KYKLOS
FR EN

Privacy Policy

Last updated: 01/24/2026

This policy explains how KYKLOS collects, uses, and protects your personal information in accordance with the General Data Protection Regulation (GDPR) and applicable French legislation.

1) Data Controller

The data controller for your personal data is:

  • KYKLOS (sole proprietor — BOYER LOUIS FREDERIC BERNARD)
  • SIREN: 995 313 152
  • SIRET: 995 313 152 00010
  • Address: 60 Rue François Ier, 75008 Paris, France
  • Email: contact@kyklos.app
  • For any questions regarding the protection of your data, you can contact us via the Contact page.

2) Data Collected

We collect the following data:

  • Account data: first name, last name, email, age (if provided), profile photo (if provided), unique identifier (Firebase UID).
  • Authentication data: information from your Google or Apple account (if you log in via these services).
  • Activities: content you publish (title, description, emoji, date, participants, location, price, category).
  • Location: GPS coordinates if you authorize access, to display activities around you and enable the creation of geolocated activities.
  • Messages: messages sent in activity chats, participant identifiers in conversations.
  • Moderation: reports/reviews for community safety, moderation history.
  • Payment and subscription data: information related to your Premium subscriptions (managed by RevenueCat, Apple App Store and Google Play Store). We do not store your credit card information (this is handled by the stores).
  • Technical data: device identifiers, IP address (temporarily), push notification tokens, usage logs (for support).
  • Analytics data: aggregated usage data via Firebase Analytics (according to our configuration).
  • Advertising data: advertising identifiers (used by AdMob to display non-personalized ads).

3) Legal Basis and Purposes of Processing

We process your personal data on the following legal bases:

  • Performance of a contract: to provide app features (creating/joining activities, chat, notifications, subscriptions).
  • Consent: for location access and push notifications.
  • Legitimate interest: to improve user experience, security (fighting spam, abuse, inappropriate content), customer support and problem resolution.
  • Legal obligation: to retain certain data necessary for moderation and compliance with legal obligations (notably regarding reports).

4) Data Usage

  • Provide app features (creating/joining activities, chat, notifications, geolocation).
  • Manage your Premium subscriptions via RevenueCat and stores (Apple/Google).
  • Display non-personalized ads via Google AdMob.
  • Improve experience and security (fighting spam, abuse, inappropriate content, moderation).
  • Analyze app usage via Firebase Analytics (aggregated and anonymized data).
  • Support and problem resolution.
  • Comply with our legal and regulatory obligations.

5) Data Sharing and Processors

KYKLOS does not sell your data to third parties. We share certain data with the following services (processors):

  • Google Firebase: data hosting (Firestore), authentication (Firebase Auth), file storage (Firebase Storage), analytics (Firebase Analytics). Data may be processed outside the EU (including in the United States).
  • RevenueCat: subscription and payment management. Data may be processed outside the EU (including in the United States).
  • Apple App Store / Google Play Store: payment and subscription processing (transaction information only).
  • Google AdMob: ads display (configured to be non-personalized). Data may be processed outside the EU (including in the United States). You can reset your advertising identifier in your device settings.
  • Google Maps Platform: map display and mapping services (if you use the map). Data may be processed outside the EU (including in the United States).
  • Other users: certain information is visible to other users according to features (e.g., public profile, participation in an activity, messages in an activity chat).

All our processors are subject to strict contractual obligations regarding data protection.

6) Data Transfers Outside the EU

Some of your data may be transferred and stored outside the European Union (notably in the United States) by our processors (Firebase, RevenueCat, AdMob). These transfers are governed by:

  • Standard Contractual Clauses (SCC) adopted by the European Commission, where applicable.
  • Where relevant, some providers’ participation in recognized frameworks (e.g., EU–US Data Privacy Framework / “DPF”).
  • Additional technical and organizational measures (e.g., encryption, access controls) depending on the services.

You can obtain more information about the safeguards in place by contacting us.

7) Data Retention Period

  • Account data: retained while your account is active, then for 3 years after account deletion (for legal and security reasons).
  • Activities: retained until deletion by you or by moderation, then archived for 1 year.
  • Messages: retained until deletion of the associated activity, then deleted.
  • Moderation data: retained for 5 years to comply with our legal obligations.
  • Payment data: retained in accordance with legal and tax obligations (10 years in France).
  • Technical logs: retained for a maximum of 1 year.

8) Your Rights (GDPR)

In accordance with GDPR, you have the following rights:

  • Right of access: obtain a copy of your personal data that we hold.
  • Right to rectification: correct your inaccurate or incomplete data (you can modify your profile in the app).
  • Right to erasure: request deletion of your data (you can delete your account in the app settings).
  • Right to data portability: retrieve your data in a structured format.
  • Right to object: object to the processing of your data for legitimate reasons.
  • Right to restriction: request limitation of processing in certain cases.
  • Right to withdraw consent: at any time for processing based on consent (location, notifications).

To exercise these rights, contact us via Contact specifying your request. We will respond within a maximum of one month.

You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés): www.cnil.fr or by mail: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France.

9) Cookies and Similar Technologies

Our application uses the following technologies:

  • Firebase Analytics: cookies and similar technologies to analyze app usage (aggregated and anonymized data).
  • Device identifiers: for push notifications and personalization.
  • Advertising identifiers: for AdMob (you can reset them in your device settings).

You can disable cookies and advertising identifiers in your device settings, but this may limit certain app features.

10) Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption of data in transit (HTTPS) and at rest.
  • Secure authentication via Firebase Auth.
  • Firestore security rules to limit data access.
  • Storage on cloud infrastructure (e.g., Google Cloud) with appropriate security measures.
  • Limited access to personal data to authorized persons only.

However, no system is completely secure. In the event of a data breach that may affect your rights, we will inform you as soon as possible and, if necessary, notify the CNIL.

11) Your Choices and Settings

  • Location: you can refuse location access in your device settings (some features will be limited).
  • Push notifications: you can disable them in the app or device settings.
  • Ads: we display non-personalized ads. You can reset your advertising identifier in your device settings (iOS: Settings > Privacy > Apple Advertising; Android: Settings > Google > Ads).
  • Profile: you can modify your profile at any time in the app.
  • Account deletion: you can request account deletion in the app settings (Account section).

12) Children's Data

KYKLOS is not intended for minors under 16 years of age. Access is reserved for ages 16+ and age checks are applied to limit access by minors under 16.

Child safety standards:

  • Strict separation of minors/adults: no contact is allowed between minors and adults.
  • Reporting: an in-app reporting tool for inappropriate content or behavior.
  • Active moderation: reports are reviewed and action is taken quickly.
  • Removal: content or accounts that violate our rules are removed.
  • Safety contact: contact@kyklos.app (subject: Child Safety).

If we learn that a minor under 16 has provided us with personal data, we will delete this information as soon as possible. If you are aware of such a case, please contact us.

13) Changes to This Policy

We may modify this privacy policy. The date of the last update is indicated at the top of this page. In case of substantial changes, we will inform you via the app or by email. We encourage you to regularly consult this page.

14) Contact

For any questions regarding this privacy policy or your personal data:

This document is provided for informational purposes and may evolve with KYKLOS.