Kiroku

Privacy Policy for Kiroku

Last Updated: June 10, 2026

This Privacy Policy ("Policy") applies to the Kiroku mobile application ("Kiroku" or the "App"). The operator of Kiroku, identified in the Contact Us section below, is the data controller for the purposes of the General Data Protection Regulation ("GDPR"). This Policy describes how we collect, use, process, and disclose your personal data.

Kiroku is a tool for tracking and reflecting on your own alcohol consumption. We process your data to provide that awareness and harm-reduction functionality. We never use your data to encourage you to drink.

This website (kiroku.cz) does not use cookies, analytics, or other tracking technologies. The only identifiers we process are those used inside the mobile App and described in this Policy.

1. Information We Collect

a. Account and authentication data

b. Profile data

c. Drinking session data (sensitive)

When you log a drinking session, we process the information you enter, which may include:

This information relates to your alcohol consumption and is the most sensitive data the App handles. We treat it accordingly. See Legal Bases for Processing for how we rely on your consent to process this category of data.

d. Location data (optional, opt-in)

The App can optionally tag each drink you record during a live session with your precise GPS location, so you can later see where a session took place.

e. Friends and social connections

f. App preferences and usage data

g. Subscription and purchase data

If you purchase a Kiroku Supporter subscription, we process limited purchase data through RevenueCat. This is described in Payments and Subscription Management.

h. Device identifiers and push notifications

i. Crash and performance diagnostics

2. How We Use Your Data

Your data is used for the following purposes:

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects for you (Art. 22 GDPR).

4. Payments and Subscription Management

If you purchase a subscription inside the App, payment is processed by Apple (App Store) or Google (Google Play). We do not receive your payment card details. We use RevenueCat, Inc. ("RevenueCat") as a service provider to manage subscription entitlements and to receive purchase events from the stores.

In this context the following data is processed:

This data is used to grant and revoke subscription entitlements, prevent fraud, and provide customer support. For details on RevenueCat's processing, see RevenueCat's privacy policy at revenuecat.com/privacy.

5. Third-Party Service Providers

We rely on the following processors and sub-processors, who process personal data on our behalf under appropriate agreements:

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with:

7. Your Rights

Under the GDPR, you have several rights regarding your personal data:

To exercise any of these rights, contact us using the details in the Contact Us section.

8. Data Retention

We retain different categories of data for different periods:

Residual copies may remain in encrypted backups for a limited period after deletion before being overwritten.

9. Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, use, or disclosure.

If a personal data breach occurs, we will handle it in accordance with Articles 33 and 34 GDPR — notifying the Czech supervisory authority (ÚOOÚ) within 72 hours where required, and informing you without undue delay if the breach is likely to result in a high risk to your rights and freedoms.

10. Children's Privacy

Our App is not intended for individuals under 18 years old. We do not knowingly collect or solicit data from children under 18.

11. International Data Transfers

Some of our service providers may process your personal data outside the European Economic Area. Google LLC and RevenueCat, Inc. may process data in the United States; both are certified under the EU-U.S. Data Privacy Framework, and we rely on that adequacy decision and, as a fallback, on the European Commission's Standard Contractual Clauses. Pusher Ltd processes data on servers in the EU but is established in the United Kingdom, which is covered by a European Commission adequacy decision.

12. Changes to This Policy

We may update our Privacy Policy from time to time. We will post the updated Policy on this page and update the "Last Updated" date. If the changes are material — for example, if we start processing new categories of data or processing data for new purposes — we will also notify you in the App reasonably in advance of the changes taking effect.

13. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

Operator: Petr Čala, Všemina 251, 763 15 Všemina
Business ID (IČO): 08000131
Not a VAT payer.