Privacy built for children. Trusted by parents. Governed by Indian law.
Who we are
Kyloen is a children's AI companion app built and operated by QX137 Future Tech (OPC) Private Limited, based in Delhi, India. Kyloen is a unit of QX137. Our Grievance Officer is Neha Kapoor, and legal compliance is managed by Unified Chambers And Associates.
This policy is for parents
Kyloen accounts are created and managed by parents or legal guardians (aged 18+). Children aged 5–18 use Kyloen under their parent's account. All data rights, consent, and deletion requests belong to the parent or guardian — not the child. By creating an account, you confirm you are the parent or legal guardian.
What data we collect
Parent data:
- Your name and email address (for account creation)
- Payment records (processed by Razorpay — we store only the transaction reference, not your card details)
Child data:
- First name and age group (to personalise Kylo's responses)
- Conversation messages with Kylo (to generate weekly insights and remember context)
- Mood scores and emotion signals (detected from conversations for weekly parent reports)
- Psychology interest scores and career signals (detected over time to show developmental patterns)
- Mascot name and personalisation preferences
We never collect: location, photos, device identifiers, school name, or any biometric data.
Why we collect this data
- To personalise Kylo's responses to your child's age, mood, and interests
- To generate weekly parent reports about your child's emotional wellbeing and growth areas
- To detect safety concerns and alert parents when Kylo identifies a potential crisis signal
- To process subscription payments and maintain your account
- To improve the Kyloen platform (only using anonymised, aggregated patterns — never individual data)
How long we keep your data
Who we share data with
Our AI Technology Partner (USA-based) — AI Processing
Your child's conversation messages are sent to our AI technology partner (USA-based) to generate Kylo's AI responses. This is a cross-border data transfer to the USA. Our AI partner processes this data only to generate responses and does not store conversations permanently on their servers or use them to train their general AI models (unless you separately opt-in). Our AI partner is bound by strict data processing agreements.
Razorpay (India) — Payment Processing
Subscription payments are processed by Razorpay. We share only the transaction amount and your email with them. We never see or store your card or bank details.
We NEVER share your data with: advertisers, schools, employers, social media platforms, data brokers, or any third party not listed above. We will never sell your child's data. Ever.
Cross-border data transfer disclosure
By using Kyloen, you consent to your child's conversation messages being transferred to and processed in the United States of America by our AI technology partner for the sole purpose of generating Kylo's AI responses. This transfer is necessary for the core functionality of the product. Our AI technology partner maintains appropriate safeguards for such transfers. No other cross-border data transfers occur.
Your rights as a parent (DPDPA 2023)
- Right to access: Request a copy of all data we hold about you and your child at any time.
- Right to correction: Ask us to correct any inaccurate information.
- Right to deletion: Delete all data instantly from your dashboard, or email us to request full deletion.
- Right to withdraw consent: Stop all data processing at any time by deleting your account. This will end your subscription.
- Right to grievance: File a complaint with our Grievance Officer (see bottom of this page) and receive a response within 30 days.
- Right to nominate: You may nominate another person to exercise your rights on your behalf.
How to delete all data
Go to Settings → Account → Delete Account. This will immediately delete all your child's conversation history, mood scores, profile data, and your account. Payment records are retained for 7 years as required by Indian law. Crisis flags are retained permanently as a legal obligation. All other data is permanently erased within 30 days. You can also email privacy@kyloen.com with the subject line 'DATA DELETION REQUEST — [your account email]' and we will process it within 30 days.
Data security
All data is encrypted in transit using TLS 1.3 and encrypted at rest using AES-256 via Supabase's enterprise-grade database infrastructure. Authentication uses secure JWT tokens. We conduct regular security reviews. In the event of a data breach that affects your data, we will notify you within 72 hours by email, as required by law.
No advertising. Ever.
Kyloen has a simple promise: we will never show your child advertising, never use your child's data for advertising profiling, and never sell or license your data to any advertiser or data broker. Our only revenue is your subscription. Your child's data is not our product.
Data breach notification
If we discover a data breach that compromises your personal data, we will notify you by email within 72 hours of becoming aware of it. We will tell you: what happened, what data was affected, what we are doing about it, and what you should do. We will also notify the Data Protection Board of India as required by DPDPA 2023.
Cookies and analytics
Changes to this policy
We may update this Privacy Policy. When we make significant changes, we will notify you by email at least 15 days before the change takes effect. Continued use of Kyloen after the effective date constitutes acceptance of the updated policy.
Contact us
Privacy questions: privacy@kyloen.com
Grievance Officer: Neha Kapoor — grievance@kyloen.com
Legal compliance: Unified Chambers And Associates
Address: QX137 Future Tech (OPC) Pvt. Ltd., Delhi, India
Response time: 48 hours for general queries, 30 days for formal grievances
Grievance Officer
Neha Kapoor
Legal compliance by Unified Chambers And Associates
grievance@kyloen.comResponse within 30 days as required by DPDPA 2023
© 2026 Kyloen — QX137 Future Tech (OPC) Pvt. Ltd., Delhi, India