Koda

Privacy Policy

Last updated: May 11, 2026

Koda is built around one principle: the data Koda sees about your life stays under your control. This policy explains what we collect, where it goes, and what stays on your device.

What stays on your device

Most of what Koda reads about you never leaves your iPhone. The following data is stored only in Koda's on-device database (in your app sandbox) and is never transmitted to Koda's backend servers:

  • Calendar and reminders. Koda reads your events and open reminders from EventKit. Cached locally so the Today view and brief can reference your schedule without needing the network.
  • Apple Health data. Sleep duration, step counts, active calories, resting heart rate, HRV, and per-workout records. Per-workout records include activity type (run, ride, walk, swim, strength, yoga, HIIT), start and end times, duration, distance (when applicable), average pace (when applicable), and average heart rate (when a heart-rate sensor was paired). Read from HealthKit on your device. Raw HealthKit samples (every individual heart-rate reading, every step sample, every minute of HRV trace) are never sent off-device. Only the daily aggregates and the per-workout summary fields listed above are eligible for transmission to the AI, and only when Health AI access is on.
  • Contacts. Names and birthdays only, used to power the Upcoming Birthdays card and birthday-aware brief content. Phone numbers, email addresses, and physical addresses are never stored. When you tap a birthday to call or text someone, Koda reads the phone number from your Contacts at tap time and does not persist it.
  • Location patterns. Off by default. When you turn on "Detect location patterns" in Settings, places you visit are logged to your local database, coarsened to roughly 100 meters via Apple's CLVisit API. Visit data is never transmitted anywhere.
  • Chat history and category overrides. Every chat message and any category overrides you set on transactions live in a SQLite file on your device. Memo content has no path to our servers. There's no column for it in our backend schema.
  • About Me notes. Free-text notes you maintain in Settings → About you. Stored locally; included in chat and brief prompts only when the About Me AI-access toggle is on.

What goes off-device

A subset of what Koda processes flows to external services. Each is named individually below with what's shared and why.

Anthropic (Claude)

When you use chat or generate a daily or weekly brief, Koda's backend sends your message plus a summary of relevant data from the categories you've enabled in AI access settings to Anthropic's API. Anthropic does not train on data submitted through their API and retains it for no more than 30 days for abuse-prevention purposes. Which categories are sent is controlled by the per-domain toggles in Settings → AI access to your data. Health is off by default.

Plaid

When you connect a bank, Plaid handles the credential entry inside their own SDK, so your bank username and password never reach us. Plaid then sends your transaction history and account balances to our backend, which mirrors them so Koda can show you a unified view across accounts.

Koda backend (Supabase)

Stores your account email (from Sign in with Apple, including private-relay addresses), subscription state, connected bank metadata, transactions, account balances, AI access toggle preferences, About Me text, chat history, and generated briefs. Per-user row-level security means only your authenticated session can read your own data. Used to sync state across reinstalls and to enforce free or Premium quotas.

Apple WeatherKit

When fetching the forecast for your daily brief, your approximate location is sent to Apple WeatherKit. Apple's WeatherKit privacy policy applies.

Apple Sign in with Apple

Authentication is handled by Apple. We receive the email address you choose to share (which may be Apple's private-relay address) and a stable user identifier. We never see your Apple ID password.

Apple App Store / StoreKit

Subscription purchases are processed by Apple. We see the resulting entitlement state (Premium or Free) but never your payment method, billing address, or any other Apple-account details.

What we don't do

We do not use ad networks. We do not embed third-party analytics SDKs. We do not run trackers. We do not sell your data. We do not share your data with any party not listed above. We do not allow Anthropic to train on data submitted through their API.

Koda does not send remote push notifications. There is no APNs (Apple Push Notification Service) integration and no server-initiated alerts. All Koda notifications are generated locally on your device. See the Notifications section below.

Notifications

Koda can send notifications to keep you informed about your day, your money, and a few life events that are easy to miss. Every notification type is off by default and independently controllable. Turning one on doesn't turn on the others.

What notifications Koda can send:

  • Daily brief is ready, at the time of day you choose
  • Weekly recap is ready, Sunday evening
  • Heads-up the day before a birthday, at 9 AM the day before a contact's birthday
  • Bank needs reconnection, when a linked bank connection requires you to re-authenticate

Local-only. All Koda notifications are generated on your device. We do not run a push-notification server, and Koda does not register for Apple Push Notification Service. Nothing about which notifications you receive, when you receive them, or whether you tapped them is ever transmitted to our servers.

Permission timing. iOS asks for notification permission only when you toggle your first Koda notification on. It does not ask at app launch or during onboarding. If you don't enable any notifications, the system permission prompt never appears.

How to change it later. Open Koda → Settings → Notifications to turn individual notification types on or off at any time. You can also revoke Koda's notification permission entirely in iOS Settings → Notifications → Koda.

How we use your data

Every category of data Koda processes is used exclusively for app functionality, meaning making the product work for you. We do not use any of it for advertising, marketing analytics, third-party analytics, or any purpose beyond delivering the features described above.

Concretely:

  • Calendar and reminders power your Today view, your brief, and chat answers about your schedule.
  • Health and workout data, when AI access is enabled, lets briefs and chat connect rest, movement, and effort to what's on your day.
  • Bank data powers the Money tab and money-aware sections of your brief.
  • Contacts and birthdays power the Upcoming Birthdays card and birthday-aware brief content.
  • Location (coarse) powers weather in your daily brief and, with the toggle on, gives the AI awareness of your current city.
  • Chat history and briefs are stored so you can scroll back, and so the AI has continuity within a conversation.

AI access controls

In Settings → AI access to your data, you'll find independent toggles for each data category: Calendar & reminders, Finances, Health, Contacts, Location patterns, and About-me notes.

When a toggle is on, data from that category is included in the prompt body of AI requests made on your behalf. When a toggle is off, that category is excluded from AI requests entirely, and Koda's chat and briefs simply won't reference it.

Health is off by default. About-me notes can stay saved locally on your device while excluded from AI calls. The toggle controls inclusion in prompts, not storage.

Data retention

Data stored locally on your device persists until you delete the app or delete your account from within the app. We don't expire on-device data on any schedule.

Data stored on our backend (the categories listed under "Koda backend" above) persists until you delete your account, at which point it is permanently removed within 30 days of the deletion request, including any backup snapshots.

Anthropic retains data submitted to their API for no more than 30 days for abuse-prevention purposes, after which it is automatically deleted on their side. They do not train on this data.

Plaid retains your transaction and account data according to their own retention policies, which you can review at plaid.com/legal.

Account deletion

In Koda → Settings → Account → Delete Account, one tap permanently:

  • Removes your account row and all associated records from our backend
  • Disconnects any Plaid item via Plaid's /item/remove endpoint, severing our access to your bank data
  • Clears the local Koda database on your device
  • Cancels your in-progress session

Subscription cancellation is handled separately by Apple. Your subscription will continue (and renew) until you cancel it in iOS Settings → Apple ID → Subscriptions, regardless of whether you've deleted your Koda account.

Children's privacy

Koda is not directed at children under 13 and we do not knowingly collect data from children under 13. If you believe a child has provided data to Koda, please contact us at support@hellokoda.app and we will delete the account.

Changes to this policy

If we change this policy in a way that materially affects what we collect or how it's used, we'll update the "Last updated" date at the top of this page and provide a clear in-app notice the next time you open Koda. Changes that are clarifications, formatting fixes, or expansions of "what we don't do" will not trigger an in-app notice but will be reflected in the date above.

Contact

Questions, requests, or concerns about your data: support@hellokoda.app. We typically reply within one business day.