Kadre Privacy Policy

Preamble: Privacy-by-Design Philosophy

This Privacy Policy represents our commitment to protecting the fundamental right to privacy as recognized by international human rights law, including Article 12 of the Universal Declaration of Human Rights and Article 8 of the European Convention on Human Rights. The Kadre application has been architected from inception using Privacy-by-Design principles as codified in GDPR Article 25, ensuring that data protection is not an afterthought but the foundational pillar of our technical infrastructure.

We recognize that in the digital age, users entrust applications with access to sensitive personal content, including photographs and media that may contain intimate moments, family members, and private spaces. We have therefore implemented a "Zero-Knowledge Architecture" whereby we maintain no persistent knowledge of user activities, content, or identity. This policy explains in exhaustive detail the limited, ephemeral, and purpose-bound data processing operations that occur within the Kadre ecosystem.

1. IDENTIFICATION OF THE DATA CONTROLLER

1.1. Responsible Entity

The data controller—the entity responsible for how your data is handled when you use Kadre—is The Kadre Development Team/Project Owner (referred to throughout this document as "We", "Us", or "Our").

What "processing" means: Under data protection law (specifically GDPR Article 4(2)), "processing" includes any action taken with personal data, whether automated or manual. This includes collecting, recording, organizing, storing, adapting, retrieving, using, disclosing, erasing, or destroying data.

1.2. Contact Information and Correspondence

If you want to exercise your privacy rights, ask questions about this policy, or raise concerns, you can reach us at:

• Primary Email: victorigorrubiodominguez@gmail.com
• Response Time: We aim to respond as soon as possible.
• Subject Line: Please use "Kadre Privacy Inquiry" to ensure your message reaches the right person quickly

We will acknowledge receipt of your message within 48 hours and provide a complete response within the timeframes required by applicable data protection laws (typically 30 days under GDPR).

1.3. Data Protection Officer Designation

Under GDPR Article 37(1), we've assessed whether we need to appoint a formal Data Protection Officer (DPO). We've determined that a DPO is not legally required for these reasons:

• We are not a public authority or government body
• Our core activities don't involve large-scale systematic monitoring of users
• We don't process large amounts of sensitive personal data (as defined by GDPR Article 9)

However, our Lead Technical Architect takes functional responsibility for all privacy-related decisions, security implementations, and compliance oversight.

2. DETAILED INVENTORY OF DATA COLLECTED

We follow the principle of "data minimization" required by GDPR Article 5(1)(c). This means we only collect data that is absolutely necessary for the application to work. Here's exactly what we do and don't collect:

2.1. Data Provided Directly by the User Through Affirmative Action

2.1.1. Visual Content (Images/Photographs)

What this is: When you select an image to edit in Kadre, you're giving the application access to that specific image file. This can be in common formats like JPEG, PNG, WEBP, or HEIC.

How collection works: You select the image using your computer's standard file dialog (like Windows File Explorer). The application only gets access to the exact file you choose—it doesn't have access to your entire photo library or any other files on your computer.

What we do with it:

• Local Processing Only: All editing operations (applying frames, extracting colors, adjusting filters) happen entirely on your own computer using your CPU and RAM. We use bundled software libraries (Pillow and NumPy) that run locally on your machine.
• No Uploads: Your images are NEVER uploaded to any server, cloud service, or sent over the internet. They stay on your device.
• Temporary Memory Storage: When you're editing an image, it's temporarily held in your computer's RAM (volatile memory). As soon as you close the application or finish editing, this data is automatically cleared.

Retention Period: While the app is open: Stored in RAM during editing. After closing: Automatically deleted from memory. Server-side: Not applicable—we never receive your images.

2.1.2. User Preferences and Configuration Settings

What this is: The application remembers your preferences to make your experience better. This includes: Theme choice, History of colors, Favorite colors/frames, Window size/position.

How it's stored: These settings are saved in a simple text file (JSON format) called config.json on your own computer, in a folder specifically for Kadre within your user directory.

Security: This file is stored in your personal user folder, which means only you (and computer administrators) can access it. It's protected by your computer's standard file permissions.

Retention: These settings remain on your computer indefinitely until you uninstall Kadre or manually delete the configuration file.

2.2. Data Collected Automatically Through Permissions and System Sensors

2.2.1. Network Connectivity Status Verification

• Data Accessed: TCP/IP connectivity status, DNS resolution.
• Collection Mechanism: The application performs a lightweight TCP socket connection to Cloudflare's public DNS resolver at IP address 1.1.1.1 (port 53 or 443) to verify active internet connectivity.
• Purpose and Justification: This verification prevents the application from attempting to upload images or fetch resources when no internet connection is available.
• Data Minimization: The connectivity check consists solely of establishing and immediately closing a TCP connection. No HTTP request is made, no user-agent string is transmitted, and no payload data is exchanged beyond the TCP handshake.

2.2.2. Device Metadata (Technical Telemetry)

What's collected: Your Windows operating system version, The version number of Kadre you're running, and if the application crashes, a log file (Kadre_error.log) is created locally on your computer containing technical details about what went wrong.

Purpose: This information helps diagnose and fix problems if something goes wrong. The crash log is stored only on your device and is not automatically sent to us unless you choose to share it when reporting a bug.

Legal basis: Legitimate interest in maintaining application stability (GDPR Article 6(1)(f)).

2.3. Data We STRICTLY DO NOT Collect (Negative Declarations)

3. PURPOSE OF PROCESSING AND LEGAL BASIS

3.1. Core Functionality: Image Editing and Enhancement Services

What we do: We locally process the image files you select, apply the filters/frames you choose, perform color corrections, and export the edited images back to your computer.

Why we do it: This is the fundamental purpose of Kadre—to provide you with image editing tools. Without processing your images, the application couldn't function.

Legal basis: Contractual necessity under GDPR Article 6(1)(b). When you use Kadre, there's an implied contract that we'll provide the editing services described. Processing your images is strictly necessary to fulfill that agreement.

3.2. Security, Fraud Prevention, and System Integrity

What we do: We verify that image files are in valid formats, handle errors gracefully when something goes wrong, and maintain logs of technical errors locally on your device.

Why we do it: To prevent crashes, protect your computer from corrupted files, and ensure the application works reliably.

Legal basis: Legitimate interest under GDPR Article 6(1)(f). We have a legitimate need to maintain a stable, secure application, and this processing doesn't override your privacy rights because it's minimal and local-only.

3.3. Legal Compliance and Regulatory Obligations

Current status: Because of our Zero-Knowledge Architecture (where we don't receive or store your data), we're not subject to any legal requirements to retain user data or respond to data disclosure requests. It's technically impossible for us to comply with requests for user data because we simply don't have it.

4. DATA SHARING, THIRD PARTIES, AND PROCESSOR RELATIONSHIPS

The short answer: we don't share your data because we don't have access to it in the first place. However, for complete transparency, here are the only external services that may process minimal technical information:

4.1. Data Processors (Infrastructure Service Providers)

Cloudflare, Inc. (USA): Domain Name System (DNS) resolution and network connectivity verification.

• Data Shared: User's IP address (inherent to TCP/IP protocol).
• Privacy Commitments: Cloudflare operates the 1.1.1.1 DNS resolver under a specific privacy commitment not to sell user data.

4.2. Absence of Marketing, Analytics, and Advertising SDKs

We want to be crystal clear about third-party services we do not integrate, use, or share any data with:

• Google Services: No Google Analytics, Google Ads, AdMob, Firebase Analytics, Tag Manager, or any other Google tracking or advertising products
• Meta/Facebook Services: No Facebook SDK, Meta Pixel, or any Facebook/Instagram tracking tools
• Third-Party Analytics and Attribution: No AppsFlyer, Adjust, Mixpanel, Amplitude, or similar analytics platforms
• Advertising Networks: No Unity Ads, IronSource, or any other ad networks
• Social Media Integration: No social media sharing SDKs or tracking pixels

4.3. Government and Law Enforcement Disclosure

Disclosure Principles: We respect user privacy while acknowledging legal obligations to cooperate with lawful government requests in certain limited circumstances.

Threshold Requirements: We will only disclose user data to government authorities when:

1. Presented with a valid legal process (subpoena, court order, or search warrant).
2. The request meets applicable legal standards (probable cause, relevance, specificity).
3. The request is not overbroad or in violation of user rights.
4. Disclosure is legally compelled and not voluntary.

Practical Limitation: Given our Zero-Knowledge Architecture, we typically possess minimal data to disclose. In most scenarios, we can honestly represent to authorities that we do not maintain the requested data (e.g., user identity, content history, location data).

Transparency Report: We commit to publishing an annual transparency report disclosing the number and nature of government data requests received, the number complied with, and the number challenged or rejected.

5. SECURITY MEASURES AND DATA RETENTION

The Kadre application uses a security framework we call "Nukita" (Desktop Adaptation). Here's how it protects your privacy and security:

5.1. The "Nukita" Security Standard and Cryptographic Architecture

• Executable Encapsulation: The application is compiled as a standalone executable using industry-standard packaging (PyInstaller). This bundles the Python interpreter and all dependencies into a single package, preventing external code injection or unauthorized modifications.
• Localhost Isolation: The internal web interface (which provides the visual editing interface) runs on a local web server (Flask) that only listens on your computer's "loopback" interface (127.0.0.1). The interface is completely inaccessible from other devices on your network or from the internet.
• Memory Security: Image data in RAM is managed by Python's automatic garbage collector. When an editing operation completes or you close the application, this memory is immediately released and overwritten.

5.2. Web Environment Hardening and Runtime Security

Browser Engine Configuration: The embedded browser that displays the editing interface is configured to prevent navigation to external websites (except for opening this privacy policy or similar documentation links in your default browser). Cross-origin requests are blocked.

5.3. Data Retention Policies and Timelines

• Volatile Memory (RAM): Your images are loaded into RAM only while you're actively editing them. As soon as you finish and close the application, this data is cleared.
• Server-Side Storage: Not applicable—we don't have servers that store user data.
• Local Configuration (on your device): Your preferences in config.json remain until you uninstall Kadre or manually delete the file.
• Exported Images: When you save an edited image, it's saved to your chosen location on your computer. These files are entirely under your control.
• Backups: We do not create or maintain any backups of user content.

6. USER RIGHTS (YOUR DATA SOVEREIGNTY)

Under data protection laws worldwide, you have comprehensive rights regarding your personal data. Here's what each right means and how to exercise it with Kadre:

• Right to Access (GDPR Article 15): You can request confirmation of what personal data we're processing about you. Contact us at victorigorrubiodominguez@gmail.com.
• Right to Rectification (GDPR Article 16): You can correct inaccurate personal data. For local preferences, you can modify them directly in the application's settings.
• Right to Erasure/"Right to be Forgotten" (GDPR Article 17): You can request deletion of your personal data. Simply uninstall Kadre from your computer.
• Right to Data Portability (GDPR Article 20): You can receive your personal data in a machine-readable format. Your configuration file (config.json) is already in a standard, portable format (JSON).
• Right to Restriction of Processing (GDPR Article 18): You can limit how your data is processed. You can choose not to use specific features of Kadre.
• Right to Object (GDPR Article 21): You can object to processing based on legitimate interests. Contact us to object to any processing operations.
• Right to Withdraw Consent: If processing is based on your consent, you can withdraw it at any time.
• Right to Lodge a Complaint: You can file a complaint with a data protection authority if you believe we've violated your privacy rights.
  • EU/EEA: Your national data protection authority
  • UK: Information Commissioner's Office (ICO)
  • California: California Attorney General

7. CHILDREN'S PRIVACY (COPPA, GDPR-K, and Global Standards)

We're committed to protecting children's privacy in compliance with COPPA (Children's Online Privacy Protection Act), GDPR-K (GDPR provisions for children), and equivalent global standards.

Age Restrictions and Verification

Our approach: Kadre is a general-purpose utility tool for image editing. We don't implement age verification gates because we don't collect personal information that would require parental consent.

COPPA Compliance (Under 13 in the United States): We comply by design: we don't collect names, email addresses, locations, photos (they stay local), or any other personal information. Because we don't collect this data from anyone—child or adult—we're automatically COPPA-compliant.

GDPR-K Compliance (Under 16 in the EU): We don't offer services that require consent (like creating accounts, posting content online, or social features). All processing is local.

Parental Controls

Parents and guardians can use their operating system's built-in parental controls to restrict which applications children can install and use.

8. INTERNATIONAL DATA TRANSFERS AND CROSS-BORDER DATA FLOWS

Data protection laws restrict transferring personal data across international borders. Here's our status:

User Content (Your Images)

Transfer status: There are NO international transfers of your images or editing data. All image processing happens entirely on your local device.

Technical Metadata (Connectivity Checks)

Limited processing: When Kadre checks internet connectivity by connecting to Cloudflare's 1.1.1.1 DNS service, your IP address is inherently transmitted as part of the TCP/IP protocol.

• From: Your location (wherever you use Kadre)
• To: Cloudflare's global infrastructure (including servers in the United States)
• Data transferred: Your IP address only
• Safeguards: Cloudflare is certified under the EU-U.S. Data Privacy Framework and complies with GDPR.

9. DATA BREACH NOTIFICATION AND INCIDENT RESPONSE

• Definition: Accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of personal data.
• Notification: We will notify supervisory authorities within 72 hours and affected individuals without undue delay if there is a high risk to rights and freedoms.
• Risk Assessment: The likelihood of a material breach is extremely low because no persistent user accounts or credentials exist to be compromised.

10. ACCESSIBILITY AND LANGUAGE

We've designed this privacy policy to be accessible to everyone, in accordance with WCAG 2.1 Level AA standards:

• Readability Features: Clear language, Logical structure, High contrast, Responsive design.
• Alternative Formats: If you need this privacy policy in an alternative format (such as large print, audio, or a different language), please contact us at victorigorrubiodominguez@gmail.com.

11. DISPUTE RESOLUTION AND GOVERNING LAW

11.1. Informal Dispute Resolution

We encourage users to contact us directly with any privacy concerns or complaints before pursuing formal dispute resolution mechanisms. Many concerns can be resolved quickly and amicably through direct communication.

11.2. Governing Law and Jurisdiction

This Privacy Policy and all related matters shall be governed by and construed in accordance with the laws of the European Union and its member states.

12. CONTACT INFORMATION AND DATA PROTECTION INQUIRIES

12.1. Security Vulnerability Reports

If you discover a security vulnerability in the Kadre application, we encourage responsible disclosure:

• We commit to acknowledging security reports within 24 hours.
• Providing updates on investigation and remediation within 7 days.

12.2. Supervisory Authority Contact

Users have the right to contact their local data protection supervisory authority with complaints or concerns. We will cooperate fully with supervisory authority investigations.

13. CONCLUSION AND CONTROLLER'S COMMITMENT

The Kadre application represents a commitment to a new paradigm of privacy-respecting application design where user privacy is not an afterthought but the foundational architectural principle. The Controller's Zero-Knowledge Architecture ensures that we cannot abuse, misuse, or mishandle your personal data—because we fundamentally do not possess it.

Core Commitments:

• We will never sell your data to third parties.
• We will never use your data for advertising or behavioral profiling.
• We will never retain your data longer than necessary for immediate processing.

By using Kadre, you act with full knowledge of your digital rights.

Preamble: Privacy-by-Design Philosophy

This Privacy Policy represents our commitment to protecting the fundamental right to privacy as recognized by international human rights law, including Article 12 of the Universal Declaration of Human Rights and Article 8 of the European Convention on Human Rights. The Kadre application has been architected from inception using Privacy-by-Design principles as codified in GDPR Article 25, ensuring that data protection is not an afterthought but the foundational pillar of our technical infrastructure.

We recognize that in the digital age, users entrust applications with access to sensitive personal content, including photographs and media that may contain intimate moments, family members, and private spaces. We have therefore implemented a "Zero-Knowledge Architecture" whereby we maintain no persistent knowledge of user activities, content, or identity. This policy explains in exhaustive detail the limited, ephemeral, and purpose-bound data processing operations that occur within the Kadre ecosystem.

1. IDENTIFICATION OF THE DATA CONTROLLER

1.1. Responsible Entity

The data controller responsible for all processing operations conducted through the Kadre mobile application and its associated secure web services infrastructure is The Kadre Development Team/Project Owner (hereinafter collectively and severally referred to as "We", "Us", or "Our").

For purposes of this policy, "processing" shall bear the meaning ascribed to it under GDPR Article 4(2), encompassing any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, erasure, or destruction.

1.2. Contact Information and Correspondence

Users seeking to exercise their data protection rights, lodge complaints, or request clarification on this policy are directed to establish contact through the following official channels:

• Primary Email Channel: victorigorrubiodominguez@gmail.com
• Response Time: We aim to respond as soon as possible.
• Postal Address (GDPR Article 13(1)(a) Requirement):
  Not required for our current scale of operations; contact via email for formal correspondence.

All correspondence should clearly reference "Kadre Privacy Inquiry" in the subject line to ensure expedited routing to the appropriate response team. We commit to acknowledging receipt of all communications within 48 hours and providing substantive responses within the timeframes mandated by applicable data protection laws.

1.3. Data Protection Officer Designation

Pursuant to GDPR Article 37(1), we have conducted a necessity assessment and determined that formal designation of a Data Protection Officer (DPO) is not mandatory for the following reasons:

1. Public Authority Exemption: We are not a public authority or body.
2. Core Activities Assessment: Our core activities do not consist of processing operations requiring regular and systematic monitoring of data subjects on a large scale.
3. Special Categories Exclusion: We do not engage in large-scale processing of special categories of data as defined under GDPR Article 9.

However, recognizing best practices in data governance, the Lead Technical Architect assumes functional responsibility for all privacy-related architecture decisions, security implementations, and compliance oversight. This individual serves as the primary point of contact for supervisory authorities and maintains oversight of:

• Privacy Impact Assessments (PIAs) for new features.
• Continuous monitoring of security protocols.
• Third-party processor compliance verification.
• Policy updates and regulatory monitoring.

2. DETAILED INVENTORY OF DATA COLLECTED

We adhere strictly to the data minimization principle as mandated by GDPR Article 5(1)(c), which requires that personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. This section provides an exhaustive taxonomy of all data elements that may be processed during the lifecycle of application usage.

2.1. Data Provided Directly by the User Through Affirmative Action

2.1.1. Visual Content (Images/Photographs)

• Data Type: Bitmap raster image data in standard formats including but not limited to JPEG, PNG, WEBP, and HEIC.
• Collection Mechanism: Data is collected exclusively through the Android System Media Picker, invoked via the standardized Intent.ACTION_GET_CONTENT or Intent.ACTION_PICK Android API calls. This ensures that the application never gains broad access to media storage but only receives the specific file the user explicitly selects.
• Technical Constraints Implemented:
  1. The application does not request the READ_EXTERNAL_STORAGE permission on Android 13+ devices, relying instead on the scoped storage model introduced in Android 10.
  2. No background scanning or indexing of the user's photo library occurs.
  3. Multi-select functionality is deliberately restricted to prevent inadvertent bulk sharing.
• Processing Operations:
  1. Client-Side Compression: Initial downsampling if the resolution exceeds 4096x4096 pixels to prevent memory overflow.
  2. Format Standardization: Conversion to WebP format with quality parameter set to 85% for optimal bandwidth efficiency.
  3. Secure Transmission: HTTPS POST to the processing server using TLS 1.3 with certificate pinning.
  4. Server-Side Processing: Frame application, filter rendering, color adjustments as requested by the user.
  5. Immediate Deletion: Permanent erasure from server volatile memory upon completion of processing.
• Retention Period: Client-side: Until the user closes the editing session. Server-side: Max 30 seconds (RAM), zero persistent storage.

2.1.2. User Preferences and Configuration Settings

• Data Type: Boolean flags, integer values, and string constants representing user interface customization choices.
• Examples:
  • Theme selection (Light Mode, Dark Mode, System Default).
  • Widget visibility toggles.
  • Frame style preferences.
  • Notification preferences.
  • First-run tutorial completion status.
• Storage Mechanism: Data is persisted locally on the user's device using Android's SharedPreferences API or stored in a structured JSON file (favorites.json) within the application's private directory (/data/data/[package_name]/files/).
• Security: These files are protected by Android's application sandbox security model, making them inaccessible to other applications without root privileges or explicit user backup extraction.
• Retention Period: Indefinite, until the user uninstalls the application or manually clears application data through Android system settings.

2.2. Data Collected Automatically Through Permissions and System Sensors

2.2.1. Music Playback Metadata (Aura Color Adaptation Feature)

• Permission: `BIND_NOTIFICATION_LISTENER_SERVICE`
• Data Accessed: Album Art bitmap only.
• Explicit Exclusions: We categorically do NOT access:
  • Track title or song name.
  • Artist or album metadata.
  • Playback position or duration.
  • Listening history or temporal patterns.
  • Music streaming service identity.
  • Playlist information.
• Technical Implementation:
  1. The application registers a NotificationListenerService that filters for notifications from known music applications.
  2. Upon detecting an active media notification, the service extracts the largeIcon bitmap field.
  3. The bitmap is processed locally on-device using the Palette library to generate a color scheme.
  4. The original bitmap is immediately discarded after color extraction.
• User Control: This feature is entirely optional and requires explicit user consent during initial setup. Users may revoke the Notification Listener permission at any time through Android Settings → Apps → Special App Access → Notification Access.
• Retention Period: The album art bitmap exists in volatile memory (RAM) for typically less than 500 milliseconds during the color extraction process and is never written to persistent storage.

2.2.2. Network Connectivity Status Verification

• Data Accessed: TCP/IP connectivity status, DNS resolution.
• Collection Mechanism: The application performs a lightweight TCP socket connection to Cloudflare's public DNS resolver at IP address 1.1.1.1 (port 53 or 443) to verify active internet connectivity.
• Purpose and Justification: This verification prevents the application from attempting to upload images or fetch resources when no internet connection is available.
• Data Minimization: The connectivity check consists solely of establishing and immediately closing a TCP connection. No HTTP request is made, no user-agent string is transmitted, and no payload data is exchanged beyond the TCP handshake.

2.2.3. Device Metadata (Technical Telemetry)

• Data Collected:
  • Android OS version number.
  • Application version number.
  • Device manufacturer and model (collected only during crash reports).
  • Screen resolution and density.
• Purpose: Ensuring compatibility, debugging crashes, and optimizing UI layouts.
• Legal Basis: Legitimate Interest (GDPR Article 6(1)(f)).
• Non-Identification: This metadata is aggregated and cannot be used to identify individual users.

2.3. Data We STRICTLY DO NOT Collect (Negative Declarations)

3. PURPOSE OF PROCESSING AND LEGAL BASIS

Under the General Data Protection Regulation (GDPR) and equivalent international frameworks, controllers must identify a lawful basis for each processing operation.

3.1. Core Functionality (Image Editing)

• Processing Activities: Reception of user-selected image files, application of visual filters/frames, color correction, export of processed images.
• Purpose Statement: To fulfill the primary contractual obligation of providing image editing services as described in the application's functionality specifications.
• Legal Basis: Contractual Necessity pursuant to GDPR Article 6(1)(b).
• Detailed Justification: The processing of image data is strictly necessary for the performance of the implicit contract formed when the user downloads and actively engages with the application.

3.2. Aesthetic Adaptation (Aura Feature)

• Processing Activities: Access to currently playing music's album artwork, color palette extraction, dynamic adjustment of UI theme.
• Purpose Statement: To provide an enhanced, personalized user experience by creating visual harmony between the user's current music listening activity and the application's interface design.
• Legal Basis: Explicit Consent pursuant to GDPR Article 6(1)(a).
• Consent Characteristics: Freely given, Specific, Informed, and Unambiguous. Users may withdraw consent at any time by revoking the Notification Listener permission.

3.3. Security & Integrity

• Processing Activities: Verification of uploaded file formats, detection of malformed uploads, network connectivity verification.
• Purpose Statement: To maintain the security and stability of the application infrastructure and prevent fraudulent usage.
• Legal Basis: Legitimate Interest pursuant to GDPR Article 6(1)(f).

3.4. Legal Compliance

Current Status: As of the effective date, the Controller is not subject to any data retention mandates or disclosure obligations due to the Zero-Knowledge Architecture. The application is designed such that no user data is stored, making it technically impossible to comply with data retrieval requests.

4. DATA SHARING, THIRD PARTIES, AND PROCESSOR RELATIONSHIPS

We operate within a "Walled Garden" ecosystem designed to minimize data sharing. However, modern application infrastructure necessitates engagement with certain technical service providers.

4.1. Data Processors

• Render Services, Inc. (USA): Cloud hosting provider for the "Nukita" encrypted web processing core.
  • Data Shared: Ephemeral image buffer data, HTTP request metadata.
  • Security: Encryption in Transit (TLS 1.3), Encryption at Rest (AES-256 for temporary caching), Container Isolation.
  • Retention: Maximum 60 seconds during active processing. Zero persistent retention.
• Cloudflare, Inc. (USA): Domain Name System (DNS) resolution and network connectivity verification.
  • Data Shared: User's IP address (inherent to TCP/IP protocol).
  • Privacy Commitments: Cloudflare operates the 1.1.1.1 DNS resolver under a specific privacy commitment not to sell user data.

4.2. Absence of Marketing SDKs

We DO NOT integrate, utilize, or share data with:

• Google Marketing Services: AdMob, Analytics, Firebase Analytics, Tag Manager.
• Meta (Facebook) Services: Facebook SDK, Meta Pixel, Audience Network.
• Third-Party Attribution: AppsFlyer, Adjust, Mixpanel, Amplitude.
• Advertising Networks: Unity Ads, IronSource, AppLovin.

Technical Verification: Users may verify these claims through reverse-engineering the APK.

4.3. Technical Impossibility of Data Disclosure

Due to our Zero-Knowledge Architecture and the ephemeral nature of all processing, the Controller does not possess, store, or have the technical capability to retrieve any user data. Consequently, it is technically impossible for us to provide user content or identifying information to government authorities, law enforcement, or any third party, even when presented with a valid legal process.

5. SECURITY MEASURES AND DATA RETENTION

The Kadre application employs a proprietary security framework designated "Nukita".

5.1. "Nukita" Security Standard

• Web Core Encryption: The web application core is encrypted using a custom binary encryption algorithm. Decryption occurs in-memory at runtime.
• JavaScript Obfuscation: All client-side JavaScript undergoes multi-stage obfuscation (name mangling, control flow flattening).
• Template Encryption: DOM structure is fragmented and reassembled at runtime to defend against scraping.

5.2. Web Environment Hardening

• WebView Configuration: `LOAD_NO_CACHE` ensures no web content is written to storage. JavaScript execution is isolated.
• File Access: File system access and cross-origin requests are blocked.
• Sensors: Camera, microphone, and geolocation permissions are automatically denied.
• Memory Security: Image buffers are overwritten with random data before release. `FLAG_SECURE` prevents screenshots during sensitive operations.

5.3. Data Retention Policies

• Volatile Memory (RAM): Image buffers retained for 2-30 seconds. Album art for < 500ms.
• Server-Side: Zero persistent retention. Ephemeral containers destroyed immediately. Logs are anonymized and purged every 7 days.
• Client-Side: Preferences stored indefinitely until uninstall or manual clear. Exported images are under user control.
• Backup: No backups of user content are maintained.

6. USER RIGHTS (YOUR DATA SOVEREIGNTY)

We extend comprehensive rights to all users globally:

• Right to Access: Confirm processing and access data. Given the Zero-Knowledge Architecture, response will typically confirm no user profile exists.
• Right to Rectification: Modify local preferences directly in the app.
• Right to Erasure: Uninstall the app to permanently destroy all local data. Server data is auto-deleted.
• Right to Data Portability: Access `favorites.json` locally. Exported images are standard JPEG/PNG.
• Right to Restriction: Revoke permissions (e.g., Notification Access) or stop using specific features.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Revoke Notification Listener permission at any time.
• Automated Decision-Making: We do not engage in profiling or automated decision-making.

7. CHILDREN'S PRIVACY (COPPA, GDPR-K, and Global Standards)

We are committed to compliance with COPPA, GDPR-K, and global standards.

• Age Restrictions: Kadre is a general utility tool. We do not implement age gates as we do not collect personal data.
• COPPA (Under 13): We do not collect personal information (name, email, location, etc.) from children.
• GDPR-K (Under 16): No information society services requiring consent are offered.
• Parental Controls: Parents can use device-level controls (Family Link) to manage access and permissions. If a parent believes their child has provided info, they may contact us for an investigation within 24 hours.

8. INTERNATIONAL DATA TRANSFERS AND CROSS-BORDER DATA FLOWS

Data flows to infrastructure in the United States (Render/Cloudflare).

• Transfer Mechanisms: We rely on Standard Contractual Clauses (SCCs) for transfers to the USA.
• Transfer Impact Assessment: Assessed as "Low Risk" due to ephemeral processing (30-60 seconds), encryption in transit, and data minimization.
• Transparency: User Device -> Render Servers (USA) for image processing. User Device -> Cloudflare DNS (Global) for connectivity.

9. DATA BREACH NOTIFICATION AND INCIDENT RESPONSE

• Definition: Accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of personal data.
• Notification: We will notify supervisory authorities within 72 hours and affected individuals without undue delay if there is a high risk to rights and freedoms.
• Risk Assessment: The likelihood of a material breach is extremely low because no persistent user accounts or credentials exist to be compromised.

10. ACCESSIBILITY AND LANGUAGE

This policy is designed to be accessible in accordance with WCAG 2.1 Level AA standards, featuring high-contrast text and logical heading structures. Alternative formats are available upon request.

11. DISPUTE RESOLUTION AND GOVERNING LAW

11.1. Informal Dispute Resolution

We encourage users to contact us directly with any privacy concerns or complaints before pursuing formal dispute resolution mechanisms. Many concerns can be resolved quickly and amicably through direct communication.

11.2. Governing Law and Jurisdiction

This Privacy Policy and all related matters shall be governed by and construed in accordance with the laws of the European Union and its member states.

12. CONTACT INFORMATION AND DATA PROTECTION INQUIRIES

13. CONCLUSION AND CONTROLLER'S COMMITMENT

The Kadre application represents a commitment to a new paradigm of privacy-respecting design where user privacy is the foundational architectural principle. Because the system is designed to not obtain or store user data, privacy is guaranteed by technical constraint rather than just policy.

Core Commitments:

• We will never sell your data to third parties.
• We will never use your data for advertising or behavioral profiling.
• We will never retain your data longer than necessary for immediate processing.

By using Kadre, you act with full knowledge of your digital rights.