This document is Kael's official Privacy Policy. It also includes two companion sections that make the same facts easier to scan:
For any questions or to exercise your rights, email admin@trykael.com.
This Privacy Policy explains what information Kael ("we", "us", "the app") collects when you use the Kael applications on iPhone and Mac, why we collect it, how we use it, and the choices you have. By installing or using Kael you agree to this policy.
Short version. Kael is a focus tool. We collect the minimum information needed to run your account, show you your own focus stats, and keep our AI reason-judge service online. We do not sell your data. We do not read your browsing history. The list of apps or sites you choose to block never leaves your device.
If you connect a Google account (optional, Kael Pro): Kael reads your Google Calendar events to time blocking around classes and meetings, and — for Kael Pro subscribers — reads the subjects + snippets onlyof emails from the last 24 hours every 30 minutes to surface events and deadlines you haven't added yet. Email bodies, attachments, contacts, and threads are never read. Email content is sent transiently to Anthropic's Claude API for parsing and is never stored on our servers.
Kael is operated by Kael (the "Controller"). You can reach us about this policy at admin@trykael.com.
claude-judge in extract-emails mode) to detect events and deadlines occurring in the next 24 hours, which surface as one-tap "Suggested Tasks". The email content is not stored on our servers; Anthropic retains logs for up to 30 days per their commercial API terms.Under GDPR terminology, we rely on the following lawful bases:
| Purpose | Data | Basis |
|---|---|---|
| Creating and maintaining your account | email, user ID | Contract — you asked to use the app |
| Showing you your own focus stats | intercept events | Contract |
| Running the AI reason-judge when you unblock | reason text (ephemeral) | Contract |
| Keeping the judge service secure (rate limits) | user ID, IP address | Legitimate interest |
| Reading Google Calendar events to time blocking | calendar event titles + times | Consent (you connect the account) |
| (Pro) Reading recent Gmail subjects + snippets to suggest tasks | subject, sender, snippet, received timestamp | Consent (you connect the account + opt into Pro) |
| Leaderboard participation | display name + stats | Consent (opt-in toggle) |
| Crash diagnostics, legal compliance | minimal | Legal obligation / legitimate interest |
When you submit a reason to unblock something, the text is forwarded to Anthropic's Claude API via our Supabase Edge Function claude-judge. The reason, the destination name, and today's task list (if any) are the only fields sent. We do not attach your email or user ID to that upstream request. Anthropic processes the text to generate a decision and does not use it to train their models under Anthropic's commercial API terms.
When Kael auto-classifies your calendar events (Pro), the event title and start/end timestamps from each entry are sent to Anthropic via the same edge function (categorize mode) to split them into "event" vs "deadline" buckets. No other fields from your calendar are sent.
If you are on Kael Pro and have connected a Google account, every 30 minutes while the app is in use Kael sends the subject, sender, snippet, and received timestamp of inbox messages from the last 24 hours to the same Supabase Edge Function (claude-judgein extract-emails mode). Anthropic's Claude reads only those fields and returns a list of events/deadlines occurring within the next 24 hours. Email bodies, attachments, contacts, and threads are not sent. Anthropic does not use this content to train their models under their commercial API terms; Anthropic retains API logs for up to 30 days. The extracted suggestions are stored only on your device; nothing about your email content is written to our servers.
| Data | Retained |
|---|---|
| Account (email, user ID) | Until you delete your account |
| Intercept events | Until you delete your account |
| Leaderboard stats | Until you delete your account or disable leaderboard opt-in |
| Written reasons (upstream AI) | Not stored by us; Anthropic retains logs for up to 30 days per their policy |
| Google OAuth tokens (calendar + gmail) | On your device only; until you disconnect the account or sign out |
| Calendar event titles + times | On your device only; refreshed on every sync |
| Gmail subjects + snippets | Not stored by us; sent transiently to Anthropic per scan; Anthropic retains logs ≤ 30 days |
| Extracted email-derived task suggestions | On your device only; until you accept or dismiss the suggestion (7-day TTL on dismissals) |
| Rate-limit metadata (IP, timestamp) | Ephemeral — held in memory only for the duration of the rate-limit window, never written to disk |
We share data only with these service providers, solely to run the app:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase, Inc. | Database + Auth + Edge Functions | US |
| Anthropic, PBC | AI reason judgment, calendar categorization, email task extraction | US |
| Apple, Inc. | Sign In with Apple, App Store, APNs | US / EU |
| Google LLC | Sign In with Google (OAuth); Google Calendar API; Gmail API (Kael Pro, optional, metadata + snippet only) | US |
We do not sell your personal information. We do not share it with advertisers. Disclosure to law enforcement is limited to valid legal process.
Kael's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Gmail and Calendar data are used only to provide and improve the in-app calendar-sync and task-suggestion features, are never sold, never used for advertising, and never transferred to others except as needed to provide those features (our AI sub-processor), for security, or to comply with law.
Depending on where you live, you have the right to:
To exercise any right, email admin@trykael.com. We reply within 30 days. Account deletion is also self-serve in Settings → Account → Delete account.
Categories we collect: Identifiers (email, user ID), Internet or other network activity (intercept events), Inferences (focus stats). We do not sell or share personal information for cross-context behavioural advertising. California residents have the rights listed in §1.6.
Controller: Kael. Data transferred to US sub-processors under Standard Contractual Clauses. Contact us at admin@trykael.com for any GDPR-related requests.
Kael is not directed at children under 13. We do not knowingly collect data from users under 13. If you believe a child has signed up, email us at admin@trykael.com and we will delete the account.
Despite reasonable safeguards, no system is 100% secure. We will notify affected users within 72 hours of confirming any breach that puts personal data at risk, as required by applicable law.
If we make material changes, we will notify you in-app and update the "Last updated" date above at least 14 days before changes take effect. Continued use after that date constitutes acceptance.
Privacy questions: admin@trykael.com
Audience: users who want to know exactly what Kael collects, where it goes, and how it lines up with common privacy regulations.
This section is a plain-English companion to the Privacy Policy (§1 above). The Privacy Policy is the authoritative legal document; this section exists to make the same facts easy to scan.
| Field | Where it lives | Collected from | Purpose | Retention |
|---|---|---|---|---|
| User ID (UUID) | Supabase auth.users, device | Auth provider | Primary key for your account | Until account deletion |
| Supabase auth.users | Sign In with Apple / Google | Account recovery, support | Until account deletion | |
| Display name | Supabase profiles.display_name | You | Leaderboard (opt-in) | Until account deletion |
| Leaderboard opt-in flag | Supabase profiles.leaderboard_opt_in | You | Controls whether your stats show in the public leaderboard | Until account deletion |
| Intercept event (site name, outcome, minutes, timestamp) | Supabase intercept_events | Generated by the app when you unblock | Personal insights | Until account deletion |
| Streak, total blocks, approval rate | Supabase leaderboard_stats | Aggregated from intercept events | Dashboard + leaderboard | Until account deletion |
| OAuth access + refresh token | Your device only (Keychain / UserDefaults) | Auth provider | Keep you signed in | Until sign-out |
| Blocked apps / sites | Your device only (Family Controls + App Group) | You | Local shielding | Local, never synced |
| Schedule / focus windows | Your device only | You | Local scheduling | Local, never synced |
| Reflection memory (past reasons) | Your device only | You | On-device heuristics | Local, never synced |
| Reason text (when unblocking) | Sent to claude-judge → Anthropic, not stored server-side | You | AI decision | Anthropic retains ≤ 30 days |
| Google OAuth tokens | Device only (Keychain / UserDefaults) | Google OAuth | Calendar + (Pro) Gmail access | Until disconnect |
| Calendar event titles + times | Device only | Google Calendar API | Time blocking, mode evaluation, suggested tasks | Refreshed each sync |
| Calendar event titles + times (during sync) | Sent to claude-judge → Anthropic, not stored server-side | You / Google Calendar | Auto-classify as event vs deadline (Pro) | Anthropic retains ≤ 30 days |
| Gmail subjects + snippets + sender + received-at | Sent to claude-judge → Anthropic, not stored server-side | Gmail API (your inbox, last 24h) | Extract next-24h tasks (Pro) | Anthropic retains ≤ 30 days |
| Email-derived task suggestions | Device only (in-memory + UserDefaults dismiss cache) | extract-emails result | "Suggested Tasks" UI | Until accepted / dismissed (7-day TTL on dismissals) |
| IP address (edge function) | In-memory rate-limit cache only | HTTP request | Abuse prevention | Ephemeral — never written to disk |
┌──────────────┐ 1. Sign in (Apple / Google) ┌──────────────────┐ │ Mac / iPhone │ ───────────────────────────────────▶│ Supabase GoTrue │ │ │◀────── access + refresh token ──────│ (/auth/v1) │ │ │ └──────────────────┘ │ │ │ │ 2. Record intercept event ┌──────────────────┐ │ │ ───────────────────────────────────▶│ Supabase REST │ │ │ (Row-Level Security = only you) │ (/rest/v1) │ │ │ └──────────────────┘ │ │ │ │ 3. Unblock request → reason ┌──────────────────┐ │ │ ───────────────────────────────────▶│ claude-judge │ │ │ (auth: your user JWT, 5/15min) │ (Edge Function) │ │ │ └────────┬─────────┘ │ │ │ │ │ ▼ │ │ ┌──────────────────┐ │ │ │ Anthropic API │ │ │◀────────── JSON decision ───────────│ (Claude) │ │ │ └──────────────────┘ │ │ │ │ 4. (Optional) Google Calendar ┌──────────────────┐ │ │ ───────────────────────────────────▶│ Google Calendar │ │ │ (OAuth token, calendar.readonly) │ API (you authd) │ │ │◀────────── event list ──────────────│ │ │ │ └──────────────────┘ │ │ │ │ 5. (Pro) Auto-classify events ┌──────────────────┐ │ │ ───────────────────────────────────▶│ claude-judge │ │ │ (mode=categorize, title+time) │ → Anthropic │ │ │◀──── event/deadline labels ─────────│ │ │ │ └──────────────────┘ │ │ │ │ 6. (Pro, every 30min) Gmail meta ┌──────────────────┐ │ │ ───────────────────────────────────▶│ Gmail API │ │ │ (OAuth token, gmail.readonly) │ (you authd) │ │ │◀── subject+snippet+from+ts (24h) ───│ │ │ │ └──────────────────┘ │ │ 7. Extract email tasks ┌──────────────────┐ │ │ ───────────────────────────────────▶│ claude-judge │ │ │ (mode=extract-emails) │ → Anthropic │ │ │◀── next-24h events/deadlines ──────│ │ └──────────────┘ └──────────────────┘ NOT SENT to any server: • Your list of blocked apps / sites • Your schedule / focus windows • Your reflection memory • Your OAuth refresh token • Any email body, attachment, contact list, or thread history • Any calendar entry you decline to sync • Anything Kael writes BACK to Google (we never do — read-only scopes)
Kael is not directed at children under 13. We do not knowingly collect data from users under 13. Minimum age for an account is 13.
Kael's use of information received from Google APIs (Calendar + Gmail) adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is used solely to provide the in-app calendar-sync and task-suggestion features, is never sold, never used for advertising or to train generalized AI models, and is only transferred onward to our AI sub-processor as needed to deliver those features (or for security / legal compliance).
We declare the following in our App Privacy questionnaire:
Privacy / data questions: admin@trykael.com
Security vulnerability reports: admin@trykael.com (please use responsible disclosure — we respond within 72 hours).
Kael uses Claude, an AI model made by Anthropic, in three places:
All three round-trip through our Supabase Edge Function claude-judge, which authenticates with your user JWT and rate-limits requests.
When you attempt to open a guarded app (all tiers):
When Kael syncs your calendar (Pro only):
When Kael scans recent email (Pro only, every 30 minutes while the app is open):
No other personal data is shared. Your name, account email, location, browsing history, contacts, photos, microphone, and camera are never sent to Claude.
For reason judging, Claude returns a single decision — approved or blocked, plus a suggested minute window. For calendar categorization, Claude returns an "event" or "deadline" label per input row. For email extraction, Claude returns a list of next-24h tasks with extracted times, kinds, and labels keyed back to the input message IDs.
Anthropic does not store or use any of these inputs to train their models under their standard commercial API terms. Anthropic retains API request logs for up to 30 days per their data policy.
Kael's server-side prompt explicitly instructs Claude to treat every user-supplied field (destination name, tasks, upcoming items, your typed reason) as untrusted inputto evaluate, never as instructions to follow. Attempts to redefine Claude's role, reveal the system prompt, or override the JSON output schema are treated as low-quality reasons and rejected via the normal denial flow. All user input is also sanitized client-side and server-side before being included in the prompt (control characters stripped, prompt-section delimiters neutralized, length capped).
Anthropic is an independent company. By using Kael, you acknowledge that the content you type in the reason box will be processed by Anthropic's API. You can review Anthropic's privacy practices at anthropic.com/privacy.
You can delete your account and all associated data at any time from Settings → Account → Delete account. You can disconnect your Google account at any time to stop all calendar + Gmail processing.