Privacy Policy

Last updated: March 25, 2026. Effective immediately for new users.

Summary: We never sell your personal data. Anonymous message senders are truly anonymous — we do not expose identities. We use Google AdSense only with your consent. Kykez+ subscribers are ad-free. You can delete your account and all data at any time.

1. Who We Are

Kykez ("we", "us", "our") operates Kykez.com and the Kykez Android application — an anonymous messaging platform that allows users to receive anonymous text, image, and voice messages from anyone via a personal link. Contact us at privacy@kykez.com.

2. Data We Collect

Account Holders (Registered Users)

  • Identity data: Email address, username, display name
  • Profile data: Bio, profile photo, link question, message preferences
  • Usage data: Login timestamps, coin balance, subscription status
  • Device data: FCM token (for push notifications, optional)

Anonymous Message Senders

  • IP address: Logged for rate limiting, spam prevention, and law-enforcement cooperation. Never shown to recipients unless they spend coins on the "Hint" feature, which reveals a partial IP country — not the full address or identity.
  • Device metadata: Operating system/browser type (for spam detection only)
  • Country code: Derived from IP for regional safety controls
  • No name, email, or account is required to send a message.

Technical Data (All Visitors)

  • Browser type, language, referrer (via standard server logs)
  • Cookies (see Section 5)
  • Aggregate analytics (no personally identifiable information)

3. How We Use Your Data

  • Deliver anonymous messages to recipients
  • Operate, maintain and improve the platform
  • Detect and prevent spam, harassment and abuse
  • Send push notifications (only if you opt in)
  • Process coin purchases and Kykez+ subscriptions via Google Play
  • Display personalised advertising via Google AdSense (only with your consent)
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

  • Contract: Providing account and messaging services to registered users
  • Legitimate interests: Spam prevention, security, fraud detection
  • Consent: Personalised advertising (AdSense), push notifications
  • Legal obligation: Responding to valid law enforcement requests

5. Cookies & Advertising

Essential Cookies

Required for the site to function (session management, CSRF protection, theme preference). Cannot be disabled.

Analytics & Advertising Cookies (Consent Required)

With your consent, we load Google AdSense which may set cookies to personalise ads. Google's use of advertising cookies is governed by Google's Privacy Policy. You can opt out at Google Ad Settings.

Kykez+ subscribers receive an entirely ad-free experience — AdSense is not loaded on their sessions.

You can change your consent at any time using the cookie banner (re-accessible via our footer) or by clearing your browser's local storage.

See our full Cookie Policy for details.

6. Third-Party Services

  • Google AdSense — personalised advertising (consent-gated)
  • Google Firebase (FCM) — push notifications (optional)
  • Google Play Billing — in-app purchases and subscriptions
  • Google Fonts — font delivery (logs anonymous IP)

We do not sell your data to third parties. Advertising partners receive only anonymised, aggregated signals.

7. Data Retention

  • Account data: Until you delete your account
  • Messages: Retained for up to 365 days, then auto-deleted
  • IP logs (rate limiting): Automatically cleared after 7 days
  • Coin transaction history: Retained for 2 years for financial compliance
  • Deleted content: Removed from active storage within 30 days; may persist in encrypted backups for up to 90 days

8. Your Rights (GDPR / CCPA)

Depending on your location, you have the right to:

  • Access — request a copy of your personal data
  • Correct — update inaccurate data via your Profile settings
  • Delete — request account and data deletion by emailing privacy@kykez.com
  • Portability — receive your data in a machine-readable format
  • Object — opt out of personalised advertising at any time
  • Withdraw Consent — change your cookie preferences at any time

California residents (CCPA): You may opt out of the "sale" of personal information. We do not sell personal information. Exercise rights via privacy@kykez.com.

EU/EEA residents may lodge a complaint with your local Data Protection Authority.

9. Children's Privacy (COPPA)

Kykez is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13 (or under 16 in the EU/EEA). If you believe a child has provided us data, contact privacy@kykez.com immediately and we will delete it.

10. International Data Transfers

Our servers may be located outside your country. By using Kykez, you consent to your data being processed in the countries where we and our service providers operate. We apply appropriate safeguards (including Standard Contractual Clauses where required by GDPR).

11. Security

We implement industry-standard security measures including: bcrypt password hashing, HTTPS encryption, JWT authentication, rate limiting, and CSRF protection. However, no system is 100% secure. Report security vulnerabilities to security@kykez.com.

12. Changes to This Policy

We may update this policy from time to time. We will notify registered users of significant changes via email or a notice on the platform. Continued use after changes constitutes acceptance.

13. Contact

Privacy questions: privacy@kykez.com
Legal requests: legal@kykez.com
Abuse reports: abuse@kykez.com

Terms of Service Cookie Policy Community Guidelines Safety Center