Privacy Policy

This policy covers all mobile apps published by Kozaku. Each app section below describes the data it specifically collects. Where practices apply to all apps, they are described in the shared sections at the end.

1. Who we are

Kozaku is an independent mobile app developer. If you have any questions about this policy, contact us at jan@kozaku.com.

2. Don’t Break It / Don’t break the habit

Don’t Break It is a habit-tracking app with streak gamification, available on iOS and Android.

Guest mode (no account)

All data is stored only on your device. We collect nothing. Uninstalling the app removes all data.

When you create an account

We store the following data on our servers (hosted by Supabase in the European Union):

Account data — email address and hashed password, or a provider token if you sign in with Google or Apple.
Habit data — habit names, emoji labels, colour choices, and completion entries you log.
Streak metadata — streak counts and shield-usage flags derived from your entries.
App preferences — your notification times and other in-app settings.

We do not collect your name, location, health metrics, or any data beyond what is listed above.

How Don’t Break It uses your data

To sync your habits and streaks across devices.
To restore your data if you reinstall the app.
To send transactional emails (e.g. password reset). We send no marketing emails.

Purchase data (RevenueCat)

If you purchase the Pro upgrade (one-time $0.99), the transaction is processed by Apple or Google. We use RevenueCat to verify and manage entitlements. RevenueCat receives:

A randomised, anonymous app user ID (generated at install — not linked to your name or email).
Purchase receipts from the platform store.
Basic device metadata required for receipt validation (platform, app version, locale).

RevenueCat does not receive any of your habit data. See RevenueCat’s Privacy Policy.

Notifications

Daily reminders are scheduled and delivered entirely on-device via the OS notification system. No push server is involved and no notification content is transmitted externally.

Third-party services used by Don’t Break It

Supabase handles authentication and database storage. If you sign in with Google or Apple, their privacy policies apply to the authentication step; we only receive a unique identifier and your email address from those providers.

Data retention for Don’t Break It accounts

Your data is retained for as long as your account is active. If you delete your account, all associated data is permanently removed from our servers within 30 days. You can request deletion via the Data Deletion Request page or by emailing jan@kozaku.com.

3. Fastle

Fastle is an intermittent fasting tracker available on iOS and Android.

Guest mode (no account)

All data is stored only on your device. We collect nothing. Uninstalling the app removes all data.

When you create an account

We store the following data on our servers (hosted by Supabase in the European Union):

Account data — email address and hashed password, or a provider token if you sign in with Google or Apple.
Fasting sessions — start time, end time, goal duration, and fasting protocol for each session you log.
App preferences — your chosen theme colour and display language.

We do not collect your name, location, health metrics, or any data beyond what is listed above.

How Fastle uses your data

To sync your fasting history across devices.
To restore your data if you reinstall the app.
To send transactional emails (e.g. password reset). We send no marketing emails.

Third-party services used by Fastle

Data retention for Fastle accounts

4. Detective Kozaku: Last Seen

Detective Kozaku: Last Seen is a narrative mystery game told through a WhatsApp-style chat interface, available on iOS and Android.

No account required

The app requires no registration and collects no personal information. There is no login, no email address, and no data transmitted to Kozaku servers.

Data stored on your device

All game data is stored only on your device in a local SQLite database. This includes:

Story progress — which story nodes you have completed and which choices you made.
Message history — the story messages that have been “delivered” to each chat, as defined by the story content bundled with the app.
Scheduled unlock times — timestamps used to unlock story segments at a future time, stored locally so the timer survives app restarts.

None of this data is transmitted to any server. Uninstalling the app removes all data from your device.

iCloud backup (iOS only)

On iOS, the game database is stored in the Application Support directory, which Apple includes in iCloud backups if you have iCloud Backup enabled on your device. This means your progress may be backed up to and restored from your personal iCloud account. This is a standard iOS feature controlled entirely by your own Apple account settings; Kozaku has no access to your iCloud data.

Rewarded ads (Google AdMob)

The app shows rewarded ads powered by Google AdMob. Watching a rewarded ad is optional and grants in-game benefits (such as unlocking a story segment early). When an ad is shown, Google AdMob may collect device identifiers (such as the advertising ID) and other data to serve and measure the ad. This data is governed by Google’s Privacy Policy. You can opt out of personalised advertising at any time in your device settings (iOS: Settings → Privacy & Security → Apple Advertising; Android: Settings → Google → Ads).

Story content delivery (Firebase)

New stories, character images, and translation files are delivered to the app via Google Firebase Storage, a cloud storage service operated by Google LLC. When the app checks for or downloads new story content, it contacts Firebase servers. No personal information is transmitted in these requests — the app only downloads story files (JSON, images) that are identical for every user.

The app uses Firebase App Check to verify that requests come from a genuine, unmodified install of the app. App Check may use device-level signals (such as Play Integrity on Android or DeviceCheck on iOS) to issue a short-lived attestation token. These signals are processed by Google and are not stored by Kozaku. See Google Firebase’s Privacy Policy for details.

Downloaded story content is cached in the app’s private storage on your device and is not shared with any third party.

Notifications

The app may display local notifications to alert you when a new story segment unlocks. These notifications are scheduled and delivered entirely on-device by the operating system. No notification content is sent to any server, and no push notification service is used.

5. Shared practices (all Kozaku apps)

We do not sell your data

We do not sell, rent, or share your personal data with advertisers, data brokers, or any third parties beyond what is described in this policy.

Children’s privacy

Our apps are not directed at children under 13 (US) or under 16 (EU/EEA). We do not knowingly collect personal information from children. If you believe a child has provided personal data, contact us and we will take appropriate steps.

Your rights

Depending on your jurisdiction, you may have rights including access, correction, deletion, and portability of your data. For local-only apps (including Detective Kozaku: Last Seen), your data is already fully under your control on your device. For apps with account-based cloud storage, contact us at jan@kozaku.com to exercise any of these rights.

Security

Local data is stored in a sandboxed database with no network exposure. Account data is transmitted over HTTPS and stored by Supabase with industry-standard security practices. No system can guarantee absolute security against device-level compromise outside our control.

Changes to this policy

If we make material changes, we will update the date at the top of this page. For significant changes (e.g. adding cloud sync to a currently local-only app), we will notify users via an in-app notice before the change takes effect. Continued use after notice constitutes acceptance.

Contact

Questions or concerns? Email us at jan@kozaku.com. We aim to respond within 5 business days.