Start free

Privacy Policy

Effective date: May 1, 2026. This Privacy Policy explains what data Karvyx collects, how it is used, where it is stored, and what rights users have.

1) Data Controller and Contact

karcoin.app is operated by the Karvyx team. For privacy inquiries, requests, and notices, contact: hello@karcoin.app.

If GDPR applies to you, Karvyx acts as a data controller for parent account data and as a controller for data processed to provide family app functionality.

2) Categories of Data We Collect

  • Children's Data: we collect only a child profile Name or Nickname.
  • Children's Data we do NOT collect: geolocation, photos, contact lists, phone numbers, and direct contact details of children.
  • Optional Child Avatar: a parent may upload a profile avatar image for child profile personalization.
  • Parents' Data: Name and Email address for account setup, authentication, account management, and service notifications.
  • Technical and Usage Data: basic device/browser logs and cookie-related usage information needed for security, performance, and analytics.
  • Analytics tooling: we use Google Tag Manager (GTM) as a container to deploy and manage measurement tags (such as Google Analytics / advertising tags, depending on configuration). Tags loaded through GTM may process technical event data and identifiers as configured in our tag setup.
  • Registration attribution and security signals: when you create an account, we may store the full landing URL you arrived from (including campaign parameters such as UTM), your browser User-Agent string, and related technical metadata needed for analytics attribution and abuse prevention.
  • Pseudonymous analytics identifiers: where helpful for analytics quality, we may send a one-way hashed identifier derived from your account id (not the raw id) to measurement tools via GTM to reduce duplication across sessions/devices.

3) Purposes and Legal Basis

  • To provide and maintain the service, including authentication, family profile management, and transaction history.
  • To ensure platform security, prevent abuse, and maintain service reliability.
  • To send essential operational notifications related to account and service status.
  • To measure product usage and marketing effectiveness, attribute sign-ups to campaigns, and improve service quality using analytics tools deployed via Google Tag Manager.
  • GDPR legal bases may include: performance of a contract, legitimate interests (service security and reliability), legal obligation, and consent where specifically requested.

4) Data Storage and Security

Data is stored in secure cloud infrastructure, including Supabase-managed database and object storage services. We apply technical and organizational safeguards, including encryption in transit, encryption at rest by infrastructure providers, and access controls.

Child avatar files are stored in protected storage paths. Access is provided via time-limited signed URLs, which helps prevent unrestricted public access.

We may use vetted infrastructure providers (processors/sub-processors) strictly for hosting, storage, and service operations under contractual confidentiality and data protection obligations.

Where data is transferred internationally, we apply appropriate safeguards (such as contractual protections) required by applicable data protection law.

5) Retention and Deletion

We keep personal data for as long as needed to provide the service and comply with legal obligations. Parents can request deletion of family data at any time by contacting hello@karcoin.app.

When deletion is requested, we delete or anonymize data unless retention is required by law, fraud prevention, security, or unresolved legal claims.

6) Cookies and Usage Data

We use cookies and similar technologies for session handling, security, basic analytics, and (where applicable) storing your cookie-banner preference. We deploy Google Tag Manager to manage analytics/marketing tags; those tags may set or read cookies depending on tag configuration and your browser settings.

We may use browser storage (such as sessionStorage) for short-lived technical purposes like preserving campaign attribution parameters during navigation within the same browsing session.

You may manage cookies in your browser settings, though disabling some cookies can affect app functionality.

7) User Rights

  • You may request access to your personal data and a copy of that data.
  • You may request correction, deletion, restriction of processing, or object to processing in cases provided by law.
  • Where processing is based on consent, you may withdraw consent at any time without affecting prior lawful processing.
  • If GDPR applies, you may also have the right to data portability and to complain to your local supervisory authority.

8) Children's Privacy

Karvyx is designed for family use under parent control. Child profiles are created and managed by a parent account. We intentionally limit child data and do not collect child geolocation, contact lists, or direct child contact details.

9) Policy Updates

We may update this Privacy Policy from time to time. The latest version is always available on this page with the effective date.

For privacy requests and legal notices, contact: hello@karcoin.app