KaivionBack home

Privacy Policy

Last updated: June 13, 2026

Kaivion is a small, independent product. Plain version of how we handle your data: we collect what we need to make the product work, we never sell or share anything that identifies you, and we delete it when you ask. If anything here is unclear, email us at Kaivionsupport@gmail.com.

What we collect

  • Account info: your email address and a password. We never see or store your password in a form we could read.
  • Optional profile fields:things like a first name, date of birth, phone, or address. These are entirely voluntary. We only ask in case they're useful to you later. You can skip them all.
  • Loyalty balances you give us: the program names, point balances, and expiration dates you add via any of our supported paths (manual entry, screenshot upload, email forwarding, a connected Gmail account, or the browser extension). We never access your bank, airline, or hotel accounts to pull this data ourselves.
  • Travel preferences (optional):answers you choose to give on the Best Moves page — a home airport, regions you want to visit, whether you chase premium cabins, what you'd pay for them. Every question is skippable. We use them to rank your recommendations.
  • Search activity: we log basic award-search activity (origin, destination, dates) for rate limiting and abuse prevention. Nothing identifying beyond that.
  • Usage data: anonymized events like which pages you view and when you add a program. Helps us see what works.
  • Cookies: a session cookie that keeps you signed in, plus an analytics cookie.

What we do not collect

  • Your bank account or full credit card numbers. If you subscribe to a paid plan, your card is handled directly by our payment processor — see Payments below.
  • Your airline or hotel account passwords.
  • Government ID, biometric data, or health data.
  • Your precise location.

Email forwarding (auto-sync)

Auto-sync is optional. If you turn it on, you set up a forwarding rule in your inbox that sends specific loyalty emails to a private Kaivion address. We never read your inbox or pull anything from it; we only see the emails your own rule forwards. From each forwarded email we extract three things: program, balance, and expiration if present. You can stop auto-sync any time by removing the forwarding rule.

To do the extraction we send the relevant parts of the email (subject line and message body) to Anthropic, the AI provider whose model reads the message and returns the three fields. Anthropic processes that request to produce the response and does not use the content to train its models, per their published API terms.

After a successful extraction the email body is deleted from our database within the hour. If the parser could not read a balance (for example because the email was promotional rather than a statement) the body is retained for up to one hour for diagnostic purposes and then deleted on the same schedule. We never keep raw email bodies past that window.

Connecting your Gmail (optional)

Instead of setting up a forwarding rule, you can connect your Gmail account directly. This is optional, off by default, and you can disconnect it at any time. When you connect, Google asks you to grant Kaivion read-only access to your Gmail. We never request permission to send, change, or delete anything.

What we do with that access is narrow on purpose. We only search your mailbox for emails from the loyalty programs you track — the airlines, hotels, and card programs whose sender addresses we already know. We do not open, read, or index the rest of your inbox. From each matching email we pull the same three things as forwarding: program, balance, and expiration date if it is there.

We never store the contents of your emails. A matched message is read in memory only long enough to pull those values, then discarded — it is never written to our database. To read the balance we send the relevant parts of the matched email to Anthropic, under the same no-training terms described above. We keep only the extracted balance, exactly as if you had typed it in yourself.

The access token that lets us do this is encrypted and stored on our servers only — never in your browser. Disconnecting Gmail inside Kaivion immediately deletes that token and asks Google to revoke our access. You can also revoke access yourself at any time from your Google account's security settings.

Kaivion's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Gmail data only to provide the balance-tracking feature you turned on. We never use it for advertising, we never sell it, and no human reads it except where you ask us to for support, or where the law requires.

Screenshot upload

You can also upload a screenshot of a loyalty account page instead of forwarding email. The image is sent to Anthropic's vision model to read the balance, held in memory long enough for that call to complete, and never written to our storage. The same no-training rule applies: Anthropic does not use uploaded images to train its models. The extracted balance returns to your browser for you to confirm before any database write happens.

Browser extension

The Kaivion extension is optional and designed to do one thing only: keep your loyalty balances up to date.

When you visit one of your loyalty program accounts, the extension reads the points balance displayed on that page and, if applicable, the expiration date. It then sends only those values to Kaivion so your dashboard stays current. Nothing else. It does not read or track any other information or account balance, points only.

It does not collect your login credentials, passwords, cookies, browsing history, or the contents of the page. The reading happens locally in your browser. Only the balance information is transmitted. All other data stays with you, on your device.

Occasionally, a loyalty page may display several numbers that could be interpreted as a balance. In those cases, if the extension cannot confidently determine the correct value, it sends only the candidate numbers and a small amount of surrounding text to Anthropic to identify the right one. No account details, passwords, cookies, or full page content are shared. Anthropic does not use this information to train its models. If uncertainty remains, the extension simply asks you to confirm rather than guessing.

You can also upload a screenshot to update or correct a balance. If you send a screenshot, that image is sent to Anthropic's vision model to read the number, processed only for that request, and is not stored by Kaivion or used for model training. The extension then knows in the future where to look.

To keep balances updated automatically, the extension requests permission to run on websites you visit. This is the standard browser permission used by most extensions. Even with that access, it remains inactive everywhere except supported loyalty program pages. On other websites it reads nothing and sends nothing.

If you prefer not to grant that permission, you can still update balances manually with a single click. The permission can also be revoked at any time through your browser settings.

Finally, before a balance from a new program is added to your account, the extension shows you what it found and asks for confirmation. Nothing is saved without your say so.

Kaivion does not have access to your loyalty accounts and cannot log in on your behalf. We never see your passwords, payment information, or account activity. The only information we receive is the points balance and, where available, an expiration date that you choose to sync. Your loyalty accounts remain under your control at all times.

How we use your data

  • To run the product.
  • To rank your recommendations, when you've answered the optional preference questions.
  • To fix bugs and improve features.
  • To prevent abuse.
  • To contact you about your account when needed.

We do not sell your personal data. We do not share it with advertisers. We do not use it to train AI models.

We may use aggregated, anonymized data — patterns across many members, like which redemptions people value most or what travelers would pay for business class — to improve the product and to publish or license industry insights. These aggregates never include your identity, your balances, or anything that could be traced back to you, and we only build them from groups large enough that no individual could be singled out. We commit to never attempting to re-identify anyone from aggregated data.

Payments

If you subscribe to a paid plan, your payment is processed by Stripe, our payment processor. Your card number and security code are entered directly into Stripe's secure fields — Kaivion never sees or stores your full card details.

From your subscription we keep only what we need to give you access and manage billing: your plan, its status, the renewal date, whether it is set to cancel, and the references Stripe gives us to look your subscription up. Stripe handles your payment information under its own privacy policy.

Service providers

We rely on third-party infrastructure providers (hosting, database, authentication, analytics, email delivery, payment processing) located in the United States and the European Union. They process data on our behalf under standard data-protection terms and only for the purposes of running this product. We can share specific details on request.

Your rights

You can:

  • Delete any program from your dashboard at any time.
  • Permanently delete your entire account and all associated data instantly from your delete-account page. The action is immediate and cannot be undone.
  • Request a copy of the data we hold about you (data portability).
  • Withdraw consent for any optional field by emailing us, and we will null it out.

If you are in the EU/UK, you also have rights under GDPR/UK GDPR (access, rectification, erasure, restriction of processing, objection, portability). The legal basis for our processing is your consent or our legitimate interest in running the product.

Your California rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you specific rights. We honor these rights regardless of where you live.

  • Right to know. Request a copy of the personal information we hold about you, the categories, the sources, the purposes, and the categories of third parties we share it with.
  • Right to delete. Delete your account and all associated personal data instantly from your delete-account page.
  • Right to correct. Correct inaccurate personal information from your profile page or by emailing us.
  • Right to opt out of sale or sharing. Kaivion does not sell your personal information and does not share it for cross-context behavioral advertising. We have nothing to opt you out of, but state this explicitly because California law requires we do.
  • Right to limit use of sensitive personal information. We do not collect sensitive personal information as defined by CCPA.
  • Right to non-discrimination. We will not deny you service, charge you a different price, or provide a different level of service if you exercise any of these rights.
  • Right to authorize an agent. You may authorize someone to make a request on your behalf. We will verify their authority before responding.

To exercise any of these rights, email us at Kaivionsupport@gmail.com from the address associated with your account. We respond within 45 days as required by California law. For requests we cannot verify, we may ask for additional information to confirm your identity.

We retain personal information only for as long as your account is active or as needed to run the service. When you delete your account, your personal data is removed promptly.

Security

All traffic is encrypted in transit. Your data is held under access controls that limit reads to your own account. No system is perfectly secure, but we take reasonable steps to protect what you give us.

Children

Kaivion is not intended for users under 18. We do not knowingly collect data from minors.

Changes to this policy

If we change how we handle data, we will update this page and update the date at the top. For significant changes, we will email registered users.

Contact

Questions go to Kaivionsupport@gmail.com.