Application Privacy Policy

Kayro Cloud — Privacy Policy

Last Updated: May 8, 2026

1. About Kayro Cloud

Kayro Cloud is a self-hosted file synchronization, collaboration, and productivity client that connects to a Nextcloud server of the user's choice (for example, cloud.capula.co, or any other Nextcloud-compatible server). The app provides file browsing, upload and download, photo and media backup, calendar and contact sync, secure file sharing, real-time audio/video meetings (via Nextcloud Talk and WebRTC), document scanning, and an optional AI assistant. Kayro Cloud does not operate its own user database — your account, files, calendars, contacts, and shares live on the Nextcloud server you connect to.

2. Data Controller and Contact

Fizzify Inc. publishes the Kayro Cloud application. The operator of the Nextcloud server you connect to is the data controller for content stored on that server. For privacy questions about the app itself, please contact us.

3. Information the App Accesses

Kayro Cloud requests the following permissions only when you use the corresponding feature. You may grant or deny each permission independently. Denying a permission disables only the related feature; the rest of the app continues to function.

Permission	Why the app needs it	Where data goes
Camera	Capture photos for upload, scan documents, take part in video calls (Meetings).	Your Nextcloud server (uploads); peer device(s) over an encrypted connection (calls). Not retained by Kayro Cloud.
Microphone	Voice and video calls (Meetings); voice-to-text dictation in the AI assistant.	Calls: peer device(s) over an encrypted connection. Voice dictation: a brief recording is sent to the speech-to-text service for transcription, then discarded.
Photo library (read)	Pick existing photos to upload or share; back up the camera roll to your Nextcloud server when Auto-Upload is enabled.	Only the photos you select or that match Auto-Upload rules are uploaded to your Nextcloud server.
Photo library (add)	Save downloaded files and scanned documents to your photo library when you choose to.	Stays on your device.
Calendar	Optional Calendar Backup feature: copy events between your device calendar and your Nextcloud calendar.	Your Nextcloud server. Not transmitted to any third party.
Contacts	Optional Contacts Backup feature: copy contacts between your device address book and your Nextcloud contacts; suggest contacts when configuring shares.	Your Nextcloud server. Not transmitted to any third party.
Notifications	Show alerts for incoming calls, new shares, completed uploads, and other events.	Notification payloads originate from your Nextcloud server and (on iOS) Apple Push Notification service / (on Android) Firebase Cloud Messaging.
Background tasks & foreground service	Resume interrupted uploads, run scheduled syncs, keep meeting audio playing while the app is backgrounded.	Background traffic is between the app and your Nextcloud server.
Biometric (Face ID / Touch ID / fingerprint)	Unlock the app when an app passcode is configured.	Biometric matching happens on-device and is handled by the operating system. The app never sees your biometric data.

4. Categories of Personal Information Processed

Mapped to Apple's App Privacy data taxonomy and Google Play's Data Safety categories:

• Identifiers: Nextcloud username and server URL (entered by you), device identifiers used by the operating system to deliver push notifications.
• Authentication credentials: Nextcloud password or App Password are sent only to your chosen Nextcloud server over HTTPS, then stored locally in the device's encrypted secure storage (iOS Keychain / Android Keystore-backed SecureStore). They are never sent to Fizzify Inc.
• Files and media content: any file, photo, or video you choose to upload, download, share, or open. This content lives on your Nextcloud server; Kayro Cloud caches portions for offline access.
• Calendar events & contacts: only when you enable Calendar Backup or Contacts Backup.
• Audio & video streams: peer-to-peer during Meetings calls; relayed via TURN server only when a direct connection cannot be established. Streams are not recorded by Kayro Cloud.
• AI assistant inputs: the prompts, attached file references, and voice transcriptions you send through the AI chat. See Section 6.
• Diagnostics: crash reports and basic app diagnostics (anonymous, no payload contents).
• Approximate location: derived only from IP address by the Nextcloud server's logs; the app does not request precise location permission and contains no precise-location features.

5. How the Information Is Used

• Provide app functionality: authenticate to your Nextcloud server, sync files, deliver calls, run backups, render previews.
• Operate features you initiate: uploading a file, joining a meeting, asking the AI assistant, importing a recipe, etc.
• Maintain reliability: retry interrupted uploads, resume background work, and recover from connectivity changes.
• Security: detect and prevent unauthorized access, enforce optional app passcode/biometric lock.
• Comply with the law: respond to lawful requests addressed to Fizzify Inc.

Kayro Cloud does not use your data for advertising, ad targeting, or behavioral profiling. The app contains no advertising SDKs and no user-tracking SDKs.

6. AI Assistant and Tool Integrations

The optional AI Assistant routes your requests through a private gateway operated by Fizzify Inc. The gateway forwards the message to large-language-model and supporting services as needed to fulfill your request. The following sub-processors may receive a portion of your request:

• Anthropic (Claude API): processes the chat conversation. Inputs and outputs are subject to Anthropic's data-processing terms; Anthropic does not use API content to train its models by default.
• Speech-to-text service: when you use voice dictation, the audio is sent to a transcription service and discarded after the transcript is returned.
• Web search (Perplexica + SearXNG): when you ask a question that requires fresh information, your search query (not your full conversation) is sent to a privacy-focused metasearch service.
• Recipe search: queries are sent to a curated list of trusted recipe domains (allrecipes.com, simplyrecipes.com, seriouseats.com, and similar). Imported recipes are saved to your Nextcloud Cookbook.
• Google Calendar / Gmail / Drive: only if you opt in and explicitly authorize each integration via Google's standard OAuth consent screen. The app receives a scoped access token controlled by your Google account.
• Blog publishing: when you ask the assistant to publish a blog post, the assistant sends only a category (e.g., tech, travel, business, food, europe, fun_facts) and any optional source URL or topic you supply to a separate, server-side blog-publishing service operated by Fizzify Inc. That service performs its own research, drafting, and image generation and then publishes the finished article to www.lucabytheway.com via the Ghost Admin API. Your full chat history is not sent to the publishing service.

The assistant is opt-in: the chat tab does nothing until you send a message. You can review and revoke connected Google integrations at any time from your Google account at myaccount.google.com/permissions.

7. Data Sharing

Apart from the sub-processors listed in Section 6, Kayro Cloud does not sell, rent, or share your personal information with third parties. We do not embed advertising SDKs, social SDKs, or analytics SDKs that report user-level data to external companies. Push delivery uses Apple Push Notification service (iOS) and Firebase Cloud Messaging (Android); these services route the notification envelope but, when end-to-end encrypted notifications are configured by the server, cannot read the payload contents.

8. Data Storage and Security

• Communication with your Nextcloud server uses TLS / HTTPS.
• Authentication tokens are stored on-device in iOS Keychain or Android Keystore-backed encrypted storage.
• Locally cached files are stored in the app's private sandbox.
• Optional app-passcode and biometric lock add an additional layer of access control on top of the operating system's protections.
• End-to-end encryption is supported for files placed in an E2EE-enabled folder, using the Nextcloud E2EE protocol; the recovery mnemonic is held only by you.
• WebRTC media is encrypted with SRTP/DTLS as part of the WebRTC standard.

9. Account Deletion

You can delete your account directly from inside the app: go to Settings → Account → Delete Account and confirm. This sends a deletion request to your Nextcloud server, which permanently removes your user, files, calendars, contacts, shares, and revokes any tokens. Locally cached content is also wiped from the device. For step-by-step instructions and the alternate web-based procedure, see Account Deletion.

10. Data Retention

Content stored on your Nextcloud server is retained according to that server's policy, which is controlled by the server operator (you, your employer, or a hosting provider). On the device itself, Kayro Cloud retains:

• Locally cached files: until you remove the file or sign out of the account.
• Authentication tokens: until you sign out, delete the account, or uninstall the app.
• Local databases (sync state, offline queue): wiped on sign-out, account removal, or app uninstall.
• Diagnostic logs: rotated locally; not transmitted unless you explicitly export them for support.

11. Children's Privacy

Kayro Cloud is not directed to children under 13 (16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided personal information through the app, please contact us.

12. International Data Transfers

If your Nextcloud server, or any sub-processor listed in Section 6, is located outside your country of residence, your information may be transferred to and processed in that country. Where required, transfers rely on the European Commission's Standard Contractual Clauses or equivalent safeguards.

13. Your Rights

You have the rights described in the general Fizzify Inc. Privacy Policy, including the rights of access, correction, deletion, portability, opt-out, and withdrawal of consent. To exercise rights affecting content stored on your Nextcloud server, contact your server operator. To exercise rights against Fizzify Inc. as the app publisher, contact us.

14. California & EU/UK Disclosures

The CCPA, CPRA, GDPR, and UK GDPR sections in the Fizzify Inc. Privacy Policy apply to the Kayro Cloud application. We do not sell or share personal information for cross-context behavioral advertising.

15. Changes to This Policy

We may update this app-specific policy when the app's data flows change. The "Last Updated" date at the top of this page reflects the most recent revision. Material changes will be surfaced inside the app on next launch.

16. Contact