion controls and uninstall path above.
• Right to opt out of sale or sharing (1798.120): N/A. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined in 1798.140.
• Right to limit use of sensitive personal information (1798.121): N/A. We do not collect sensitive personal information as defined in 1798.140(ae). All cycle, health, sleep, and medication data stays on your device.
• No discrimination (1798.125): we do not discriminate against you for exercising any of these rights. Pricing and features do not depend on whether you exercise rights.
• Authorized agent requests: you may designate an agent under California Code of Regulations Title 11 section 7063 by emailing [email protected] with written authorization signed by you.

We are required to disclose retention periods (1798.100(a)(3)). Because V1.0 collects nothing on our servers, the only retention period that applies is your device's local storage, which lasts until you delete it or uninstall the app.

Brazil users (LGPD)

Under Lei nº 13.709/2018, particularly Article 18, you have the rights of confirmation of processing, access, correction, anonymization, portability, deletion, information about sharing, and revocation of consent. Use the same email mechanism as above. ANPD complaints: gov.br/anpd.

Canada users (PIPEDA)

PIPEDA Principle 9 (Individual Access) and Principle 8 (Openness) apply. Contact [email protected]. The Office of the Privacy Commissioner of Canada accepts complaints at priv.gc.ca.

Australia users (Privacy Act 1988)

Australian Privacy Principles 5, 6, 12, and 13 apply to the extent they are applicable to us. We currently operate below the small-business turnover threshold of AUD 3 million under Privacy Act section 6D and therefore rely on the small-business exemption. We nevertheless follow the Australian Privacy Principles as a voluntary matter of practice given we collect almost nothing. Contact [email protected]. The Office of the Australian Information Commissioner accepts complaints at oaic.gov.au.

12. Security

• Local data: stored in the iOS app sandbox using SQLite, automatically protected by iOS Data Protection (NSFileProtectionCompleteUntilFirstUserAuthentication), encrypted at rest with a key derived from your device passcode.
• Cryptographic keys: KickMint V1.0 stores no Keychain material at runtime. The sync subsystem (which would store a device UUID, signing key, AES-256-GCM encryption key, and sync group credentials in the Keychain) is dormant and not invoked by any V1.0 code path. V1.1 will activate this material on first pairing.
• SQLCipher database-level encryption: architecturally implemented and planned to activate in V1.1. In V1.0, iOS file-level Data Protection provides equivalent security for the device-unlock threat model.
• No network transmission of personal data: the strongest guarantee is that your task content never travels over a network in V1.0, eliminating a broad class of interception risks.
• No third-party SDKs with data access: no third-party code in the app has access to your task data.
• Breach notification: if we discover a breach involving personal data, we will notify the Lithuanian State Data Protection Inspectorate (VDAI) within 72 hours of becoming aware where required by GDPR Article 33, notify affected users without undue delay where required by GDPR Article 34, and meet the corresponding windows under CCPA, LGPD, PIPEDA, and Australia's Notifiable Data Breaches scheme.

13. Retention

14. Children's privacy

KickMint is rated 13+ on the App Store and built for adult users. We do not direct the app at children under 13 (United States COPPA, 15 U.S.C. sections 6501-6506) and we do not knowingly collect data from children under 13. Because KickMint requires no account creation and stores all data locally on the user's own device, it does not collect personal information through any mechanism we control.

If you are a parent or guardian and you believe a child under 13 has used KickMint, contact [email protected].

15. Changes to this policy

If we make material changes, we will:

1. Update the "Last updated" date at the top.
2. Notify users inside the app the next time they open it after the change.
3. For changes that broaden processing (which we do not anticipate), we will give 30 days' advance notice and, where required, request fresh consent.

16. Contact

• Privacy questions, rights requests, or breach reports: [email protected]
• Legal notices: [email protected]
• Postal address: Povilas Konopackas, Akacijų g. 14-2, Raudondvario k., LT-14258, Lietuva (Lithuania).

If you do not receive a response within 30 days, you may escalate to your data protection authority. See section 8 for the relevant authority in your jurisdiction.