privacy policy

klyo (“klyo,” “we,” “us”) operates the website tryklyo.io and the klyo mobile application (the “Service”). This Privacy Policy explains what personal data we collect when you use the Service, how we use it, and the rights you have over it.

For any privacy-related question, contact us at info@tryklyo.io.

We collect the following categories of personal data:

• Account data: email address, password (hashed), name, age, sex, country.
• Body and health data: height, weight, body-composition inputs, activity level, fitness goal (gain / cut / maintain), and calorie targets calculated from these inputs.
• Nutrition logs: the meals you log, calorie estimates, macros, timestamps, and notes.
• Photos: photos of meals you submit to the camera-AI feature. See section 4 below.
• Usage data: device type, OS, app version, anonymous interaction events (which screens you visit, which buttons you tap).
• Subscription data: if you subscribe via Apple App Store or Google Play, those platforms share the transaction status with us via RevenueCat. We never see your payment card details.

We do not collect: precise GPS location, contacts, social graphs, browsing history outside klyo, or biometric identifiers (fingerprints, face IDs).

We use your data only for the following purposes:

• To operate the Service:calculate your calorie targets, save your meal logs, generate personalised menus, send notifications you’ve opted into.
• To improve klyo: understand how the product is used in aggregate (anonymised) and fix bugs.
• To support you: respond to your emails and provide customer care.
• To comply with law: respond to lawful requests by public authorities.

We do not sell your personal data, ever. We do not share identifiable data with advertisers. We do not train third-party AI models on your photos or meal logs.

When you take a photo of a meal for AI estimation, that photo is sent securely to our AI provider (Anthropic Claude API) for analysis. The photo is stored on our servers only long enough to return the estimate and let you review it. By default, photos are deleted from our servers within 30 days of upload. You can delete any photo immediately from inside the app.

Anthropic processes the image under their own privacy and security standards and does not use the image to train their models. See Anthropic Privacy Policy for details.

klyo uses the following third-party services to operate:

• Supabase - hosts our database (EU region). Stores your account and logs.
• Anthropic Claude - analyses meal photos and powers the in-app coach.
• RevenueCat - manages subscriptions between us and Apple / Google.
• Apple App Store / Google Play - handle billing and app distribution.
• Vercel - hosts our website (tryklyo.io) and serverless functions.

Each provider is contractually required to protect your data and use it only on our instructions.

Regardless of where you live, you have the right to:

• Access the personal data we hold about you;
• Correct inaccurate or outdated data;
• Deleteyour account and all associated data (“right to be forgotten”);
• Export your data in a machine-readable format (portability);
• Object to processing for analytics or marketing.

To exercise any right, email info@tryklyo.io with the subject line “Privacy Request”. We respond within 30 days.

California residents have additional rights under CCPA, including the right to know exactly what data we sell (we sell none). EU/UK residents have additional rights under GDPR, including the right to lodge a complaint with their local data-protection authority.

We keep your data only as long as you have an active klyo account. If you delete your account, all personal data is permanently deleted from our servers within 30 days, except for anonymised aggregate analytics which are retained indefinitely. Backups are purged within 90 days.

klyo is not designed for children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has provided us with personal data, email info@tryklyo.io and we will delete it. Users between 13 and 18 must have parental permission to use the Service.

We use industry-standard encryption (TLS in transit, AES-256 at rest), strict access controls, and regular security reviews. No system is 100% secure; if we ever experience a data breach affecting your personal information, we will notify you by email within 72 hours.

klyo’s servers are located in the European Union. If you access the Service from outside the EU, your data will be transferred to and processed there under EU data-protection law, which is generally considered to provide an adequate level of protection.

We may update this Privacy Policy from time to time. When we do, we will update the “last updated” date above and, for material changes, notify you by email at least 14 days before the change takes effect.