Written to be read.

To operate Kythen, we hold the following:

Account information

• The display name you chose. This is visible to other users.
• Your age, stored as a whole number, not a date of birth.
• Photos you added to your profile, stored until you remove them or delete your account.
• Authentication credentials stored in cryptographically hashed form. We cannot read your password.
• A verified / not verified pointer. The actual identity verification documents are held by our verification provider, not by Kythen (see third parties below).

Activity and events

• Your active sessions at verified venues while you are there. This data is session-scoped; detailed records purge on a short schedule.
• Events you attended, stored as event metadata plus your attendance record.
• Connections you made with other users, while the connection is active.
• Messages you exchanged with your connections, stored under the retention schedule below.

Product operation data

• Moderation reports you filed or that were filed about you.
• Audit logs of platform operations (your logins, account changes, administrative actions we took on your account). These support security and legal obligations.
• Subscription and payment records, if you have a paid account. The actual payment details are with our payment provider.
• Basic device and connection information required to operate the app, such as device type and IP address, retained briefly for security and service reliability.

What we hold on your device, not on our servers

The data we hold is used to operate Kythen, and only to operate Kythen.

Operating the service

• Authenticating you and keeping your account secure.
• Showing you who else is kythening at the venue you are at.
• Delivering messages between you and the people you connected with.
• Surfacing patterns for you, with your consent, from data we hold on your device.
• Managing your subscription and billing, if you have a paid account.

Keeping the platform safe

• Investigating reports you or others file.
• Removing accounts that violate our policies, and preventing them from returning.
• Responding to incidents at venues that affect Kythen users.
• Detecting patterns of abuse or gaming that threaten other users.

Improving the product

• Understanding, at aggregate level, which features are used and which are not, so we know what to invest in.
• Debugging errors and performance problems.

That is the full list. We do not use your data for purposes outside these. If we ever wanted to, we would have to update this policy, notify you, and give you the chance to withdraw first.

Some of these are architectural, meaning we have structurally built the product so that we cannot do them even if we wanted to. Others are policy commitments we make publicly and bind ourselves to. The difference matters, and we name it honestly.

Architectural commitments (we cannot, by how Kythen is built)

• We do not collect background location. The app requests location access only while you are using it, and only to verify your presence at a venue. We do not track you when the app is closed.
• We cannot produce Room Memory data. It lives on your device, not on our servers. A legal request to Kythen for Room Memory data returns nothing, because we do not have it.
• We cannot read your password. It is stored in cryptographically hashed form.

Policy commitments (we could, but we will not)

• We do not sell your data. Not to advertisers, not to data brokers, not to any third party. Ever.
• We do not run ads inside Kythen. No third-party ad networks. No sponsored content that is not clearly labeled as a venue's own event.
• We do not use your messages for algorithmic purposes. Not for ranking, matching, cross-connection inference, AI training, or any other product feature.
• We do not gamify engagement. No daily streaks, no artificial urgency, no manufactured scarcity, no "someone viewed your profile" urgency notifications.
• We do not share your data with venues. The venue you kythened at knows you were there while you were there. It does not receive a report of your profile, your other kythenings, or your history afterward.

Specific retention periods for each data type:

• Your profile: as long as your account exists, plus up to 30 days after account deletion for cleanup.
• Your photos: as long as your account exists. Removed when you delete them or your account.
• Messages: up to 90 days after the last activity in a conversation, then a further 30-day window before permanent deletion. You can delete your own messages at any time.
• Detailed presence at venues: a short window (on the order of a week) for operational purposes. Events designated by the host as low-retention purge their detailed records within an hour of the event's end.
• Aggregated anonymized activity: up to two years, for understanding platform-level trends. Aggregated means it cannot be traced back to you specifically.
• Connection records: as long as you and the other person are both connected and on Kythen. Removed after you unconnect, block, or either of you leaves the platform.
• Moderation reports: retained up to two years, to support pattern detection and appeals. If you filed a report, your context in that report is retained even if the event itself is low-retention.
• Audit logs: retained up to seven years, as is standard for platform operational records.
• Payment and subscription records: as required by applicable tax and regulatory law (typically seven years).
• Identity verification records: held by our verification provider per their compliance requirements (typically seven years). Kythen holds only a verified / not-verified pointer.

When you delete your account, we begin the deletion process immediately. Some records that are legally or operationally necessary (audit logs, tax records, moderation history) persist past account deletion for the periods named above.

Some parts of operating Kythen require working with other companies. We keep this list as short as we can, and we name each one here so you know where your data may travel and under what terms.

• Identity verification provider. Verifies that your identity is real when you verify on Kythen. They hold the underlying documents you submitted (government ID, selfie, etc.) per their compliance requirements. Kythen holds only a pointer indicating you are verified. A legal request for your ID documents goes to them, not to Kythen.
• Payment processor. Handles subscription billing for paid accounts. They hold your payment method details; Kythen does not.
• Cloud infrastructure provider. Hosts the servers Kythen runs on. They do not have independent access to your data beyond what is necessary to keep the servers running (encrypted at rest, contracts that prevent inspection or reuse).
• Push notification providers. Apple and Google, for iOS and Android respectively. They deliver notifications but do not have access to the content of your activity beyond the specific notification being delivered.
• Email delivery provider. Sends transactional emails (account confirmation, receipts, security alerts). They do not use your email for their own marketing.
• Error tracking and analytics. Tools that help us detect bugs and understand aggregate product usage. Configured to minimize personal data collection, focused on operational metrics rather than user profiling.

Each of these is a company subject to its own privacy policy and legal requirements. We have reviewed and selected them with care. If a provider changes or is added in a way that meaningfully changes this picture, we will update this policy.

Depending on where you live, you have legal rights that apply to the data Kythen holds about you. We honor these rights for every Kythen user, regardless of jurisdiction.

Rights you have, everywhere

• Access: you can ask for a copy of the data we hold about you, and we will provide it in a readable format within a reasonable timeframe (typically under 30 days).
• Correction: you can correct inaccurate information about you.
• Deletion: you can delete your account, and we will delete the data we hold about you (subject to the retention exceptions named above).
• Portability: you can export your data in a format that lets you take it elsewhere.
• Objection: you can object to specific uses of your data, and we will stop those uses unless there is a compelling legal reason to continue.

Additional rights in specific jurisdictions

• European Union (GDPR): right to restrict processing, right to lodge a complaint with a supervisory authority, right not to be subject to automated decision-making.
• California (CCPA / CPRA): right to know specific categories of information, right to opt out of sale (not applicable because we do not sell your data), right to correct, right to limit use of sensitive information.
• Other jurisdictions: we apply the stricter standard when multiple apply to the same user.

To exercise any of these rights, email privacy@kythen.place. We respond to every request, and we do not ask you to explain why.

Like any legal entity, Kythen is subject to the laws of the jurisdictions where it operates. We may receive requests from law enforcement, courts, or other authorities for information about our users. Here is how we handle them.

What we require

• A legally valid request, meaning a subpoena, court order, search warrant, or equivalent legal instrument appropriate to the jurisdiction.
• A narrowly scoped request. Requests that are overbroad or speculative are pushed back on or challenged.
• A request from a jurisdiction with authority over the matter. We do not comply with requests from jurisdictions that lack authority.

What we can produce

• Data we hold that is responsive to the specific, valid request.
• Messages you sent, if retained and within the legal scope.
• Account information and platform activity records within the retention window.

What we cannot produce

• Room Memory data. It is not on our servers. Law enforcement with a valid warrant for your Room Memory receives nothing from us, because we do not have it.
• Your password. It is stored in cryptographically hashed form. We can neither read nor provide it.
• Background location data. We do not collect it.

What we tell you

If we receive a legal request about your account, we will notify you before disclosing your information unless legally prohibited from doing so (for example, if the request includes a gag order). If we are prohibited from telling you directly, we maintain a warrant canary notice on this page as a secondary signal.

If we update this policy, we do it deliberately and transparently.

• Small edits (clarifying language, adding a new third-party provider that does not change the overall picture) are made with the updated date reflected at the top of the page.
• Material changes (changes to what we collect, what we do with it, or how long we keep it) are announced to users in the app and by email, at least 30 days before the change takes effect. You have the option to delete your account before the change applies to you.
• We do not use dark patterns to obtain consent for policy changes. No pre-checked boxes, no "by continuing to use Kythen you agree" without you actually seeing the change, no burying the change in an unrelated update.

Historic versions of this policy are archived and available on request.

For any privacy-related question, request, or concern, write to us. A real person responds.

• Privacy inquiries: privacy@kythen.place
• Legal requests (by lawful process only): legal@kythen.place
• General questions: hello@kythen.place

The operating entity is Kythen LLC. Formal legal notices and process should be directed through the legal email above or through the registered agent listed in the relevant business registry.