ZhiEra LLC
Privacy Policy
This policy explains how Kivo Messenger for iOS and the services needed to operate it handle information. Kivo is designed to minimize data, but it is not a “zero-data” service.
1. Who operates Kivo
Kivo is operated by ZhiEra LLC (“ZhiEra,” “Kivo,” “we,” “us,” or “our”). Questions or privacy requests may be sent to support@it389.com. Please do not email a private key, recovery phrase, wallet password, or sensitive message content.
2. Information handled by Kivo
Information kept on your device
- Wallet secrets. The wallet password, private key, and recovery phrase are encrypted in the local Kivo vault. The vault is excluded from ordinary cloud backup by the app.
- Local messages and settings. Decrypted conversations, media, settings, and cryptographic keys are stored in the app's protected local database.
- Biometric result. If you enable Face ID, iOS performs biometric matching. Kivo receives only the authorization result, not your biometric template.
Account and device information
We process the public EVM wallet address, wallet-authentication challenge and signature, Kivo username, internal account identifiers, registered-device identifiers, authentication credentials, public identity/prekeys, and Apple Push Notification service (APNs) or VoIP push tokens. These items enable registration, account recovery, device authentication, discoverability, message delivery, and incoming calls.
Profile, messaging, group, call, and backup information
- Profile. If you provide a profile name, about text, or avatar, Kivo services process the encrypted profile information needed to share it with permitted users.
- Messages and attachments. Kivo uses end-to-end encryption for private messages and supported attachments. Services may temporarily store encrypted messages and encrypted media to deliver them. Delivery metadata—such as account/device identifiers, timestamps, queue status, size, and routing information—may be visible to the service.
- Groups. Kivo processes encrypted group state and the account identifiers and credentials needed to deliver group changes and messages.
- Calls. Kivo and its calling infrastructure process call signaling, call-link or group-call credentials, network addresses, routing information, and operational data required to establish and protect audio/video calls. Depending on call routing, another participant or a relay/SFU provider may receive your network address.
- Backups. If encrypted backup is available and you enable it, Kivo processes encrypted backup data and media, backup identifiers, and storage metadata needed to upload, retain, restore, and delete the backup.
Content you choose to share
Messages can contain text, photos, videos, audio, files, contact cards, location, reactions, and other content. Kivo processes the encrypted form needed to provide the feature. The people and groups you send content to receive a decrypted copy and may save or share it outside Kivo.
Search, security, diagnostics, and support
Exact username or wallet-address searches, IP address, request time, user agent, rate-limit events, and security signals may be processed to answer requests, prevent abuse, and operate the service. If you voluntarily contact support or submit a diagnostic log, we process the information and attachments you provide. Do not include wallet secrets.
Public blockchain information
A public wallet address and activity recorded on a public blockchain are public by design. Blockchain records are outside Kivo's control and generally cannot be changed or deleted. In the current Kivo messaging release, the wallet is used for identity authentication; Kivo does not need your private key to verify a signed proof.
Address book and advertising
The current Kivo iOS release is designed to find people by Kivo username or complete wallet address and does not request access to your iOS Contacts. Kivo does not use your information for cross-app advertising tracking and does not sell personal information. If these practices change, we will update this policy and the App Store privacy information before enabling the change.
3. How we use information
- create, authenticate, recover, secure, and delete messaging accounts;
- deliver messages, media, group updates, push notifications, calls, and optional backups;
- provide username and complete-wallet-address discovery;
- detect abuse, prevent replay or fraud, enforce rate limits, and protect users and services;
- diagnose failures, respond to support requests, maintain availability, and improve reliability;
- comply with applicable law and enforce our Terms.
4. When information is shared
We share information only as needed for the purposes above:
- With recipients. People and groups receive the profile and content you choose to share.
- With service providers. Hosting, content delivery, object storage, backup storage, email/support, and calling-relay providers process limited data for Kivo under service arrangements.
- With Apple. APNs and VoIP notification data is sent through Apple. Apple's handling is governed by Apple's terms and privacy policy.
- For safety and law. We may preserve or disclose limited information when reasonably necessary to comply with law, protect rights and safety, investigate abuse, or defend legal claims.
- Business changes. Information may transfer as part of a merger, financing, reorganization, or sale, subject to this policy and applicable law.
We do not give service providers your wallet password, private key, or recovery phrase because the Kivo client is designed not to upload those secrets.
5. Retention
We retain information only for as long as reasonably needed to provide and secure Kivo, meet deletion requests, resolve disputes, and comply with applicable obligations. Retention varies by data:
- account, username, device, and push-registration data is generally retained while the account or device is active;
- undelivered encrypted messages and attachments are retained until delivery, expiry, or the applicable queue/storage limit;
- encrypted backups are retained until deletion, expiry, or the applicable backup lifecycle;
- authentication challenges and proofs are designed to be short-lived; limited security records may remain longer to prevent abuse;
- support correspondence and operational/security logs are retained only as needed for support, reliability, security, and legal obligations.
Recipients' copies, public blockchain records, and data already lawfully retained by independent providers may not be removed by deleting a Kivo account.
6. Account deletion and privacy choices
A registered primary-device user can request deletion inside Kivo at Settings → Account → Delete Account. The flow asks for the local wallet password and lets the user separately choose whether to delete the encrypted wallet stored on that device.
After a successful request, Kivo deletes or de-identifies the messaging account and associated server data that we are not required or permitted to retain, and resets local messaging data. The selected local-wallet choice does not change public blockchain records or copies held by message recipients. If the local wallet is preserved, it remains encrypted on that device and can be deleted later by resetting the wallet/app data.
For access, correction, deletion, or another applicable privacy request, contact support@it389.com. We may need to verify control of the relevant Kivo account or wallet address without asking for wallet secrets.
7. Security
We use technical and organizational safeguards including transport encryption, end-to-end encryption for supported communications, local encrypted storage, short-lived authentication challenges, access controls, and rate limits. No system is perfectly secure. Protect your device, local wallet password, recovery phrase, and private key. Kivo support will never ask you to send a private key or recovery phrase.
8. International processing
Kivo and its providers may process information in countries other than where you live. We take measures intended to protect information as required by applicable law. Laws and government-access rules can differ between countries.
9. Children
Kivo is not directed to children who cannot legally consent to the processing described here. If you believe a child provided information without required permission, contact us so we can investigate and take appropriate action.
10. Changes
We may update this policy when Kivo's features, providers, or legal obligations change. We will post the updated date here and provide additional notice in the app when a material change requires it.
11. Contact
ZhiEra LLC
Email: support@it389.com
Support: https://kivo.it389.com/support/
中文要点
您的钱包密码、私钥和助记词会加密保存在设备本地,Kivo 客户端不会上传这些秘密。为创建、登录、恢复和查找通讯账号,Kivo 会处理公开钱包地址、短时签名证明、用户名、内部账号标识、设备及推送标识。消息和支持的附件采用端到端加密,但服务仍可能看到投递所需的账号/设备标识、时间、大小、队列、网络与路由信息,并暂存加密内容。Kivo 不是“零数据”服务。
您可以在“设置 → 账号 → 删除账号”中发起删除,并另外选择是否删除本机加密钱包。公开区块链记录、对方已经保存的内容以及依法需要保留的有限记录可能无法随账号删除。隐私问题请联系 support@it389.com,切勿发送私钥、助记词或钱包密码。