LEGAL

Klos Privacy Policy

Effective date: [ to be set on publication ]
Last updated: [ to be set on publication ]
Hosted at: https://getklos.com/privacy

1. Who we are

Klos is operated by Klos LLC, a Florida limited liability company. Klos LLC is wholly owned by GrayMoon Holdings LLC, also a Florida LLC. Our mailing address is on file with the Florida Division of Corporations (entity number L26000244944) and is available on request.

This Privacy Policy explains what information Klos collects, how we use it, and the rights you have over it. It covers the Klos iOS application (“the App”), the Klos web viewer at view.getklos.com (“the Viewer”), and the Supabase-backed services that support both (“the Backend”) — together, “Klos.”

Contact for privacy questions: privacy@getklos.com

2. What information we collect

2.1 Information you provide directly

When you create a Klos account, we collect your email address and a password (which we never store in clear text — we store only a one-way hash that cannot be reversed). If you sign in with Apple or Google, we receive the basic profile information that those providers share as part of OAuth — typically your email address and a stable identifier.

When you use Klos, you upload encrypted documents and their encrypted metadata (everything you type about a document — name, notes, expiration date, document type). These are encrypted on your device before they leave it. We hold the ciphertext only.

You may also add persons and contacts (names, email addresses) so you can share documents or invite people to a Family Vault. Person records are stored as plain text in our database because they need to be readable across multiple users in the same Family Vault.

When you share a document or invite someone to a Family Vault, we store the share configuration — who you shared with, what permissions you granted, when the share expires, and when it has been opened, revoked, or has expired.

2.2 Information we collect automatically when you use Klos

Usage events. Klos keeps a small, fixed-taxonomy event log in our own database to understand how the product is used. We do not use any third-party analytics service. The complete list of events we collect is:

user_signed_up, user_activated, document_imported, share_created, share_opened, share_revoked, pouch_created, subscription_started, subscription_churned.

For each event, we record your user ID, the event type, a timestamp, a session identifier, an optional numeric value (such as a document count), and an optional structured-data field that never contains personal information. No free-text fields. No body content. No document data.

Crash reports. Klos uses Sentry to receive crash and error reports so we can fix bugs. We configure Sentry to strip personal information. Sentry receives: device model, OS version, app version, stack trace, and a hashed user identifier. Sentry does not receive: your email address, document content, document filenames, encryption keys, share tokens, or anything you have typed.

Session and device metadata. We log basic technical information (app version, OS version, IP address at the time of an authenticated request) for security, fraud prevention, and diagnostics. We do not build advertising profiles. We do not track you across other apps or websites.

2.3 Information from third-party sign-in providers

If you sign in with Apple or Google, those providers may share basic profile information with us (email, name if you have one set, a stable identifier). We use this only to create and authenticate your account. We do not request additional permissions beyond what's necessary for sign-in.

3. How we use your information

We use the information described above to:

  • Operate the App, Backend, and Viewer — store and retrieve your encrypted documents, deliver shares, authenticate sign-ins.
  • Send you freshness reminders about documents you've asked us to track (passport expiring soon, insurance card needing renewal, etc.).
  • Enforce share permissions — make sure view-only shares can be viewed but not downloaded, expired shares can no longer be opened, and revoked shares immediately stop working.
  • Security and fraud prevention — investigate suspicious sign-in patterns, prevent abuse, respond to attacks.
  • Send account communications — sign-in magic links, share notifications, password reset emails, important service announcements.
  • Improve Klos — understand which features are used and which aren't, find and fix bugs, decide what to build next.

We do not use your information for advertising. We do not sell, rent, or trade your information to anyone.

4. The end-to-end encryption story (what we can't see)

This section is plain-language. The technical detail lives in our security documentation.

We cannot read your documents. Klos uses client-side, end-to-end encryption. Before any document leaves your device, it is encrypted with AES-256-GCM using a key that only your device can derive. Our servers store the ciphertext, the encryption nonce, and an encrypted wrap of the key — but the key itself is wrapped in a way that requires either your password or your Apple device's secure storage to unwrap.

Concretely, this means:

  • A Klos employee with full access to our database cannot decrypt your documents. They would see encrypted blobs with no usable key.
  • If our backend provider (Supabase) ever suffered a security incident at the storage layer, the leaked data would be ciphertext that no one — including Klos — could read.
  • Your password is never sent to or stored on our servers in any form that could be reversed. We only receive the result of a one-way key derivation that lets us help you decrypt your own key.
  • Apple's Face ID and Touch ID never reach us. Biometric checks happen entirely on your iPhone. We receive only a yes/no result indicating that you authenticated successfully.

What we necessarily can see:

  • Your email address (for sign-in and to send share notifications).
  • The number of documents in your account, when each was created, and any expiration metadata you set (so we can send freshness reminders).
  • Person and contact records you create. These are stored in plain text because they're shared across users in a Family Vault.
  • Share events: when shares are created, opened, revoked, or expired.
  • Account metadata: when you signed up, when you last signed in, your subscription status.

For Family Vault (shared household documents): custody belongs to the vault, not to individuals. The vault has its own encryption key, wrapped to each member's account-scoped public key. When you move a document into a Family Vault, the document is re-encrypted under the vault key. Other vault members can read it; we still can't.

5. Third-party processors we use

We rely on a small number of third-party services to operate Klos. Each is a data processor acting on our behalf under standard data-processing terms. None of them is permitted to use your data for their own purposes.

ProcessorWhat we use it forWhat it receivesPrivacy policy
SupabaseBackend database, authenticated storage of encrypted blobs, authenticationEncrypted document blobs, account records, share metadata, person records (not encrypted), usage events. Region: United States.supabase.com/privacy
SentryCrash and error reportingDevice model, OS version, app version, stack trace, hashed user ID. No PII.sentry.io/privacy
ResendTransactional email delivery (magic links, share notifications)Recipient email address, email subject and body, the share link itselfresend.com/legal/privacy-policy
Apple (Sign In with Apple, Apple Push Notification Service)OAuth sign-in option, push notificationsOAuth identifier, basic profile (if you choose to sign in with Apple); push notification payloads (text only — never document content or keys)apple.com/legal/privacy
Google (Sign In with Google)OAuth sign-in optionOAuth identifier, basic profile (if you choose to sign in with Google)policies.google.com/privacy

We do not use third-party analytics services (no Google Analytics, no Mixpanel, no Amplitude, no Segment, no Facebook Pixel). We do not use advertising networks.

6. Data sharing and disclosure

We never sell, rent, or trade your information. This is a hard commitment. There is no opt-out you need to set — we simply don't do it.

We disclose information only in the limited cases below:

  • To the processors listed in Section 5, as needed to operate Klos.
  • To people you choose to share with. When you create a share or invite someone to a Family Vault, the recipient (or the Vault member) receives the content you chose to share, on the terms you set.
  • For legal reasons, if we receive a valid subpoena, court order, or similar legal demand. When the law permits, we will notify you before disclosing your information so you have an opportunity to object. We will challenge demands that appear overbroad or improper.
  • To protect Klos, our users, and the public, in cases of fraud, abuse, or imminent harm — narrowly and only when necessary.
  • In a business transaction. If Klos is ever acquired or merged, your information would transfer to the successor entity, subject to this Privacy Policy. We would notify you before any such transfer.

7. Data retention and deletion

You can delete your Klos account at any time from the App's Settings. Account deletion works in two stages so you can change your mind:

Stage 1 — Soft delete (30 days). When you trigger deletion, your account is immediately marked deleted. Sign-in is disabled. The App will not load your data. No notifications will fire. No shares you previously created will continue to work. You can reverse the deletion within 30 days by contacting privacy@getklos.com from the email address on the account.

Stage 2 — Hard delete (after 30 days). A daily automated job permanently removes your account record, all encrypted document blobs, all share records, all person and contact records, and all usage-event entries. The cascade is complete; no residual data remains.

If you do not delete your account, we retain your information for as long as your account is active. Inactive accounts may be subject to additional deletion policies in the future; we will notify you before such a policy takes effect.

Specific retention windows:

  • Encrypted documents: until you delete the document or your account.
  • Share records: until you delete the share or your account.
  • Usage events: until your account is hard-deleted.
  • Crash reports (Sentry): per Sentry's default retention (currently 90 days).
  • Email-delivery logs (Resend): per Resend's default retention (currently 30 days).

8. Your rights

You have the following rights over your information, regardless of where you live:

  • Access. Get a copy of the information we hold about you. Where the data is encrypted (your documents), we can return the ciphertext; you decrypt with your key. Where it is plaintext (account metadata, persons, events), we provide it directly.
  • Correction. Update or correct information that's wrong.
  • Deletion. Delete your account, or specific documents and persons, at any time.
  • Portability. Export your data in a machine-readable format.
  • Restriction or objection. Ask us to stop processing your information for a specific purpose (for example, to stop sending freshness reminders). Sign-in and basic service delivery cannot be restricted without effectively suspending the account.

California residents (CCPA / CPRA). You have the rights above. You also have the right to opt out of the “sale” or “sharing” of personal information — Klos does not sell or share personal information for advertising purposes, so the opt-out is moot in our case, but the right is acknowledged. You may designate an authorized agent to exercise these rights on your behalf. Klos will not discriminate against you for exercising any CCPA right.

EU and UK residents (GDPR / UK GDPR). Our legal bases for processing are: (a) contract — to provide the service you signed up for; (b) legitimate interest — to keep Klos secure and prevent fraud; (c) consent — for any optional processing you've turned on (such as push notifications). You have the rights above plus the right to lodge a complaint with your national data protection authority. We do not currently designate an Article 27 representative; if EU usage of Klos grows materially, we will appoint one and update this policy.

To exercise any right, email privacy@getklos.com from the address on your Klos account. We respond within 30 days for most requests (45 days for complex requests, with notice).

9. Children

Klos is intended for adults aged 18 and over. The App Store age rating reflects this. We do not knowingly collect personal information from children under 13 (COPPA). If we discover that we have collected such information, we delete it as soon as we become aware. If you are a parent or guardian and believe your child has used Klos, contact privacy@getklos.com and we will act promptly.

10. Security

Beyond the end-to-end encryption story described in Section 4, Klos takes the following security measures:

  • In transit: all communication between the App, Viewer, and Backend uses TLS 1.3.
  • On your device: your encryption keys are stored in the iOS Secure Enclave (via expo-secure-store). Your documents and metadata are stored locally in encrypted form.
  • In storage: documents are stored as ciphertext that we cannot decrypt. Storage URLs are signed and short-lived; recipients of view-only shares cannot save copies of documents.
  • Biometric gate: you can require Face ID or Touch ID before the App will unlock your vault. This is an additional gate on top of your password — not a replacement for it.
  • Account hygiene: sign-in attempts are rate-limited. We use email-based two-step verification on sensitive flows.

No system is perfectly secure. If a security incident affects your information, we will notify you in the manner and timeframe required by applicable law.

11. International data transfers

Klos's Backend is hosted in the United States. If you use Klos from outside the United States — including from the European Union, United Kingdom, or other jurisdictions with data-transfer rules — your information will be transferred to and stored in the United States. By creating an account, you consent to this transfer.

For EU and UK residents: we rely on the Standard Contractual Clauses (SCCs) for any onward transfer to processors that need them, and we evaluate each processor's data-handling practices before engaging them.

12. Changes to this Privacy Policy

If we change this Privacy Policy in a way that affects your rights or how we handle your information, we will notify you in-app and by email at least 30 days before the change takes effect. For minor wording updates that don't affect your rights, we will update the “Last updated” date at the top of this page without separate notice.

You can always see the current effective date and the most recent version at https://getklos.com/privacy.

13. Governing law and disputes

This Privacy Policy is governed by the laws of the State of Florida, United States, without regard to its conflict-of-laws principles. Any dispute arising from this Policy or your use of Klos that is not resolved through good-faith discussion will be brought in a state or federal court of competent jurisdiction located in Palm Beach County, Florida, and you and Klos agree to that venue.

If you are an EU or UK resident, nothing in this section limits your right to bring a complaint to your national data protection authority or to seek the protection of mandatory consumer-protection laws in your country of residence.

14. Contact us

For privacy questions, requests to exercise your rights, or any concern about how Klos handles your information:

Email: privacy@getklos.com
Operator: Klos LLC, a Florida limited liability company
Mailing address: Available on request from privacy@getklos.com or via the Florida Division of Corporations record for entity L26000244944.

We aim to respond within 5 business days for general questions and within 30 days for formal rights requests (45 days for complex requests, with notice).

This Privacy Policy is written in plain language to be readable. If anything in it is unclear, please email us — we'd rather explain than have you guess.

DMCA designated-agent notice →