Home Privacy Policy

Privacy Policy

Effective date: April 19, 2026
Last updated: April 19, 2026
Version: 1.0
Plain-language summary. Kyron Network is a mobile rewards app. We collect only the account data and device signals needed to run the service, keep the economy fair, and show you relevant (non-personalized by default) ads. We do not sell your personal data. You can delete your account and data at any time from inside the app or by emailing us at privacy@kyron.network.
Table of contents
  1. Who we are
  2. Scope of this policy
  3. Data we collect
  4. How we use your data
  5. Legal basis (GDPR)
  6. Third-party services
  7. Ads & identifiers
  8. Data sharing
  9. Data retention
  10. Security
  11. International transfers
  12. Your rights
  13. Children
  14. Regional disclosures
  15. Changes to this policy
  16. Contact

Who we are

Kyron Network ("Kyron", "we", "us", or "our") operates the Kyron Network mobile application (the "App") and the website at kyron.network (the "Site"), together the "Service".

For the purposes of data protection laws including the EU/UK GDPR and the California Consumer Privacy Act (CCPA/CPRA), Kyron Network is the data controller of personal data processed through the Service.

Contact: privacy@kyron.network · Data Protection requests: dpo@kyron.network

Scope of this policy

This policy describes the personal information we collect when you create an account, use the App, interact with the Site, contact support, or participate in Kyron's reward programs (tasks, streaks, referrals, boosts, leaderboard).

It does not apply to third-party services you may access through the Service (such as ad networks, analytics providers, or payment processors). Those services operate under their own privacy policies, which we link to in Section 6.

Data we collect

We collect the minimum data required to run a fair, secure rewards economy. Everything below is declared in our Google Play Data Safety form.

3.1 Information you provide

  • Account data: username, email address, hashed password (we never store plaintext passwords), referral code entered at signup.
  • Profile data (optional): avatar image, display name.
  • Support correspondence: messages and attachments you send to support@kyron.network.
  • Wallet address (optional): a Solana public address, only if you choose to link one for potential future on-chain features. We do not collect private keys.

3.2 Information collected automatically

  • Device and technical data: device model, OS version, app version, language, timezone, approximate (coarse) region derived from IP, crash logs.
  • Session data: login timestamps, push notification tokens (FCM), session duration.
  • Activity & reward data: tasks completed, ads watched (event only, not content), streak state, XP/level, KYR balance ledger entries, boost usage, referrals.
  • Fraud & abuse signals: device fingerprint hash, IP address (stored hashed after session), anomaly scores, flagged action patterns. This is required to keep the economy fair and protect legitimate users.

3.3 Information we do not collect

  • Your precise (GPS) location.
  • Your contacts, SMS, or call history.
  • Photos or media outside what you upload as your avatar.
  • Microphone, camera, or sensor data.
  • Any content or audio of the ads you watch — only a completion event.
  • Health, biometric, political, religious, or other sensitive categories.

How we use your data

PurposeData used
Run your account & balanceAccount data, activity & reward data
Credit rewards & prevent double-claimsActivity data, device fingerprint hash
Detect fraud, farming, botsFraud & abuse signals, session data
Deliver push notifications you opted intoFCM push token
Respond to support requestsSupport correspondence, account data
Improve the app (crash/perf analytics)Technical data, crash logs (aggregated)
Show ads (non-personalized by default)Ad identifier — see Section 7
Comply with law, enforce TermsAs required
ℹ️
We do not profile you for advertising purposes and we do not sell your personal information. Ads shown inside the App are served by Google AdMob in a non-personalized mode by default, unless you live in a region where you explicitly consent to personalized ads.

Third-party services

We use a small number of vetted processors to run the Service. Each is bound by a data processing agreement.

ProviderPurposePolicy
Google Firebase & Cloud MessagingPush notifications, crashlyticslink
Google AdMobRewarded & interstitial adslink
Google Play Integrity APIDevice/app integrity check to prevent fraudlink
Expo (Push & build infra)Push notification routing, app updateslink
RailwayServer & database hostinglink
Resend / SendGridTransactional email (password reset)link

Ads & advertising identifiers

Kyron uses Google AdMob to show rewarded video ads (which unlock KYR) and occasional interstitial ads. AdMob may access your Advertising ID (AAID on Android) to:

  • Count ad impressions and verify rewarded ad completion.
  • Detect and prevent click fraud or invalid traffic.
  • Respect your "opt out of ads personalization" setting from Android system settings.

By default, Kyron requests non-personalized ads for all users. In regions where consent for personalized ads is required (EEA, UK, Switzerland), we show you a consent screen powered by the Google UMP SDK the first time you launch the App. You can change your choice at any time in Settings › Privacy › Ad preferences.

You can reset or delete your Advertising ID at any time from your Android device settings.

Data sharing

We never sell your personal data. We share it only:

  1. With the processors listed in Section 6, strictly to run the Service.
  2. With your consent, for features you explicitly activate.
  3. In response to lawful requests (court order, subpoena), where we are legally required to do so.
  4. In the event of a business transfer (merger, acquisition), subject to equivalent privacy protections.
  5. With anonymized / aggregated datasets, which cannot identify you, for analytics and research.

Data retention

  • Account data: kept for as long as your account is active.
  • Activity & reward ledger: kept for 24 months after your last activity, then anonymized. Shorter retention would compromise anti-fraud protections.
  • Fraud signals: kept for up to 36 months in hashed form.
  • Support correspondence: kept for 24 months after resolution.
  • Crash & performance logs: 90 days.
  • Push tokens: deleted as soon as a token is invalidated by FCM or you uninstall the app.

When you delete your account (see Section 12), we permanently delete or irreversibly anonymize your personal data within 30 days, except where a longer retention is required by law (e.g. tax, accounting, or legal defense).

Security

We use industry-standard safeguards, including:

  • TLS 1.2+ for all data in transit.
  • Password hashing using bcrypt with a strong work factor.
  • Principle-of-least-privilege access controls.
  • Automated monitoring and rate limits to detect abuse.
  • Encrypted database backups with scheduled rotation.

No system is 100% secure. If we ever suffer a breach that affects your personal data, we will notify you and the relevant supervisory authorities within the timelines required by applicable law.

International data transfers

Our servers are currently hosted in the European Union. Some of our processors (e.g. Google, Expo) are located in the United States or operate globally. Where we transfer personal data outside the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses or equivalent transfer mechanisms.

Your rights

Depending on your location, you have some or all of the following rights:

  • Access: a copy of the personal data we hold about you.
  • Rectification: correction of inaccurate data.
  • Erasure ("right to be forgotten"): deletion of your account and personal data.
  • Restriction: limit how we process your data.
  • Objection: to processing based on legitimate interests.
  • Portability: a machine-readable export of data you provided.
  • Withdraw consent at any time for consent-based processing.
  • Opt out of "sale" / "sharing" (CCPA/CPRA) — Kyron does not sell or share personal information, but this right is preserved.
  • Complain to your local supervisory authority (in the EU, your country's Data Protection Authority).

How to exercise your rights

Open the App and go to Settings › Account › Privacy to download your data or delete your account in one tap. You can also email privacy@kyron.network. We respond within 30 days.

Children

🚫
Kyron Network is not directed to children under the age of 13 (or the higher minimum age where you live — 16 in many EU countries). We do not knowingly collect personal data from children. The Google Play listing targets a general "Teen / Mature" audience under Google Play's Families Policy.

If you believe a child has created an account, email privacy@kyron.network and we will promptly delete it.

Regional disclosures

California (CCPA / CPRA)

In the past 12 months we have collected the categories of personal information listed in Section 3 for the business purposes listed in Section 4. We have not sold or "shared" personal information as those terms are defined in the CCPA/CPRA. California residents have the right to know, delete, correct, and limit use of sensitive personal information. Requests: privacy@kyron.network.

European Economic Area / United Kingdom / Switzerland

See Sections 5, 11, and 12 for your GDPR rights and the legal bases we rely on.

Turkey (KVKK)

For the purposes of Law No. 6698 on the Protection of Personal Data, Kyron Network acts as veri sorumlusu. You may exercise your rights under Article 11 KVKK by contacting kvkk@kyron.network.

Changes to this policy

We may update this policy to reflect changes to our practices or legal obligations. We will post the updated version on this page and update the "Last updated" date. If the changes are material, we will notify you in the App or by email at least 14 days before they take effect.

Contact

For any privacy question or request: