Privacy Policy

Last updated: April 1, 2026

1. Who we are

Kaia ("kaia", "we", "us") is a return concierge service that helps consumers track return windows and deadlines for online purchases. We are operated by Kaia Returns and can be reached at kaia@kaiareturns.com.

2. What data we collect

When you use kaia, we may collect:

  • Name and phone number — provided by you during sign-up, used to send SMS reminders.
  • Email address — obtained via Google OAuth, used to identify your account and scan for order emails.
  • Order confirmation emails — we read emails from your Gmail inbox that contain order confirmations, shipping notices, and delivery receipts. We use these solely to identify your purchases and calculate return deadlines.
  • Return deadline data — we store the retailer name, order date, delivery date, and calculated return deadline for each order we find.

3. How we use Google user data

Kaia requests read-only access to your Gmail account via Google's official OAuth system. We use this access exclusively to provide the kaia return-tracking service. Specifically, we use Gmail access to:

  • Search your inbox for order confirmation emails, shipping notices, and delivery receipts from retailers
  • Extract order dates and delivery dates to calculate return deadlines
  • Send you timely reminders before your return windows close

We will use your data only to provide you with the services you requested — specifically, tracking your return deadlines and sending reminders. We do not use your Google user data for any other purpose.

We never modify, delete, or send emails on your behalf. Gmail access can be revoked at any time from your Google Account permissions page.

4. How we share and transfer your data

We do not transfer or disclose your Google user data or personal information to third parties for purposes other than providing the kaia service. Specifically:

  • We do not sell your data to any third party, ever.
  • We do not share your data with data brokers or information resellers.
  • We do not transfer your data for targeted advertising, personalized advertisements, or interest-based advertising.
  • We do not use your data to determine credit-worthiness or for lending purposes.
  • We do not use your Google user data to train AI or machine learning models.
  • We do not read personal emails, social messages, or any email unrelated to order confirmations.
  • We do not collect passwords, payment information, or financial data.

The only third-party services that may receive limited data are those strictly necessary to operate kaia (listed in section 7 below), and only for the purpose of delivering the service to you.

5. How we protect your data

Security procedures are in place to protect the confidentiality, integrity, and availability of your data. We use encryption to protect your information and have implemented the following technical and organizational safeguards:

  • Encryption in transit — all data transmitted between your device and our servers is encrypted using TLS (HTTPS). All communication with the Google Gmail API occurs over encrypted connections.
  • Encryption at rest — your data is stored in Supabase, which encrypts all data at rest using AES-256.
  • OAuth token security — Google OAuth tokens are stored encrypted in our database and are never exposed in logs, URLs, or client-side code. Tokens are scoped to read-only Gmail access only.
  • Access controls — access to production data is restricted to authorized personnel only. We follow the principle of least privilege — each system component only accesses the data it needs to function.
  • Minimal data collection — we only retain the specific order data extracted from emails (retailer name, order date, return deadline). Raw email content is never stored. We do not retain Gmail message bodies or attachments.
  • No AI/ML training — data obtained through Google APIs is used solely to provide the kaia return-tracking service to you, and is never used to train machine learning or AI models.
  • Regular reviews — we conduct regular reviews of our data access and storage practices to ensure ongoing security.

6. Data retention and deletion

We store your personal information for a period of time consistent with our business purpose of tracking your return deadlines. Specifically:

  • We retain your account data (name, email, phone) for as long as your account is active.
  • We retain order data (retailer, order date, return deadline) for as long as needed to track your return windows and send reminders.
  • We do not retain raw email content — only the extracted order data is stored.
  • When the data retention period expires or your account is deleted, we will delete or destroy your personal data.

You may request deletion of your data at any time by emailing kaia@kaiareturns.com. Upon a verified request, we will delete all personal data associated with your account within 30 days. You may also revoke Gmail access at any time via your Google Account permissions page.

7. Third-party services

Kaia uses the following third-party services solely to operate and deliver the kaia service to you. We do not transfer your Google user data to these services beyond what is strictly necessary for that purpose:

  • Google Gmail API — to read order confirmation emails (read-only, no data stored by Google beyond standard account access)
  • Supabase — secure, encrypted database storage (US-based)
  • OpenPhone — to send you SMS reminders (receives your phone number only)
  • Vercel — web application hosting
  • Resend — to send you email reminders (receives your email address only)

8. Your rights

You have the right to:

  • Access the data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and all associated data
  • Revoke Gmail access at any time via Google Account settings

To exercise any of these rights, email us at kaia@kaiareturns.com.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or SMS. Continued use of kaia after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this policy? Email us at kaia@kaiareturns.com.