This Privacy Policy explains what information Dakko (the "App") collects, how that information is used, who it is shared with, and the choices you have. Dakko is built by Koda AI LLC, doing business as Dakko, a Wyoming limited liability company ("we", "us", "our"). We can be reached at info@dakko.app.
If you have questions about this policy, please email us. We try to respond within 7 business days.
The rest of this document explains the specifics.
The following information is stored locally on your device in an encrypted SQLite database. It is not transmitted to our servers or to any third party:
We have no remote backup of this data. If you uninstall the app, factory-reset your device, or move to a new device, this data is lost unless you have used a future export feature (planned for a later release).
With your explicit permission, Dakko reads your daily step count from Apple HealthKit (on iOS) or Health Connect (on Android). This information is read on-device, in real time, when the app is active, and is used only to display your step total in the app, to celebrate active days, and to influence your pet's mood.
Step data is not transmitted to our servers and is not retained beyond your current local session except as a numeric total in the local database.
You can revoke this permission at any time in your device's Settings. We do not read other HealthKit categories (heart rate, sleep, body measurements, medications, etc.) and we do not write to HealthKit. The NSHealthUpdateUsageDescription string in our app is required by Apple even though we do not use it.
With your explicit permission, Dakko reads upcoming events from your device's calendar. This information is read on-device, in real time, and is used to: notice upcoming events so the pet can mention them, schedule pre-event and post-event notifications, and inform the daily greeting.
Raw calendar data is not transmitted to our servers. Event titles may be referenced in chat prompts sent to the AI provider when relevant to the conversation context. Our server does not log this.
When you send a chat message to your pet, the following is transmitted to our backend (a Cloudflare Worker proxy) to generate a response:
We do not transmit your name as registered with Apple or Google, your email address, your device identifier (UDID, IDFA, or similar), your IP address (beyond what is required to route the HTTPS request), your full conversation history, your full calendar, or your full health data.
The proxy adds the API key for the AI provider and forwards the request. The proxy itself does not log or persist the content of your prompts or the AI's responses.
When the app crashes or encounters an unhandled error, technical diagnostic data is sent to Sentry (our crash reporting provider). This includes stack traces and error messages, app version, OS version, device model, anonymous session identifier, and timestamp. It does not include your chat messages, calendar events, health data, or any user-content text.
We use Aptabase (a privacy-preserving analytics provider) to understand aggregate retention and engagement. Aptabase does not use cookies, fingerprinting, or any cross-app tracking. The events we send are limited to app launches, screen views, button taps (no content), an anonymous session ID per install, and an anonymous device hash (not the IDFA, not the device serial). Aptabase does not collect your IP address.
If you grant notification permission, your device generates a push notification token (APNs on iOS, FCM on Android) which we store on our backend so we can send you scheduled notifications from your pet. The token is a per-install, per-device opaque string; it is not your phone number, email, or device identifier.
Used to operate the core features of the app: showing your pet, generating chat responses, surfacing memories, scheduling notifications, tracking points, displaying your travel and journal.
Used to generate AI responses for your chat messages, schedule and deliver push notifications, enforce per-user rate limits, and detect and prevent abuse.
Used to fix bugs and improve the product. Aggregate data only — never used to target specific users.
We share information only with the following service providers, only to the extent needed to operate Dakko:
| Provider | Purpose | Data shared |
|---|---|---|
| Cloudflare | Hosts our backend proxy | HTTPS request metadata at the network level for routing |
| Google (Gemini API) | Generates AI responses | The constructed system prompt and your message text, per-request. Not used to train Google's models per their paid API terms. |
| Apple (APNs) | Delivers iOS push notifications | Push token and notification payload |
| Google (FCM) | Delivers Android push notifications | Push token and notification payload |
| Sentry | Crash reporting | Stack traces and device metadata. Not chat content. |
| Aptabase | Anonymous analytics | Event names and anonymous session ID. No content. No IP. |
| Apple App Store / Google Play | App distribution and (in future) subscription billing | Whatever Apple/Google require. We never see your full payment information. |
| Apple StoreKit | Processes in-app purchases (e.g. the Pet Video Pass) | Apple handles the entire transaction. We never see your full payment information, name, email, or billing address. We receive a transaction identifier only after a purchase succeeds. |
| RevenueCat | Manages our in-app purchase entitlements (verifies a purchase happened, supports "Restore Purchases" across devices) | A randomly generated install-scoped user ID + the receipts Apple issues at purchase. RevenueCat does not receive your name, email, or payment details. See RevenueCat's privacy policy. |
We do not share data with any other third parties. We may share information if required by law (e.g., a valid subpoena) or to protect against fraud, abuse, or threats to safety. We will notify you when permitted by law if such a request affects you.
You can view and delete your pet's memories in the app's Profile screen, re-adopt to wipe your pet's identity (with optional preservation of identity-class memories controlled by a setting), delete the app to remove all on-device data immediately, or email info@dakko.app to request deletion of any server-side data tied to your install. We will fulfill within 30 days.
You can revoke any permissions at any time in your device Settings without losing the app: HealthKit / Health Connect, Calendar, Notifications, and Location.
California residents have the right to know what personal information we collect, request deletion, and opt out of "sale" of personal information. We do not sell personal information. To exercise CCPA rights, email info@dakko.app.
If you are located in the EU or UK, you have the rights to access, rectify, erase, and port your personal data. The legal basis for our processing is legitimate interest (operating the app you installed) and consent (HealthKit, Calendar, Notifications). To exercise rights, email info@dakko.app.
Dakko is operated from the United States. By installing the app, you consent to data being processed in the US.
Dakko is rated 13+. We do not direct the app at children under 13 and do not knowingly collect personal data from anyone under 13. The app includes an age-gate during onboarding that asks for the user's birthdate and blocks users who indicate they are under 13.
If you are a parent or guardian and you believe your child under 13 has installed Dakko, please contact us at info@dakko.app and we will delete any associated data. This policy is designed to comply with COPPA and its 2026 amendments.
Dakko's pet uses a large language model (currently Google Gemini 2.5 Flash) to generate conversational responses. AI-generated content can sometimes be unexpected, inaccurate, or inappropriate despite our safety measures. Do not rely on Dakko for medical, legal, financial, or safety-critical advice. If you are experiencing a mental health crisis, please contact the 988 Suicide and Crisis Lifeline (US) or your local emergency services.
We do not claim Dakko is a therapist, coach, or medical device.
We use industry-standard security practices: all network traffic uses HTTPS (TLS 1.2+), API keys are held only on our server (never in the app binary), the on-device database uses iOS / Android platform encryption when device-level encryption is enabled, and backend access is restricted to a small number of authorized personnel.
No system is perfectly secure. If we discover a breach affecting user data, we will notify affected users in accordance with applicable law and via in-app notice or email.
We may update this policy from time to time. The "last updated" date at the top of this document reflects the most recent revision. If we make material changes, we will notify you in the app and via email if we have your address.
If you continue using the app after a change takes effect, you accept the revised policy. If you do not agree, please delete the app.
For privacy questions, deletion requests, or any other concern related to this policy:
Email: info@dakko.app
Mailing: Koda AI LLC, 30 N Gould St Ste N, Sheridan, WY 82801, United States
We try to respond to all privacy inquiries within 7 business days.