Privacy

Treated like therapy notes.

KAIZEN ("we", "us", "our") is a manifestation, affirmation, and journaling app for iOS and Android. We hold a lot of sensitive material per user — voice, story, blockers, journals — and this policy is how we promise to treat it. The shorter never-list lives at What we'll never do. This Privacy Policy is a binding statement of our practices. We may amend it; we'll email account holders before any change that materially affects how we collect or use data.

Applies to the KAIZEN app and getkaizen.app. Contact: [email protected].

Last updated: June 2026.

Our four principles

Consent is explicit, granular, and revocable. Never one big "agree to everything."
Delete means delete. Including at third-party providers (voice clones, LLM caches).
Anonymity by default in social. You choose to deanonymise; never the other way around.
We never replace a professional. KAIZEN is not therapy, medicine, or legal counsel.

What we collect

Account. Your email address (required) and the handle (nickname) you choose during onboarding.
Age check. Your month and year of birth, collected once to confirm you're 16 or older. This is a declared age check, not identity verification. We don't display it in the app and it is deleted with your account.
Your story and goals. What you wrote or recorded during onboarding to describe where you are, where you're going, your blockers, and your needs.
Journal entries. Everything you write or record inside the daily journal (text and voice).
Voice recordings. Only with your explicit consent (the voice toggle ON). Used to build a private voice model for your future-self messages. You can revoke at any time; we stop using the model immediately and trigger deletion at our voice provider (Cartesia), completed within about 24 hours. See Your voice below.
Device + diagnostic data. App version, OS version, crash reports (via Sentry), and anonymised product analytics (via PostHog) so we know which screens are broken. No precise location (we derive an approximate city-level region from your connection's network headers only), no contacts, no advertising identifiers.
Subscription data. Your subscription and receipt status from the Apple App Store or Google Play (via RevenueCat). We never see or store your card or payment account number — the app stores handle payment directly.

What we use it for

Generating your daily affirmation, daily story, and future-self message — all written for you, from your own dossier.
Surfacing anonymous community spaces where other users are working through similar themes.
Grounding affirmations in anonymised success-story moments from other users walking a similar path (never identifying details, never your own data leaving your dossier).
Keeping the product working: crash diagnostics, performance, billing.

We do not sell data, do not train third-party models on your data, do not show advertising, and do not share your content with other users.

Who processes your data (subprocessors)

We use a small set of vetted service providers to run KAIZEN. Each only receives the data it needs to do its job, under contract, and none of them may sell your data or use it to train their own or third-party models on your content.

Cloudflare — application servers (Workers), object storage for audio and media (R2, app-layer AES-256-GCM encrypted per user), background queues, and the AI text generation that writes your affirmations, stories, and future-self message text (Cloudflare Workers AI, using the gpt-oss-120b model as primary and Llama 3.3 as fallback). Prompts are sent without your name; inputs are not used to train these models.
Neon — the primary database (Postgres).
Upstash — cache (Redis).
Cartesia — voice synthesis. Holds your private voice model by an external ID; supports synchronous, confirmed deletion (see Your voice).
RevenueCat — subscription receipt validation and entitlement state.
Apple App Store & Google Play — payment processing for subscriptions.
Resend — transactional email (sign-in codes, reminders, data-export links).
Expo — push notification delivery.
Sentry — crash reporting (configured to scrub PII).
PostHog — anonymised product analytics (configured to scrub PII).
Clerk — authentication / sign-in (used during our v0.1 launch period; we plan to migrate this in-house as we scale).

We keep an up-to-date list and will notify account holders before adding a subprocessor that materially changes how sensitive data is handled. In transit: TLS everywhere. At rest: encryption provided by each vendor; voice and journal audio additionally encrypted at the application layer with a per-user key.

Your voice (voice biometrics)

A voice recording can be biometric data. We treat it with extra care, and we only ever process it with your explicit, opt-in consent.

Consent is opt-in. We build a voice model only if you turn the voice toggle ON. With it off — the first-class default for many users — your future-self messages are read in a warm voice from our library instead, and the text is identical.
Single, narrow purpose. The model is used only to read your own future-self messages back to you in your own voice. Nothing else.
Private to you. It is never shared with other users, never sold, and never used to train shared or third-party models. No celebrity or third-party voice cloning, ever.
Provider. The model is held at Cartesia under an external ID; we don't store the model itself in our own storage.
Revocable any time. Turn the toggle off in Settings and we stop using the model immediately and trigger deletion at Cartesia, confirmed within about 24 hours.
Watermarked output. Every piece of audio KAIZEN generates carries an inaudible watermark, so its origin can be verified and AI-generated audio can be detected — a safeguard against deepfakes and misuse.

Anonymity in community

Every group post and 1:1 message defaults to anonymous.
Your real name is never exposed in social, ever.
Location precision is capped at city.
No photos in groups by default — likely never.
1:1 DMs require mutual opt-in.

Sensitive content

KAIZEN routes sensitive content (self-harm, abuse, substance use, eating concerns) to in-app resource screens with jurisdiction-aware hotlines. We suppress AI generation that could harm rather than help. We do not alert humans on private-journal sensitive content — you wrote it for yourself.

Your rights

Export. Settings → Export downloads a JSON of your dossier and a zip of your audio.
Delete. Settings → Delete account. Voice model + voice audio are deleted immediately at our provider. The rest is purged within 30 days.
Correct. You can edit any answer captured during onboarding.
Restrict. Toggle off voice cloning, push notifications, or community participation at any time.
Object. Email us at [email protected] and we'll act within 30 days.
Complain. EU/UK users can lodge a complaint with their local data protection authority.

Retention

Account active: as long as you keep the account. Account deleted: full data wipe within 30 days, including at third-party providers. Crash diagnostics (with no user ID): retained 90 days. Aggregated, non-identifying product metrics: retained indefinitely.

Children

KAIZEN is built for people 16 and older. We collect month + year of birth once, for the age check; we don't display it in the app and it's deleted with your account. We do not knowingly accept users under 16.

Contact

Privacy questions, data requests, and complaints: [email protected].

International transfers

KAIZEN is operated from, and stores data in, the United States at launch. If you sign up from the EU, UK, or another region, you acknowledge that your data is processed in the US under appropriate safeguards; an EU GDPR data-processing addendum is available on request from [email protected].

Legal basis & how we share

We process your data to provide the service you asked for (performance of our agreement with you), on the basis of your explicit consent for voice and other optional features, and for our legitimate interest in keeping the product working and safe. We do not sell personal data and do not share your content for advertising. We may disclose data if required by law or to protect users, and we may transfer it as part of a merger or acquisition (you'll be notified).

This policy reflects how KAIZEN actually handles your data and is the binding statement of our practices. See also our Terms of Service, EULA, and FAQ.