Back

Privacy Policy

Effective Date: [Date of Launch] Last Updated: [March 18th 2026]

1. Introduction

We, at KAION are dedicated to serving our customers and contacts to the best of our abilities. Our App is an AI-powered neuro-tech platform designed to help you understand how your brain works and affects your behaviour and thoughts through conversational interactions.

Part of our commitment involves the responsible management of personal information collected through our website and application, as well as any related interactions. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our mobile application (the “App”, “KAION”).

Our primary goals in processing this information include:

  • Enhancing the user experience on our platform by understanding customer needs and preferences.
  • Providing timely support and responding to inquiries or service requests.
  • Improving our products and services to meet the evolving demands of our users.
  • Conducting necessary business operations, such as billing and account management.

It is our policy to process personal information with the utmost respect for privacy and security. We adhere to all relevant regulations and guidelines to ensure that the data we handle is protected against unauthorised access, disclosure, alteration, and destruction. Our practices are designed to safeguard the confidentiality and integrity of your personal information, while enabling us to deliver the services you trust us with.

Your privacy is our priority. We are committed to processing your personal information transparently and with your safety in mind. This commitment extends to our collaboration with third-party services that may process personal information on our behalf, such as in the case of sending invoices. Rest assured, all activities are conducted in strict compliance with applicable privacy laws.

Unless otherwise specified below, providing your personal data is neither legally nor contractually obligatory, nor required to conclude a contract. You are not obligated to provide your data. Not providing it will have no consequences, unless processing procedures described below state otherwise.

When we need you to provide personal data it will be for a specific purpose, and this purpose will be clearly listed in this policy. Whether to provide the personal data will be your decision at any point, and you are able to change this decision at any point.

“Personal data” is any information relating to an identified or identifiable natural person.

NEWEYES (hereinafter “Kaion” or “We”), with primary registration in 165B Telok Ayer Street, 068617, Singapore and operational headquarters at the same address including its website at www.kaion.ai (hereinafter the “Platform”), is the Data Controller for the processing and protection of the Personal Data (the “Personal Data”) that you share with us.

Contact

Legal Entity:
NEWEYES PTE. LTD.

Company Registration Number 202556859N

Address: 165B Telok Ayer Street, 068617, Singapore

info@kaion.ai

This Privacy Policy is designed to comply with Singapore’s Personal Data Protection Act 2012 (PDPA).

Contact us at any time with any question or consult.

2. Personal Data We Collect

Category

Data Types

Identification & Profile Data

Full Name, email address, password (hashed), date of birth (for age verification).

Contact Information

Email address

Conversational Data

Summaries of voice interactions with the AI bot (kept in written form).

Video & Image Data

Live video stream data used during the chat interaction (these are made to determine the emotion, but not kept). We do not store continuous raw video streams.

Financial Data

Transaction details, subscription tier, and masked card numbers (processed by third-party payment providers, e.g. Stripe).

Location Data (IP)

IP address, Region (determine server location). The purpose is to prevent fraud.

Technical & Usage Data

Device ID, operating system, crash reports, and cookies/web beacons data.

2.1 Information You Provide Directly

  • Account Information: Name, date of birth, email address.
  • Payment Information: Credit card details (processed and stored by our payment processor Stripe; we do not store your payment information).
  • Age verification: Аge bracket.
  • Conversation Content: The information you share during conversations with our AI. What is kept are conversation summaries and not transcripts.

When you create a customer account, we collect your personal data within the scope specified. Processing this data is for the purpose of improving your shopping experience and simplifying order processing and will be carried out in with Section 13 and Section 18 of the PDPA, with your consent. You can withdraw your consent at any time without affecting the legality of the processing that occurred with your consent prior to the withdrawal. If you withdraw your consent, your customer account will be deleted.

2.2 Information Collected Automatically

  • Device Information: Device type, operating system (iOS), device identifiers.
  • Technical Data: IP address, app usage data, interaction patterns.
  • Camera and Microphone Access: We request camera and microphone permissions to analyse voice patterns and facial expressions during conversations. We do not record, store, or retain audio or video files. Only analytical markers extracted from these inputs are processed in real-time and stored as summaries.
  • Localisation information: country.
  • User behaviour: voice usage patterns, emotional state trends, cognitive game proficiency, preferred content types.

2.3 Analytics and Tracking Data

We use the following third-party analytics services to understand how users interact with our App:

  • Google Analytics 4: Collects IP address, device type, and usage patterns.
  • Mixpanel: Collects device information and behavioural analytics.
  • Google & Meta Ads: Used for user engagement and marketing attribution analysis.
  • Age verification partner: Identity Verification, KYC & AML Compliance | ComplyCube this
    provider helps us make sure users are above the age of 18.
  • Consent Management Platform: https://usercentrics.com/ is our dedicated CMP specifically
    designed to handle compliantly the requirements of data privacy laws.
  • Braze: Used for user engagement and communication.
  • Age verification partner: Identity Verification, KYC & AML Compliance | ComplyCube this provider helps us make sure users are above the age of 18.
  • Cognifit: Cognifit.com is our game provider. It receives a user id from KAION and collects the performance and usage behaviour of the user in the games. No personal and identifiable data crosses between Cognifit’s environment and KION’s environment. 

2.3.1 Mixpanel

Mixpanel allows the analysis of:

  • How long users stay in conversation.
  • Which games they choose and how often.
  • Brain fitness progression.
  • Drop-off points in onboarding or during insights.

Events we track with Mixpanel:

  1. Voice Interaction Events
  • voice_session_started
  • voice_session_ended
  • Message sent
  • message_sent
  • message_received
  • avatar_listening
  • avatar_thinking
  • avatar_answering
  • user_interrupts_bot
  1. Emotion Recognition Events
  • emotion_detected (including emotion type)
  • emotion_confidence_score
  • mixed_emotion_case
  • blop_reaction_triggered
  • context_understanding_request
  1. Game Events
  • game_map_opened
  • game_selected
  • game_started
  • game_completed
  • game_score_recorded
  1. Onboarding & Login Events
  • signup_started
  • signup_completed
  • login_successful
  • login_failed
  • biometric_login_attempted
  • biometric_login_success
  • biometric_login_failed
  • app_open
  • app_close
  • first_login
  • subsequent_login
  • permissions_granted (camera, mic, location, motion)
  • consent_given (for each category)
  • consent_revoked

User Properties Mixpanel Will Store

  1. Behavioral Attributes
  • avg_session_length
  • frequency_of_voice_usage
  • emotional_variability_index
  • conversation_topic_preference
  1. Cognitive & Emotional Metrics
  • brain_fitness_score
  • memory_game_skill
  • reaction_time_score
  • emotional_consistency_score
  1. Device Metadata
  • Device_model
  • OS_version
  • screen_size
  • app_version
  1. Privacy & Consent Preferences
  • analytics_consent
  • data_sharing_consent
  • voice_storage_consent
  • emotion_tracking_consent

2.4 Cookies and Similar Technologies

Our App and website use cookies and similar tracking technologies. You can manage your cookie preferences through our Consent Management Platform (CMP), accessible in the App settings and on our website.

You can use our website without submitting personal data.

Every time our website is accessed, user data is transferred to us or our web hosts/IT service providers by your internet browser and stored in server log files. This stored data can include: name of the site page called up, date and time of the request, IP address, amount of data transferred, and the provider making the request. The processing is carried out on the basis of First Schedule, Part 3 of the PDPA due to our legitimate interests in ensuring the smooth operation of our website as well as improving our services.

3. How We Use Your Personal Data

We process your personal data based on the following legal grounds under the PDPA:

3.1 To Provide and Improve Our Services (Legitimate Interest)

  • Deliver AI-powered conversational experiences.
  • Create and maintain your user profile.
  • Analyse behavioural and cognitive patterns to provide personalised insights.
  • Generate summaries of your conversations for continuity of service.
  • Improve our AI models and service quality through anonymised data.
  • To evaluate the quality of our service: statistical analysis of usage data.
  • To promote KAION’s services: marketing activities (e.g., promotional announcements).

If you do not wish for your Personal Data to be processed for the secondary purposes, you may inform us at any time. Refusal to allow the use of your Personal Data for secondary purposes will not be grounds for denying you the main services you contract with us.

3.2 Behavioural and Cognitive Profiling

Throughout your interactions with our App, we extract markers based on:

  • Voice patterns (tone, pace, speech characteristics).
  • Facial expressions (when the camera is used).
  • Content and context of your inputs.

These markers are interpreted through several complementary psychological dimensions recognised in academic and applied psychology:

  • Cognitive Preferences: How you perceive information, process it, make decisions, and structure action (based on analytical traditions from Carl Jung and cognitive psychology).
  • Personality Traits: Integrity, emotional regulation, conscientiousness, adaptability, and interpersonal orientation.
  • Neuro-Cognitive Patterns: How you respond under stress, balance emotion and reason, sustain focus, and adapt behaviour over time.
  • Motivational Drivers: Deep character strategies drawing from psychodynamic and developmental psychology.

Important: We do not diagnose mental health conditions, do not inquire about mental health diagnoses, do not prompt users to share mental health information, and do not make inferences about mental health conditions. Our profiling provides a holistic, non-labelling view of personality and cognitive patterns.

3.3 To Process Payments (Contractual Necessity)

  • Process subscription payments through Stripe.
  • Maintain transaction records.

3.4 To Communicate With You (Consent/Legitimate Interest)

  • Send service-related notifications.
  • Provide customer support.
  • Send updates about changes to our Privacy Policy.

If you contact us via email, we will only collect your personal data (name, email address, message content) to the extent provided by you. The purpose of processing this data is to manage and respond to your contact request.

If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, data processing takes place on the basis of Section 15 of the PDPA.

If the initial contact occurs for any other reason, data processing takes place on the basis of Section 18 of the PDPA for the purpose of our overriding, legitimate interest in handling and responding to your request. In such a case, on grounds relating to your particular situation, you have the right to object at any time to the processing of your personal data carried out on the basis of Section 18 of the PDPA.

We will only use your email address for processing your request. Your data will subsequently be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

3.5 To Comply With Legal Obligations

  • Respond to legal requests and prevent fraud.
  • Enforce our terms of service.

4. How We Share Your Personal Data

4.1 Third-Party Service Providers

We share your data with the following categories of service providers who process data on our behalf:

  • AI Services: OpenAI powers our conversational features. We send conversation prompts and guardrails to generate responses but do not send identifying personal data. We have a Data Processing Agreement with OpenAI.
  • Payment Processing: Stripe processes all payment transactions. Your payment information is handled entirely by Stripe and is not stored on our servers.
  • Analytics Providers: Google Analytics 4, Mixpanel, and Braze receive usage and behavioural data to help us understand app performance and user engagement.
  • Communication Platform: Braze is used to send you notifications and updates.
  • Age Verification: Innovatrics provides biometric age verification services to ensure compliance with our age restrictions.

4.2 Data Not Sold or Monetised

We do not sell, rent, or monetise your personal data to any third parties. Your data is used exclusively within the legitimate interest of providing and improving our services.

4.3 Legal Requirements

We may disclose your personal data if required by law, regulation, legal process, or governmental request.

5. AI Model Training

We may use conversation data to train and improve our AI models under the following conditions:

  • Data is fully anonymised before being used for training purposes.
  • Full conversations are not used; only anonymised extracts and patterns.
  • Personal identifiers are removed before any data is used for model improvement.

6. Data Security

KAION is committed to treating all collected information with strict security measures, guaranteeing its confidentiality at all times, in accordance with the Protection Obligation of the PDPA. We implement appropriate technical and organisational measures to protect your personal data:

  • Encryption: Data is encrypted both at rest and in transit.
  • Access Controls: Access to personal data is governed by the need-to-know principle.
  • Audit Logs: All access to personal data in our production database is logged.
  • Regular Security Reviews: We regularly assess and update our security practices.

Despite our efforts, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data. We can only continuously update our technology to avoid damage, loss, alteration, destruction, or unauthorised use, access, or processing of your personal data.

7. Data Retention

7.1 Active Users

We retain your personal data, including conversation summaries, for 12 months following your last login to the App. This retention period is necessary to provide continuity of service.

7.2 Account Deletion

If you delete your account or request data deletion:

  • All personal data will be deleted within 30 days of your request.
  • We retain only transactional data that cannot be used to identify you, as required for legal and accounting purposes.
  • Anonymised data used for AI training cannot be retrieved or deleted as it no longer contains personal identifiers.

8. Your Rights Under Singapore’s PDPA

You have the following rights regarding your personal data:

8.1 Right to Access

You can request a copy of the personal data we hold about you.

8.2 Right to Correction

You can request that we correct any inaccurate or incomplete personal data.

8.3 Right to Withdrawal of Consent

Where we process your data based on consent, you can withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before withdrawal.

8.4 Right to Data Portability

You can request your personal data in a structured, commonly used format.

8.5 Right to Deletion

You can request deletion of your personal data, subject to legal retention requirements.

8.6 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: info@kaion.ai

We will respond to your request within 30 days as required under the PDPA.

9. Age Restrictions

Our App is intended for users aged 18 and older. We implement the following measures to prevent access by minors:

  • Date of birth verification at registration.
  • Biometric age verification through our third-party provider.

If we learn that we have collected personal data from a person under 18, we will delete that information promptly.

10. International Data Transfers

We primarily serve users in Singapore. Your personal data is stored and processed in a Singapore service tenant via Microsoft Azure. When we transfer data to third-party service providers (such as OpenAI), we ensure appropriate safeguards are in place through Data Processing Agreements.

We transfer your personal data from Singapore to our data processing facilities in Bulgaria (EEA member state) for core service processing. This transfer is done in compliance with the PDPA’s Transfer Limitation Obligation by:

  • GDPR Adherence: Our Bulgarian data processor is subject to the stringent GDPR, which provides a comparable level of protection.
  • Standard Contractual Clauses (SCCs): We execute a Data Processing Agreement (DPA) incorporating EU Standard Contractual Clauses (SCCs) to contractually guarantee data security.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:

  • We will update the “Last Updated” date at the top of this policy.
  • We will notify registered users via email.
  • Continued use of the App after changes constitutes acceptance of the updated policy.

We encourage you to review this Privacy Policy periodically.

12. Cookies and Tracking Technologies

12.1 What We Use

Our App and website use cookies and similar technologies for:

  • Essential functionality.
  • Analytics and performance monitoring.
  • User preferences.

12.2 Your Choices

You can manage your cookie preferences through our Consent Management Platform (CMP) available in:

  • App settings.
  • Our website cookie banner.

Disabling certain cookies may limit your ability to use some features of the App.

13. Third-Party Links

Our App may contain links to third-party websites or services like the ones below. We are not responsible for the privacy practices of these external sites.

We encourage you to read their privacy policies.

(ii) Cognifit

(iii) Payment Management: Stripe

14. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact:

NEWEYES PTE. LTD.
165B Telok Ayer Street, 068617
Singapore

Data Protection Officer:
Katrien Meire

Email: info@kaion.ai

15. Complaints

If you believe we have not handled your personal data in accordance with the PDPA, you have the right to lodge a complaint with:

Personal Data Protection Commission Singapore
10 Pasir Panjang Road
#03-01 Mapletree Business City
Singapore 117438

Website: www.pdpc.gov.sg