Kadre Privacy Policy

Effective date December 31, 2025
Document version 1.0 (First version)
Jurisdiction Worldwide (GDPR, CCPA, LGDP, PIPEDA, APP Compliance)
Classification Legal Binding Agreement

Preamble: Privacy-by-Design Philosophy

This Privacy Policy represents the Controller's commitment to protecting the fundamental right to privacy as recognized by international human rights law, including Article 12 of the Universal Declaration of Human Rights and Article 8 of the European Convention on Human Rights. The Kadre application has been architected from inception using Privacy-by-Design principles as codified in GDPR Article 25, ensuring that data protection is not an afterthought but the foundational pillar of our technical infrastructure.

The Controller recognizes that in the digital age, users entrust applications with access to sensitive personal content, including photographs and media that may contain intimate moments, family members, and private spaces. We have therefore implemented a "Zero-Knowledge Architecture" whereby the Controller maintains no persistent knowledge of user activities, content, or identity. This policy explains in exhaustive detail the limited, ephemeral, and purpose-bound data processing operations that occur within the Kadre ecosystem.

1. Identification of the Data Controller

1.1. Responsible Entity

The data controller responsible for all processing operations conducted through the Kadre mobile application and its associated secure web services infrastructure is The Kadre Development Team/Project Owner (hereinafter collectively and severally referred to as "The Controller", "We", "Us", or "Our").

For purposes of this policy, "processing" shall bear the meaning ascribed to it under GDPR Article 4(2), encompassing any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, erasure, or destruction.

1.2. Contact Information and Correspondence

Users seeking to exercise their data protection rights, lodge complaints, request clarification on this policy, or report security vulnerabilities are directed to establish contact through the following official channels:

  • Primary Email Channel: [Insert Official Support Email Here]
  • Response Time SLA: 72 hours for general inquiries; 24 hours for security incidents.
  • App Store Profile Communication: Via the "Safety & Support" section within the official Google Play Store listing.
    Note: Responses through this channel are subject to Google's messaging system limitations.
  • Postal Address (GDPR Article 13(1)(a) Requirement):
    [Insert Physical Mailing Address if Legally Required in Target Jurisdictions]

All correspondence should clearly reference "Kadre Privacy Inquiry" in the subject line to ensure expedited routing to the appropriate response team. We commit to acknowledging receipt of all communications within 48 hours and providing substantive responses within the timeframes mandated by applicable data protection laws.

1.3. Data Protection Officer Designation

Pursuant to GDPR Article 37(1), the Controller has conducted a necessity assessment and determined that formal designation of a Data Protection Officer (DPO) is not mandatory for the following reasons:

  1. Public Authority Exemption: The Controller is not a public authority or body.
  2. Core Activities Assessment: The core activities of the Controller do not consist of processing operations requiring regular and systematic monitoring of data subjects on a large scale.
  3. Special Categories Exclusion: The Controller does not engage in large-scale processing of special categories of data as defined under GDPR Article 9.

However, recognizing best practices in data governance, the Lead Technical Architect assumes functional responsibility for all privacy-related architecture decisions, security implementations, and compliance oversight. This individual serves as the primary point of contact for supervisory authorities and maintains oversight of:

  • Privacy Impact Assessments (PIAs) for new features.
  • Security incident response protocols.
  • Third-party processor compliance verification.
  • Policy updates and regulatory monitoring.

2. Detailed Inventory of Data Collected

The Controller adheres strictly to the data minimization principle as mandated by GDPR Article 5(1)(c), which requires that personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. This section provides an exhaustive taxonomy of all data elements that may be processed during the lifecycle of application usage.

2.1. Data Provided Directly by the User Through Affirmative Action

2.1.1. Visual Content (Images/Photographs)

  • Data Type: Bitmap raster image data in standard formats including but not limited to JPEG, PNG, WEBP, and HEIC.
  • Collection Mechanism: Data is collected exclusively through the Android System Media Picker, invoked via the standardized Intent.ACTION_GET_CONTENT or Intent.ACTION_PICK Android API calls. This ensures that the application never gains broad access to media storage but only receives the specific file the user explicitly selects.
  • Technical Constraints Implemented:
    1. The application does not request the READ_EXTERNAL_STORAGE permission on Android 13+ devices, relying instead on the scoped storage model introduced in Android 10.
    2. No background scanning or indexing of the user's photo library occurs.
    3. Multi-select functionality is deliberately restricted to prevent inadvertent bulk sharing.
  • Processing Operations:
    1. Client-Side Compression: Initial downsampling if the resolution exceeds 4096x4096 pixels to prevent memory overflow.
    2. Format Standardization: Conversion to WebP format with quality parameter set to 85% for optimal bandwidth efficiency.
    3. Secure Transmission: HTTPS POST to the processing server using TLS 1.3 with certificate pinning.
    4. Server-Side Processing: Frame application, filter rendering, color adjustments as requested by the user.
    5. Immediate Deletion: Permanent erasure from server volatile memory upon completion of processing.
  • Retention Period: Client-side: Until session ends. Server-side: Max 30 seconds (RAM), zero persistent storage.

2.1.2. User Preferences and Configuration Settings

  • Data Type: Boolean flags, integer values, and string constants representing user interface customization choices.
  • Examples:
    • Theme selection (Light Mode, Dark Mode, System Default).
    • Widget visibility toggles.
    • Frame style preferences.
    • Notification preferences.
    • First-run tutorial completion status.
  • Storage Mechanism: Data is persisted locally on the user's device using Android's SharedPreferences API or stored in a structured JSON file (favorites.json) within the application's private directory.
  • Security: These files are protected by Android's application sandbox security model, making them inaccessible to other applications without root privileges or explicit user backup extraction.
  • Retention Period: Indefinite, until the user uninstalls the application or manually clears application data through Android system settings.

2.2. Data Collected Automatically Through Permissions and System Sensors

2.2.1. Music Playback Metadata (Aura Color Adaptation Feature)

  • Permission: `BIND_NOTIFICATION_LISTENER_SERVICE`
  • Data Accessed: Album Art bitmap only.
  • Explicit Exclusions: We categorically do NOT access:
    • Track title or song name.
    • Artist or album metadata.
    • Playback position or duration.
    • Listening history or temporal patterns.
    • Music streaming service identity.
    • Playlist information.
  • Processing Purpose: The album art bitmap is subjected to color extraction algorithms using the androidx.palette library to identify dominant, vibrant, muted, light, and dark color swatches. These color values are then used to dynamically adjust the application's user interface theme to create aesthetic harmony with the user's current audio experience.
  • User Control: This feature is entirely optional and requires explicit user consent during initial setup. Users may revoke the Notification Listener permission at any time.
  • Retention Period: The album art bitmap exists in volatile memory (RAM) for typically less than 500 milliseconds during the color extraction process and is never written to persistent storage.

2.2.2. Network Connectivity Status Verification

  • Data Accessed: TCP/IP connectivity status, DNS resolution.
  • Collection Mechanism: The application performs a lightweight TCP socket connection to Cloudflare's public DNS resolver at IP address 1.1.1.1 (port 53 or 443) to verify active internet connectivity.
  • Purpose and Justification: This verification prevents the application from attempting to upload images or fetch resources when no internet connection is available.
  • Data Minimization: The connectivity check consists solely of establishing and immediately closing a TCP connection. No HTTP request is made, no user-agent string is transmitted, and no payload data is exchanged beyond the TCP handshake.

2.2.3. Device Metadata (Technical Telemetry)

  • Data Collected:
    • Android OS version number.
    • Application version number.
    • Device manufacturer and model (collected only during crash reports).
    • Screen resolution and density.
  • Purpose: Ensuring compatibility, debugging crashes, and optimizing UI layouts.
  • Legal Basis: Legitimate Interest (GDPR Article 6(1)(f)).
  • Non-Identification: This metadata is aggregated and cannot be used to identify individual users.

2.3. Data We STRICTLY DO NOT Collect (Negative Declarations)

Legal Effect: These negative declarations are made under penalty of perjury and serve as binding commitments.
  • Personal Identifiers: No full legal name, emails, phone numbers, physical addresses, social media usernames, or government IDs.
  • Biometric Data: No facial recognition, fingerprints, iris scans, or voice prints.
  • Device Identifiers: No IMEI, MAC address, Google Advertising ID (GAID), Android ID, or Serial numbers.
  • Precise Location Data: No GPS coordinates, cell tower triangulation, or WiFi positioning.
  • Communication Content: No SMS, emails, call logs, or contact lists.
  • Financial Information: No credit cards, bank info, or payment history.
  • Health Information: No medical records or fitness data.
  • Behavioral Analytics: No session tracking, heatmaps, or user interaction recordings.

3. Purpose of Processing and Legal Basis

Under the General Data Protection Regulation (GDPR) and equivalent international frameworks, controllers must identify a lawful basis for each processing operation.

3.1. Core Functionality (Image Editing)

  • Processing Activities: Reception of user-selected image files, application of visual filters/frames, color correction, export of processed images.
  • Purpose Statement: To fulfill the primary contractual obligation of providing image editing services as described in the application's functionality specifications.
  • Legal Basis: Contractual Necessity pursuant to GDPR Article 6(1)(b).
  • Detailed Justification: The processing of image data is strictly necessary for the performance of the implicit contract formed when the user downloads and actively engages with the application.

3.2. Aesthetic Adaptation (Aura Feature)

  • Processing Activities: Access to currently playing music's album artwork, color palette extraction, dynamic adjustment of UI theme.
  • Purpose Statement: To provide an enhanced, personalized user experience by creating visual harmony between the user's current music listening activity and the application's interface design.
  • Legal Basis: Explicit Consent pursuant to GDPR Article 6(1)(a).
  • Consent Characteristics: Freely given, Specific, Informed, and Unambiguous. Users may withdraw consent at any time by revoking the Notification Listener permission.

3.3. Security & Integrity

  • Processing Activities: Verification of uploaded file formats, detection of malformed uploads, network connectivity verification.
  • Purpose Statement: To maintain the security and stability of the application infrastructure and prevent fraudulent usage.
  • Legal Basis: Legitimate Interest pursuant to GDPR Article 6(1)(f).

3.4. Legal Compliance

  • Processing Activities: Compliance with lawful law enforcement requests, preservation of records to satisfy statutory retention requirements.
  • Legal Basis: Legal Obligation pursuant to GDPR Article 6(1)(c).
  • Current Status: As of the effective date, the Controller is not subject to any data retention mandates due to the Zero-Knowledge Architecture.

4. Data Sharing & Third Parties

The Controller operates within a "Walled Garden" ecosystem designed to minimize data sharing. However, modern application infrastructure necessitates engagement with certain technical service providers.

4.1. Data Processors

  • Render Services, Inc. (USA): Cloud hosting provider for the "Nukita" encrypted web processing core.
    • Data Shared: Ephemeral image buffer data, HTTP request metadata.
    • Security: Encryption in Transit (TLS 1.3), Encryption at Rest (AES-256 for temporary caching), Container Isolation.
    • Retention: Maximum 60 seconds during active processing. Zero persistent retention.
  • Cloudflare, Inc. (USA): Domain Name System (DNS) resolution and network connectivity verification.
    • Data Shared: User's IP address (inherent to TCP/IP protocol).
    • Privacy Commitments: Cloudflare operates the 1.1.1.1 DNS resolver under a specific privacy commitment not to sell user data.

4.2. Absence of Marketing SDKs

We DO NOT integrate, utilize, or share data with:

  • Google Marketing Services: AdMob, Analytics, Firebase Analytics, Tag Manager.
  • Meta (Facebook) Services: Facebook SDK, Meta Pixel, Audience Network.
  • Third-Party Attribution: AppsFlyer, Adjust, Mixpanel, Amplitude.
  • Advertising Networks: Unity Ads, IronSource, AppLovin.

Technical Verification: Users may verify these claims through reverse-engineering the APK.

4.3. Government Disclosure

We only disclose user data to government authorities when presented with a valid legal process (subpoena, court order) and when legally compelled. Given our Zero-Knowledge Architecture, we typically possess minimal to no data to disclose.

5. Security Measures & Retention

The Kadre application employs a proprietary security framework designated "Nukita".

5.1. "Nukita" Security Standard

  • Web Core Encryption: The web application core is encrypted using a custom binary encryption algorithm. Decryption occurs in-memory at runtime.
  • JavaScript Obfuscation: All client-side JavaScript undergoes multi-stage obfuscation (name mangling, control flow flattening).
  • Template Encryption: DOM structure is fragmented and reassembled at runtime to defend against scraping.

5.2. Web Environment Hardening

  • WebView Configuration: `LOAD_NO_CACHE` ensures no web content is written to storage. JavaScript execution is isolated.
  • File Access: File system access and cross-origin requests are blocked.
  • Sensors: Camera, microphone, and geolocation permissions are automatically denied.
  • Memory Security: Image buffers are overwritten with random data before release. `FLAG_SECURE` prevents screenshots during sensitive operations.

5.3. Data Retention Policies

  • Volatile Memory (RAM): Image buffers retained for 2-30 seconds. Album art for < 500ms.
  • Server-Side: Zero persistent retention. Ephemeral containers destroyed immediately. Logs are anonymized and purged every 7 days.
  • Client-Side: Preferences stored indefinitely until uninstall or manual clear. Exported images are under user control.
  • Backup: No backups of user content are maintained.

6. User Rights (Data Sovereignty)

The Controller extends comprehensive rights to all users globally:

  • Right to Access: Confirm processing and access data. Given the Zero-Knowledge Architecture, response will typically confirm no user profile exists.
  • Right to Rectification: Modify local preferences directly in the app.
  • Right to Erasure: Uninstall the app to permanently destroy all local data. Server data is auto-deleted.
  • Right to Data Portability: Access `favorites.json` locally. Exported images are standard JPEG/PNG.
  • Right to Restriction: Revoke permissions (e.g., Notification Access) or stop using specific features.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Revoke Notification Listener permission at any time.
  • Automated Decision-Making: We do not engage in profiling or automated decision-making.

7. Children's Privacy

The Controller is committed to compliance with COPPA, GDPR-K, and global standards.

  • Age Restrictions: Kadre is a general utility tool. We do not implement age gates as we do not collect personal data.
  • COPPA (Under 13): We do not collect personal information (name, email, location, etc.) from children.
  • GDPR-K (Under 16): No information society services requiring consent are offered.
  • Parental Controls: Parents can use device-level controls (Family Link) to manage access and permissions.

8. International Data Transfers

Data flows to infrastructure in the United States (Render/Cloudflare).

  • Transfer Mechanisms: We rely on Standard Contractual Clauses (SCCs) for transfers to the USA.
  • Transfer Impact Assessment: Assessed as "Low Risk" due to ephemeral processing (30-60 seconds), encryption in transit, and data minimization.
  • Transparency: User Device -> Render Servers (USA) for image processing. User Device -> Cloudflare DNS (Global) for connectivity.

9. Data Breach Notification

  • Definition: Accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of personal data.
  • Notification: We will notify supervisory authorities within 72 hours and affected individuals without undue delay if there is a high risk to rights and freedoms.
  • Risk Assessment: The likelihood of a material breach is extremely low because no persistent user accounts or credentials exist to be compromised.

10. Accessibility

This policy is designed to be accessible in accordance with WCAG 2.1 Level AA standards, featuring high-contrast text and logical heading structures. Alternative formats are available upon request.

11. Dispute Resolution

Informal Resolution: We encourage users to contact us directly to resolve concerns. We commit to investigating and responding within 30 days.

Governing Law: This policy is governed by the laws of the applicable jurisdiction (e.g., GDPR for EU users, CCPA for California users).

12. Contact Information

General Inquiries: [Insert Official Support Email]
Response Time: 72 hours for general inquiries; 24 hours for security incidents.
App Store: "Safety & Support" section in Google Play.
Security Reports: [Insert dedicated security email]

13. Conclusion and Controller's Commitment

The Kadre application represents a commitment to a new paradigm of privacy-respecting design where user privacy is the foundational architectural principle.

Core Commitments:

  • We will never sell your data to third parties.
  • We will never use your data for advertising or behavioral profiling.
  • We will never retain your data longer than necessary for immediate processing.

By using Kadre, you act with full knowledge of your digital rights.