Legal

Kio Privacy Policy

Last updated: April 17, 2026

Kio is a personal AI life assistant made by Prosperous Power (Jonathan Hsieh, d/b/a Prosperous Power). This policy explains what we collect, why we collect it, and what you control. We wrote it in plain English because you deserve to actually understand it.

If you only read one section, read How We Use Your Gmail and Calendar Data. That's the one that matters most.

For the rules that govern your use of Kio, see our Terms of Service.

The Short Version

• Kio stores your chat messages, memory facts, and reminders so the assistant actually works.
• If you connect Gmail or Google Calendar, we fetch them live when you ask — we don't keep copies.
• We send your messages to AI model providers (Google, OpenRouter) to generate responses.
• We use Sentry and PostHog to catch bugs and understand which features work. We don't sell your data. We don't use your data to train AI models.
• You can delete your account anytime. We'll erase your data within 30 days.

Who We Are

Kio is owned and operated by Jonathan Hsieh, d/b/a Prosperous Power, based in the United States. You can reach us at jonathan@prosperouspower.com.

The Kio website is mykio.app. The iOS app is listed on the Apple App Store as “Kio.”

What We Collect

Here's everything Kio stores, grouped by what it is:

Account info (from sign-in)

• Your name, email address, and profile picture from Sign in with Apple or Google OAuth
• A Clerk user ID used to identify your account internally

Your content and memory

• Your chat messages with Kio
• Memory facts Kio learns about you (people you know, preferences, routines, commitments, behavioral rules you give it)
• Reminders you set
• Morning briefings, evening check-ins, daily priorities, reflections
• Plan cards, calendar event records, and email draft records you create inside Kio
• Feedback messages and optional screenshots you send us

Google integration tokens (only if you connect Gmail or Calendar)

• OAuth access and refresh tokens
• The OAuth client ID that issued them (so we can refresh them correctly)

Device and app info

• iOS device type, app version, timezone, and locale
• Push notification token (so we can deliver reminders and check-ins)

Diagnostics and analytics

• Crash reports and JavaScript errors (via Sentry), tagged with your user ID
• Product analytics events — which features you use, which screens you see (via PostHog)
• Session replay recordings with PII automatically masked (via PostHog)
• Backend function logs and performance metrics (via Convex)

How We Use Your Data

We use your data to:

1. Run the assistant. Your messages, memory facts, and reminders let Kio respond in context and remember what matters to you.
2. Deliver notifications. Push tokens let us send your morning briefing, evening check-in, and reminders.
3. Connect to Google services. OAuth tokens let us read your calendar and email (and draft/compose on your behalf) only when you ask.
4. Improve the product. Analytics and error reports help us find bugs and understand which features help.
5. Support you. If you email us, we use your account info to respond.

We do not sell your data. We do not use your data to train AI models. We do not run third-party advertising inside Kio.

How We Use Your Gmail and Calendar Data

If you connect your Google account to Kio:

• Your Gmail and Google Calendar data is used only to provide Kio's assistant features — reading your messages/events when you ask, drafting replies, proposing calendar events, and surfacing reminders.
• We do not sell your Gmail or Calendar data. Ever.
• We do not use your Gmail or Calendar data for advertising.
• We do not use your Gmail or Calendar data to train generalized AI or machine-learning models.
• We do not share your Gmail or Calendar data with anyone except the AI model providers (Google AI Studio, OpenRouter) strictly for the purpose of processing your current request — and only when your request requires it.
• We do not store copies of your emails or calendar events on our servers. We fetch them live via Google APIs at the moment you ask, and we hold them only transiently in memory to serve your request.
• We read human messages on a case-by-case basis only when (a) you grant us access for a specific support issue in writing, (b) required for security investigations, or (c) required by law.

You can disconnect Google at any time in Kio's settings, or revoke access directly at myaccount.google.com/permissions.

How AI Processing Works

When you send a message to Kio, we send the message (plus relevant memory and context) to AI model providers to generate a response:

• Google AI Studio — Gemma 4 (primary model) and Gemini Flash (fallback)
• OpenRouter — used as a secondary fallback route to model providers

These providers may log API requests per their own privacy policies. Per our agreements and their published terms, your content is not used to train their models when accessed through these API pathways. We do not send your data to OpenAI for the primary chat experience.

Who We Share Data With

We share data only with the service providers that make Kio work. Each one is contractually bound to protect your data and use it only to provide their service to us:

We may also disclose data if required by law (valid subpoena, court order) or to protect the safety of our users, and we'll push back on overbroad requests when we can.

What We Don't Collect

Kio does not collect:

• Precise location
• Your contacts
• Your photo library or camera (except screenshots you deliberately attach to feedback)
• Microphone or audio
• Health or fitness data
• Financial information or payment card numbers

How Long We Keep Your Data

We keep your data as long as your Kio account is active. If you delete your account, we delete your personal data from our production systems within 30 days. Backups roll off within 90 days.

Some minimal records (for example, legal or fraud-prevention logs) may be retained longer where required by law.

Your Rights and Choices

No matter where you live, you can:

• Access a copy of the data we have about you
• Correctdata that's wrong
• Delete your account and data
• Export your data in a portable format
• Object to certain uses
• Withdraw consent at any time (by disconnecting integrations or deleting your account)

To exercise any of these rights, email jonathan@prosperouspower.com from the address on your Kio account. We'll respond within 30 days.

Deleting Your Account

You can delete your Kio account from inside the app (Settings → Account → Delete Account). If that option isn't available to you for any reason, email jonathan@prosperouspower.com with the subject line “Delete my account” from the email on your account.

When you delete your account, we remove:

• Your chat history and memory facts
• Your reminders, briefings, reflections, and plan cards
• Your OAuth tokens (we also revoke them with Google)
• Your push notification token
• Your profile info

This happens within 30 days.

California Privacy Rights

If you're a California resident, the CCPA and CPRA give you the rights listed in Your Rights and Choices, plus:

• The right to know what personal information we collect and how we use it (covered by this policy)
• The right to delete your personal information
• The right to correct inaccurate personal information
• The right to limit use of sensitive personal information
• The right not to be discriminated against for exercising these rights

We do not sell or share your personal information as defined by the CCPA/CPRA, and we do not use sensitive personal information for purposes beyond what's described here.

European Privacy Rights (GDPR)

If you're in the EU, UK, or EEA, Prosperous Power is the data controller for Kio.

Our lawful bases for processing your data are:

• Contract — processing needed to provide Kio as a service to you (your chats, memory, reminders, integrations)
• Consent — for Google integrations, push notifications, and analytics; you can withdraw consent anytime
• Legitimate interest — for security, fraud prevention, and basic error monitoring, balanced against your rights

You have the rights listed in Your Rights and Choices. You also have the right to lodge a complaint with your local data protection authority, though we'd appreciate the chance to fix things first — email us at jonathan@prosperouspower.com.

International Data Transfers

Kio's servers and most of our service providers are located in the United States. If you use Kio from outside the US, your data will be transferred to and processed in the US. Where required, we rely on standard contractual clauses and the protections built into our providers' agreements to safeguard your data during transfer.

Children

Kio is not intended for use by anyone under 13 years old, and we don't knowingly collect data from children under 13. In jurisdictions with a higher digital consent age (such as parts of the EU), the minimum age matches local law. If you believe a child has created an account, email us and we'll delete it.

Security

We protect your data with encryption in transit (TLS) and at rest, access controls on our databases, and least-privilege service credentials. No system is perfectly secure, but we take this seriously. If we ever experience a breach that affects you, we'll notify you promptly and in accordance with applicable law.

Changes to This Policy

If we make material changes to this policy, we'll update the “Last updated” date at the top, post the new version at mykio.app/privacy, and notify you inside the app before the changes take effect. Minor edits (typos, clarifications) may be made without notice.

Contact

Questions, requests, or concerns? We'd rather hear from you than have you wonder.