Less data, held briefly, never traded.
kishi processes two unusually sensitive things — faces and, optionally, health-adjacent comfort signals. That obliges us to GDPR’s strictest reading, by design rather than by checkbox. The plain-language version:
What we collect
Your onboarding answers; optional selfies; optional comfort signals; the generated kit. No contacts, no location tracking, no ad identifiers.
Faces
Processed only with explicit, separate consent, for styling analysis and renders. Stored encrypted, isolated from other data, EU region. Auto-deleted no later than 30 days after generation — sooner if you delete them. Never used to train models. Identity embeddings are treated as biometric data with the same lifecycle.
Health signals
Optional chips like “gut comfort matters”. They tune fit, fabrics and date formats — nothing else. Consent-gated, minimized, never shared, never echoed verbatim into your kit.
Where it lives
EU-region infrastructure (hosting, database, storage). Processors — hosting, inference, payments, email — are listed below and bound by DPAs.
Your rights
Export your kit and data as JSON + PDF anytime; delete everything with one action (cascade: photos, kit, intake). Accounts soft-delete immediately and hard-purge within 30 days.
Analytics
Cookie-less, aggregate page analytics only. No third-party ad trackers, no pixels, no data sales — ever.
Processors
Vercel (hosting) · Neon (database) · fal.ai (image inference) · Anthropic (text generation) · Stripe (payments) · Resend (email). EU pinning where the processor offers it.
This build
The current demo build is keyless: photos never leave your browser, no payment is taken, kits live in an ephemeral store. The lifecycle above is the production design that ships with launch (PLAN.md Phase 4).
questions or deletion requests: privacy@kishi.lol · this page will carry the full legal text (DE/EN) before paid launch