Privacy
Treated like therapy notes.
KAIZEN is operated by Manas Marketing Services LLC ("we", "us", "our"). KAIZEN is a manifestation, affirmation, and journaling app for iOS and Android. We hold a lot of sensitive material per user — voice, story, blockers, journals — and this policy is how we promise to treat it. The shorter never-list lives at What we'll never do. This Privacy Policy is a binding statement of our practices. We may amend it; we'll email account holders before any change that materially affects how we collect or use data.
Applies to the KAIZEN app and getkaizen.app. Contact: privacy@getkaizen.app.
Last updated: 2026-07-04.
Our four principles
- Consent is explicit, granular, and revocable. Never one big "agree to everything."
- Delete means delete. Including at third-party providers (voice clones, LLM caches).
- Anonymity by default in social. You choose to deanonymise; never the other way around.
- We never replace a professional. KAIZEN is not therapy, medicine, or legal counsel.
What we collect
- Account. Your email address (required) and the handle (nickname) you choose during onboarding.
- Age check. Your declared age, from which we keep only your year of birth, collected once to confirm you're 16 or older. This is a declared age check, not identity verification. We don't display it in the app and it is deleted with your account.
- Your story and goals. What you wrote or recorded during onboarding to describe where you are, where you're going, your blockers, and your needs.
- Profile details you choose to share. Onboarding and Settings let you optionally share things like pronouns, city, work, relationship status, sexuality, and family details (e.g. your kids' names). Some of these are sensitive categories of data; sharing them is always optional, they feed only your private dossier (to personalise what we write for you), and they are never shown to other users or used for advertising.
- Journal entries. Everything you write or record inside the daily journal (text and voice).
- Voice recordings. Only with your explicit consent (the voice toggle ON). Used to build a private voice model for your future-self messages. You can revoke at any time; we stop using the model immediately and trigger deletion at our voice provider (Cartesia or ElevenLabs, whichever holds your model), completed within about 24 hours. See Your voice below.
- Device + diagnostic data. App version, OS version, crash reports (via Sentry), and anonymised product analytics (via PostHog) so we know which screens are broken. No precise location (we derive an approximate city-level region from your connection's network headers only), no contacts, no advertising identifiers.
- Subscription data. Your subscription and receipt status from the Apple App Store or Google Play (via RevenueCat). We never see or store your card or payment account number — the app stores handle payment directly.
What we use it for
- Generating your daily affirmation, daily story, and future-self message — all written for you, from your own dossier.
- Surfacing anonymous community spaces where other users are working through similar themes.
- Grounding affirmations in anonymised success-story moments from other users walking a similar path (never identifying details, never your own data leaving your dossier).
- Keeping the product working: crash diagnostics, performance, billing.
We do not sell data, do not train third-party models on your data, do not show advertising, and do not share your content with other users.
Who processes your data (subprocessors)
We use a small set of vetted service providers to run KAIZEN. Each only receives the data it needs to do its job, under contract, and none of them may sell your data or use it to train their own or third-party models on your content.
- Cloudflare — application servers (Workers), object storage for audio and media (R2, app-layer AES-256-GCM encrypted per user), background queues, transcription of your voice recordings (Whisper, running on Cloudflare Workers AI), and some of the AI text generation that writes your affirmations, stories, and future-self message text (Cloudflare Workers AI). Prompts are sent without your name; inputs are not used to train these models.
- OpenAI — AI text generation for some of your content (for example your daily story and future-self message text) may be produced by OpenAI models via their API. Prompts are sent without your name; OpenAI does not train its models on data submitted through its API, and is contractually barred from doing so. We may also route text generation through other LLM providers (such as OpenRouter) under the same no-training terms; the current provider for each content type is configurable and always subject to these conditions.
- Neon — the primary database (Postgres).
- Upstash — cache (Redis).
- Cartesia & ElevenLabs — voice synthesis. If you opt in to voice, your private voice model is held at one of these providers under an external ID; both support confirmed deletion on request (see Your voice). Library (non-cloned) narration voices are also synthesised here.
- RevenueCat — subscription receipt validation and entitlement state.
- Apple App Store & Google Play — payment processing for subscriptions, and sign-in if you use Sign in with Apple or Google Sign-In (we receive your verified email and a provider account identifier, nothing else).
- Brevo — transactional email (sign-in codes and account emails).
- Expo — push notification delivery.
- Sentry — crash reporting (configured to scrub PII).
- PostHog — anonymised product analytics (configured to scrub PII; identified only by an internal account ID, never by email or content).
We keep an up-to-date list and will notify account holders before adding a subprocessor that materially changes how sensitive data is handled. In transit: TLS everywhere. At rest: encryption provided by each vendor; voice and journal audio additionally encrypted at the application layer with a per-user key.
Your voice (biometric data)
Your voice recordings, and the private voice model we build from them, may be "biometric identifiers" or "biometric information" under laws such as the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act, and Washington's biometric and consumer-health laws. This section is our written, publicly available policy for that data. We treat it with extra care, and we only ever process it with your explicit, opt-in consent.
- Written consent first, always. We never collect voice data for cloning without first telling you, in the app, that a voice model will be created, why, and for how long we keep it — and obtaining your explicit written (electronic) consent through a deliberate action. Declining is a first-class path: with the voice toggle OFF, your future-self messages are read in a warm voice from our library instead, and the text is identical.
- Single, narrow purpose. The model is used only to read your own future-self messages back to you in your own voice. Nothing else. Only your own voice can ever be cloned — never anyone else's.
- Never sold, never traded. We do not — and will not — sell, lease, trade, or otherwise profit from your voice recordings or voice model. It is never shared with other users, never disclosed to anyone except the processors above (and then only to provide the feature to you, or as required by law), and never used to train shared or third-party models. No celebrity or third-party voice cloning, ever.
- Provider. The model is held at Cartesia or ElevenLabs under an external ID; we don't store the model itself in our own storage. Raw recordings live encrypted in our storage.
- Retention schedule & destruction. We keep your voice recordings and voice model only while your voice consent is on and your account exists. They are permanently destroyed: (a) within about 24 hours at the voice provider when you revoke consent; (b) within 30 days of account deletion; and (c) in any event no later than 3 years after your last interaction with KAIZEN — whichever comes first.
- Revocable any time. Turn the toggle off in Settings and we stop using the model immediately and trigger deletion at the voice provider, confirmed within about 24 hours. Every consent change is written to an audit log.
- Provenance. We are deploying an inaudible watermark on generated audio so KAIZEN-made, AI-generated audio can be identified — a safeguard against deepfakes and misuse. Generated future-self audio is synthetic: it is not a recording of a real person.
Anonymity in community
- Every group post and 1:1 message defaults to anonymous.
- Your real name is never exposed in social, ever.
- Location precision is capped at city.
- No photos in groups by default — likely never.
- 1:1 DMs require mutual opt-in.
Sensitive content
KAIZEN routes sensitive content (self-harm, abuse, substance use, eating concerns) to in-app resource screens with jurisdiction-aware hotlines. We suppress AI generation that could harm rather than help. We do not alert humans on private-journal sensitive content — you wrote it for yourself.
Your rights
- Export. Settings → Export downloads a JSON of your dossier and a zip of your audio.
- Delete. Settings → Privacy → Delete account (or email us). Deletion is scheduled immediately, with a 30-day grace window in which signing back in cancels it; after that, all data is permanently purged within 30 days, including at third-party providers. Voice model + voice audio deletion is triggered at the voice provider (Cartesia or ElevenLabs) and confirmed within about 24 hours. Full steps and timeline: Delete your account.
- Correct. You can edit any answer captured during onboarding.
- Restrict. Toggle off voice cloning, push notifications, or community participation at any time.
- Object. Email us at privacy@getkaizen.app and we'll act within 30 days.
- Complain. EU/UK users can lodge a complaint with their local data protection authority.
US state privacy rights (California and similar states). If you live in California or another US state with a consumer privacy law, you have the right to know, access, correct, delete, and port your personal information, and to opt out of its sale or sharing. We do not sell or share personal information as those terms are defined by the CCPA/CPRA, we do not use sensitive personal information for anything beyond providing the service you asked for, and we will never discriminate against you for exercising a privacy right. Exercise any of these rights in-app (Settings → Privacy) or by emailing privacy@getkaizen.app — including through an authorised agent. We verify requests against the email on the account and respond within the timeline the applicable law requires (45 days under the CCPA, extendable once).
Retention
Account active: as long as you keep the account. Account deleted: full data wipe within 30 days, including at third-party providers. Voice recordings and voice models follow the stricter biometric schedule above: destroyed on consent revocation (~24 hours at the provider), on account deletion (within 30 days), or 3 years after your last interaction with the app — whichever comes first. Crash diagnostics (with no user ID): retained 90 days. Aggregated, non-identifying product metrics: retained indefinitely.
Children
KAIZEN is built for people 16 and older. We ask your age once, for the age check (keeping only your year of birth); we don't display it in the app and it's deleted with your account. We do not knowingly collect personal information from anyone under 16. If we learn that an account belongs to someone under 16, we will disable the account and delete its data promptly. If you believe a user is under 16, email privacy@getkaizen.app.
Contact
Privacy questions, data requests, and complaints: privacy@getkaizen.app.
International transfers
KAIZEN is operated from, and stores data in, the United States at launch. If you sign up from the EU, UK, or another region, you acknowledge that your data is processed in the US under appropriate safeguards; an EU GDPR data-processing addendum is available on request from privacy@getkaizen.app.
Legal basis & how we share
We process your data to provide the service you asked for (performance of our agreement with you), on the basis of your explicit consent for voice and other optional features, and for our legitimate interest in keeping the product working and safe. We do not sell personal data and do not share your content for advertising. We may disclose data if required by law or to protect users, and we may transfer it as part of a merger or acquisition (you'll be notified).
This policy reflects how KAIZEN actually handles your data and is the binding statement of our practices. See also our Terms of Service, EULA, Delete your account, and FAQ.