Privacy Policy

Welcome to Kiva. This Privacy Policy explains how Kiva ("we," "us," or "our") collects, uses, discloses, and safeguards your information when you use our mobile application and related services (collectively, the "Service").

By accessing or using Kiva, you agree to the collection and use of information in accordance with this policy. If you do not agree with any terms within this policy, please discontinue use of the Service immediately.

This policy is designed to comply with international data protection regulations. We act as the data controller for the personal information processed through the Service.

This policy applies strictly to Kiva. It does not apply to third-party websites, services, or applications that may be linked within our climbing community platform.

Kiva is strictly intended for individuals who are at least 18 years of age. By using Kiva, you represent and warrant that you meet this age requirement.

We reserve the right to request proof of age at any stage to ensure that minors are not using the Service.

To join the Kiva community, you provide us with essential details such as your name (or pseudonym), email address, date of birth, and password.

You may choose to enhance your profile by providing elective information, including your climbing experience level, preferred climbing styles (e.g., bouldering, lead, trad), home gym, and a profile biography.

When you contact our support team at kiva.love@service, we collect the content of your message, your email address, and any attachments you provide to resolve your inquiry.

If you participate in community surveys, contests, or climbing events hosted by Kiva, we collect the information you submit during entry.

As a community-centric app, Kiva collects the content you upload, including photos of crags, videos of "beta" (climbing moves), route descriptions, difficulty ratings, and comments.

When you upload media, we may collect metadata associated with the files, such as the time and location where a photo was taken, to help categorize climbing routes accurately.

We collect data regarding your interactions with other users, such as "likes," follows, and public messages within the community forums or route comment sections.

While Kiva is a social platform, we provide tools for you to manage the visibility of certain UGC. However, please be aware that public climbing logs are accessible to other Kiva users.

We collect specific data about the device you use to access Kiva, including the hardware model, operating system version, unique device identifiers (e.g., IDFA/AAID), and mobile network information.

Our servers automatically record log information, including your Internet Protocol (IP) address, access times, pages viewed, and the page you visited before navigating to our Service.

We track how you interact with Kiva—such as which climbing routes you view most often, the duration of your sessions, and the features you utilize—to improve the user experience.

In the event of an app crash, we collect diagnostic information to identify and fix technical bugs.

To help you find climbing crags, gyms, and fellow climbers nearby, Kiva may collect your precise location data (GPS, Wi-Fi, and cell tower info) with your explicit consent.

We primarily collect location data while you are using the app. If you enable "Route Tracking" or "Emergency Check-in" features, we may collect location data in the background to ensure your safety and accuracy of your climbing logs.

If you choose not to share precise GPS data, we may still infer your general location (e.g., city or region) based on your IP address.

You can manage or revoke location permissions at any time through your mobile device's operating system settings. Note that disabling location may limit some core features of the climbing community.

We use your data to create and maintain your account, process climbing logs, and display relevant content within the Kiva community.

We analyze your climbing style and history to recommend new routes ("beta"), suggest climbing partners, and show you local climbing events that match your skill level.

Information is used to verify accounts, monitor for fraudulent activity, and ensure that our community remains a safe environment for all climbers.

We use aggregated and anonymized data to understand usage patterns, troubleshoot technical issues, and develop new features such as "Route Difficulty Prediction" or "Gym Crowdsource Tracking."

We use your email to send technical notices, updates, security alerts, and support messages. With your consent, we may also send newsletters or promotional offers related to the climbing world.

We share information with third-party vendors who perform services on our behalf, such as cloud hosting (e.g., AWS), data analytics (e.g., Google Analytics for Firebase), and email delivery services.

To provide crag locations and navigation, we may share obfuscated location data with map service providers like Mapbox or Google Maps.

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of the business assets. We will notify you via email or a prominent notice on our Service before your information is transferred.

We may share non-personally identifiable, aggregated, or de-identified information with partners for research or industry analysis (e.g., climbing trend reports).

We use mobile advertising identifiers (like IDFA on iOS) and similar technologies to recognize you and your device. These help us understand how you interact with our ads and the app.

We use local storage on your device to remember your preferences (such as your preferred measurement units: meters vs. feet) and to keep you logged in between sessions.

We may integrate third-party Software Development Kits (SDKs) that allow these third parties to collect information directly from Kiva to analyze performance or provide social media sharing features.

Most mobile devices allow you to reset your advertising identifier or opt out of tracking via the "Privacy" or "Ads" section in your device settings.

We retain your personal information for as long as your account is active or as needed to provide you with the Service.

Because climbing logs contribute to the collective knowledge of the community, certain UGC (like route ratings or crag photos) may be retained in an anonymized format even after account deletion, unless specifically requested otherwise.

We may retain certain information for longer periods if required to comply with legal, tax, or accounting obligations, or to resolve disputes.

When you delete your account, we typically remove your personal profile data within 30 days, although backup copies may persist in our systems for a limited period for disaster recovery purposes.

You retain ownership of the photos, videos, and climbing logs you post. However, by uploading content to Kiva, you grant us a worldwide, non-exclusive, royalty-free license to use, host, store, reproduce, and display such content solely for the purpose of providing and promoting the Service.

You agree not to post content that is defamatory, obscene, promotes illegal acts, or infringes on the intellectual property of others. Kiva reserves the right to remove any content that violates our Community Guidelines.

When you tag a crag or route, you help build the global climbing database. We may use this metadata to refine our maps and route suggestions for other users.

We respond to notices of alleged copyright infringement. If you believe your work has been copied in a way that constitutes copyright infringement, please contact our support email.

We utilize a combination of automated scanning technologies and human moderation to identify and remove CSAE.

In accordance with global laws and Apple/Google store policies, we will immediately report any confirmed instances of CSAM to the National Center for Missing and Exploited Children (NCMEC) and other relevant law enforcement authorities.

Users are encouraged to report any suspicious content or behavior involving minors using our in-app "Report" feature or by emailing kiva.love@service with the subject line "Child Safety Concern."

Accounts found to be involved in CSAE will be permanently banned without notice, and all associated data will be preserved for law enforcement purposes.

We use industry-standard Transport Layer Security (TLS/SSL) to encrypt your data during transit and Advanced Encryption Standard (AES-256) for data at rest.

Access to personal information is restricted to authorized Kiva employees and contractors who need that information to operate and improve the Service.

We perform periodic internal security reviews to identify vulnerabilities and ensure your climbing logs and personal details are protected against unauthorized access.

In the unlikely event of a data breach, we will notify affected users and relevant regulatory bodies within the timeframes required by applicable law (e.g., 72 hours for GDPR).

You may request a copy of the personal information we hold about you by contacting us directly.

You can update your profile information, climbing experience, and contact details directly within the app settings.

You have the right to request the permanent deletion of your account and personal data.

Upon request, we will provide your personal data in a structured, commonly used, and machine-readable format.

Where we rely on your consent (e.g., for precise location tracking), you may withdraw it at any time via your device settings.

As Kiva is a global community, your information may be transferred to and maintained on servers located outside of your state or country, where data protection laws may differ.

When we transfer data internationally, we utilize Standard Contractual Clauses (SCCs) or other legally recognized mechanisms to ensure your data receives an adequate level of protection.

By using Kiva, you consent to the transfer of your information to our primary data processing centers in the United States and other global locations.

Kiva may contain links to third-party websites, such as climbing gear retailers, official park service websites, or local guiding companies. We are not responsible for the privacy practices or the content of these external sites.

If you choose to log in via a third-party service (e.g., Apple ID, Google, or Facebook), that service will share certain information with us (such as your name and email) as authorized by your settings on that platform.

If Kiva offers premium subscriptions, all financial transactions are handled by third-party payment processors (e.g., Apple App Store or Google Play Store). We do not store your credit card or bank account information on our servers.

If you are a California resident, you have the right to request information about our collection and use of your personal data over the past 12 months, and the right to request deletion of that data.

Kiva does not sell your personal information to third parties for monetary consideration.

We will not discriminate against you for exercising any of your CCPA rights, such as by denying you services or providing a different level of quality.

You may designate an authorized agent to make a request under the CCPA on your behalf by providing written permission or a power of attorney.

Some web browsers and mobile operating systems incorporate a "Do Not Track" feature that signals to websites and apps that you do not want your online activities tracked.

At this time, Kiva does not respond to DNT signals because there is no universal standard for how they should be interpreted. However, we provide you with the tools to manage your privacy settings and opt out of targeted advertising within the app.

We may update our Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.

We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top.

For significant changes that affect your rights, we may provide a more prominent notice, such as an in-app banner or an email notification to the address associated with your Kiva account.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please reach out to our Privacy Officer at: kiva.love@service

If we are unable to resolve your concern directly, you have the right to lodge a complaint with your local data protection authority (e.g., the Information Commissioner's Office in the UK or the relevant Data Protection Commission in the EU).

This Privacy Policy was originally written in English. In the event of any discrepancy between a translated version and the English version, the English version shall prevail.