Download app for free

Privacy Policy

Effective: 1 January 2025 · Last updated: 24 February 2026

Kadi is an independent app built and operated by an individual developers based in Kenya. Your privacy is not a checkbox — it's a core part of how Kadi is built. This policy explains what data is collected, how it is used, and the controls you always have over it.

If anything is unclear, contact us at privacy@pixel-studio.pro — a direct answer will be given, not an automated response.

Who is responsible for your data?

Kadi is operated by an individual developer. As the data controller, the developer is responsible for determining how and why your personal data is processed. For the purposes of the Kenya Data Protection Act, 2019, and other applicable laws, inquiries and data requests should be directed to the contact address above.

What data we collect

We only collect what we need to deliver the service:

Account Data — Name, email address, and profile information provided during sign-up via Google or Apple.
Scanned Card Images — Photos of business cards you capture are stored securely and linked to your account.
Extracted Contact Data — The name, title, company, email, phone, address, and website our AI extracts from each scanned card.
Your Virtual Card — Information you choose to put on your Kadi digital card (name, title, email, phone, company, website, address).
Usage Analytics — Anonymised app events (e.g. screens visited, features used, error events) to help improve the product. Your user ID is linked to these events for debugging purposes.
Device Data — device type, OS version, and app version for diagnostics and crash reporting.

We do NOT collect your location, access your camera roll beyond the moment of scanning, any data from outside the Kadi app or sensitive personal data (health, financial, biometric data).

How we use your data

To provide, maintain, and improve the Kadi app.

To process business card scans using our AI extraction pipeline.
To store and display the contacts you have collected.
To send transactional notifications (e.g scan completion alerts, account confirmations).
To analyse anonymised usage trends anf fix bugs.
To process subscription payments and manage your billing.
To comply with legal obligations under Kenyan and applicable international law.

We do NOT sell your data. We do not use your contacts or virtual card data to target you with advertising. We do not share personally identifiable information with any third party except as described below.

Third-party services

Kadi relies on the following third-party services to operate. Each link goes to that provider's privacy policy.

Appwrite (Cloud Backend):
All user data, scanned card images, contact records, and virtual cards are stored on Appwrite Cloud, hosted in Frankfurt, Germany (EU). Appwrite handles authentication, database storage, file storage, and cloud function execution (where AI parsing occurs).
- Data stored: Account data, card images, contact records, virtual cards.
- Privacy policy: https://appwrite.io/privacy
Google (Authentication):
Google OAuth is used as an optional sign-in method.
- Data shared: Card images (for parsing only), basic profile information if you sign in with Google.
- Retention by Google: Images are submitted to the Gemini API as part of the extraction request; Google's API data handling terms apply.
- Privacy policy: https://policies.google.com/privacy
Apple (Authentication + Payments):
Apple Sign-In is available as an optional authentication method. In-app subscriptions and purchases are processed through Apple's App Store infrastructure. Kadi never sees or stores your payment card details.
- Data shared: A unique Apple-provided identifier and optionally your name/email (controlled by you at sign-in).
- Privacy policy: https://www.apple.com/legal/privacy/
RevenueCat (Subscription Management):
RevenueCat sits between the app and Apple's billing system to manage subscription status, entitlements, and payment events.
- Data shared: A pseudonymous user ID, subscription state, and purchase events. No payment card details.
- Privacy policy: https://www.revenuecat.com/privacy
PostHog (Analytics):
Anonymised in-app usage events (screens viewed, features used, errors) are sent to PostHog, hosted on EU servers. No cross-site tracking is used.
- Data shared: Anonymised event data linked to a pseudonymous user ID, device type, OS version, app version.
- Privacy policy: https://posthog.com/privacy

Device Permissions

Camera — To capture business cards for scanning. The camera is only activated when you initiate a scan.

Contacts (optional) — Requested only when you tap "Add to Contacts" to save a scanned contact to your phone's address book. Kadi does not read your existing contacts.
Notifications — To alert you when a card has been processed and is ready to review.

Data storage & security

Data is stored on Appwrite Cloud in Frankfurt, Germany (EU).

All data is encrypted in transit (TLS) and at rest (AES-256) by Appwrite's infrastructure.
Scanned card images are stored in a private, access-controlled bucket. Only you can access your images.
Your account credentials are managed by Appwrite's authentication system — passwords are never stored in plain text.

If you notice any suspicious activity related to your account, contact us immediately.

Data Retention

We only collect what we need to deliver the service:

Account & Contact Data — Retained while your account is active.
Card Images — Retained while your account is active; deleted when you delete a contact or your account.
Analytics Events — Anonymised events are retained by PostHog for up to 1 year.
Billing Records — Payment history may be retained by Apple and RevenueCat for up to 7 years in accordance with financial record-keeping obligations.

When you delete your account, all personal data held by Kadi (account details, contacts, card images, virtual cards) is deleted within 30 days. Deletion cascades automatically — you do not need to delete items one by one.

Your Rights

Under the Kenya Data Protection Act, 2019 (KDPA) and, where applicable, the General Data Protection Regulation (GDPR), you have the right to:

Access the personal data held about you.
Correct inaccurate or incomplete data.
Delete your data ("right to be forgotten").
Export your data in a portable format (use the CSV export feature in-app, or request a full data export by email).
Withdraw consent for any optional data processing at any time.
Object to processing or request restriction of processing.
Lodge a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya: https://www.odpc.go.ke

To exercise any of the above rights, contact: privacy@pixel-studio.pro. Requests will be responded to within 14 days.

Children's Privacy

Kadi is not intended for users under 18 years of age. No data is knowingly collected from children. If you believe a child has created an account, contact us and the account will be deleted promptly.

International data transfers

Kadi is operated from Kenya. Data is stored and processed on servers in the EU (Frankfurt, Germany via Appwrite). By using the app, you consent to your data being transferred to and processed in the EU, subject to the safeguards described in this policy.

Changes to this policy

Meaningful changes will be communicated via in-app notification or email at least 14 days before they take effect. Continued use of Kadi after that date constitutes acceptance of the updated policy. The "Last updated" date at the top of this page will always reflect the most recent revision.

Changes to this policy

For any privacy-related questions, data requests, or concerns:

Email: privacy@pixel-studio.pro

Location: Nairobi, Kenya