privacy.

no. kokopi runs entirely on your device. there’s no backend. no analytics. no telemetry. no account. apple’s privacy questionnaire is filled in as “no data collected” (you can verify this on the app’s app store page, under “app privacy”).

koko also can’t see what you’re scrolling. apple’s family controls api is opaque by design. kokopi sees that you’ve been on instagram, not what you’re looking at. the timing is all that matters for the intervention.

kokopi.app is where you land before you have the app. it has two data flows, both optional and obvious.

email. only collected if you submit the waitlist form. stored in buttondown (delivery) and a neon postgres table (backup). used to email you launch news and nothing else. every email has a one-click unsubscribe link.

analytics. anonymous posthog tracking for page views and button clicks, so we know which posts and pages are working. no ip storage beyond posthog’s defaults. no cross-site tracking. no third-party ad pixels. no fingerprinting.

apple sends standard aggregate metrics (downloads by country, device, ios version) and crash reports. these are aggregated by apple before we see them. we don’t receive any data tied to a specific person.

• sell your data.
• share it with advertisers.
• build a profile on you.
• read your messages, photos, or app contents.
• require an account to use the app.

if this policy changes, the “last updated” date below moves and waitlist subscribers get an email summarizing what changed.

questions or data-deletion requests: hi@kokopi.app. uninstalling the app removes everything on the device (there’s nothing on a server). emailing us removes your address from the waitlist.