The short version: your focuses and cards live encrypted on your devices — never on our servers. We don't read them, sell them, or mine them, and there is no advertising model here to feed. We keep the minimum needed to run your account, plus one encryption key held only so you can recover that account — and this policy is the complete list.
On your phone, in an encrypted database — and, if you keep backups on (recommended), as an encrypted file in your own Google Drive, uploaded directly from your device. We are never in that path and keep no copy. On Kythli Family, changes travel between your household's devices through our relay as sealed, encrypted payloads that are deleted once delivered. Routine operation never involves anyone at Kythli decrypting your content.
Two different things can go wrong, and they have two different owners. Your account is ours to help with: prove it's you (password + second factor) and we release your key so a new phone can pick up where the old one left off. Your data is yours to own: it lives on your devices and in your own backup — we never had a copy to give back. That's the honest trade: we say we don't touch your data, not we can't, and we hold exactly one key, for exactly one purpose, behind a lock only you can open.
A short list, each seeing only what its job requires — none can read your family's content: Supabase (accounts and sign-in), Google Cloud (our infrastructure: the sync relay and the hardened key store), Stripe (payments), Resend (service email like verification codes), and Google Play (app distribution). Your Drive backup uses your Google account, under Google's terms with you.
Kythli is built for households. Accounts are created by adults; children participate only as household members invited and managed by the account's adults, with what they can see controlled by role. We build no profiles of anyone — children included.
kythli.com uses no analytics, no advertising cookies, and no trackers. It is served by Cloudflare, which produces standard operational logs.
If a security incident affects your information, we will notify you promptly and plainly — what happened, what it touched, and what we're doing about it.
If this policy changes in a way that matters, we'll say so plainly on this page and, for significant changes, by email — never by silently editing.