KOMIT Privacy Policy

Effective: 2026-06-02

This Privacy Policy explains how LINX Digital Ltd ("KOMIT", "we", "us", "our") collects, uses, shares and protects your personal information when you use the KOMIT mobile application and related services (the "App"). LINX Digital Ltd is a company registered in England and Wales, United Kingdom, and is the data controller responsible for your personal information under this Policy.

KOMIT is a private, relationship-based commitment app. There is no public feed, no follower count, and no algorithmic discovery. Content you create is delivered only to the specific person you have a relationship with inside the App. We have written this Policy in plain English so you can make informed choices about your data. If anything is unclear, please contact us at help@ikomit.com.

By using the App you agree to the practices described here. This Policy should be read together with our Terms of Service.

1. Information we collect

Information you give us directly

When you create an account and use KOMIT, you provide the following information to us directly:

• Account details. Your name (or chosen display name), email address, and authentication identifiers issued by Firebase Authentication or by Google when you choose Sign in with Google.
• Date of birth. We ask for your date of birth at signup to confirm that you are at least 13 years old. The signup screen will not allow you to proceed if the date you enter indicates you are under 13.
• Profile information. Any optional details you add to your profile, such as a profile picture or personal preferences.
• Relationship data. The identities of the people you connect with through the App, including invitations you send and accept, and any labels or notes you attach to those relationships.
• Commitments and proof content. The text, photos, videos or other media you submit as commitments or as proof of completing a commitment.
• Communications with us. Messages you send to help@ikomit.com, including any information you choose to include such as your account email, device model or a description of the issue.
• Subscription information. KOMIT is currently in closed beta and no paid subscriptions are active. Access is granted by beta access code. If KOMIT introduces paid subscriptions in a future release, the transaction will be processed by Google Play and configured through our paywall provider Superwall. We would receive only an entitlement signal indicating whether your subscription is active; we do not receive or store your payment card details.

Information collected automatically

When you use the App we also collect a limited amount of information automatically:

• Device and technical data. Device type, operating system version, app version, language and approximate region, used to render the App correctly and to debug problems.
• Push notification token. If you allow notifications, Expo issues a push token tied to your device which we store so that we can deliver alerts about commitments and proofs from people you are connected with.
• Service logs. Our backend (Firebase) records timestamps, request metadata and error events. These logs help us keep the service reliable. Diagnostics may be captured by Firebase to help us identify crashes or stability issues; we use these only to fix bugs.
• Authentication state. Tokens issued by Firebase Authentication that confirm you are signed in.

What we do not collect

We have deliberately designed KOMIT to collect as little as possible. We do not:

• Track your precise location (we do not request GPS or background location).
• Read your contacts list, calendar, microphone, or health data.
• Scan your photo library beyond the specific image or video you choose to attach.
• Build advertising profiles. KOMIT does not show ads and we do not sell personal data to advertisers, data brokers, or anyone else.
• Operate a public feed, social graph, or algorithmic recommendation system. There is nothing public to "discover" in KOMIT.

2. How we use information

We use the information described above only for the purposes set out in this Policy. Specifically, we use your data to:

• Provide the core service. Create and authenticate your account, deliver commitments and proofs between you and the specific people you are connected with, and keep your relationship history visible to you both.
• Send relevant notifications. Use your push token to alert you when someone you are connected with sends you a commitment, completes one, or otherwise interacts with you in the App.
• Maintain reliability and safety. Investigate bugs, detect abuse or misuse of the service, and enforce our Terms of Service.
• Manage access. Determine whether your account currently has access to KOMIT features based on your beta access code today, and (in future releases) on entitlement information from Superwall and Google Play.
• Respond to your requests. Reply to your emails to help@ikomit.com and action any privacy requests you make.
• Comply with law. Meet our legal obligations, including responding to lawful requests from authorities where required.

Under UK and EU data protection law, our legal bases for processing are: performance of a contract with you (running your account and delivering commitments you create), legitimate interests (keeping the App secure, debugging and preventing abuse), consent (for push notifications, which you can disable at any time in your device settings) and legal obligation (where we must process data to comply with law).

3. Who we share information with

Relationship counterparties via in-app delivery

KOMIT is designed around one-to-one and small private relationships. When you send a commitment or proof to someone you are connected with in the App, that specific person can see what you sent. We do not broadcast your content to anyone else. There is no public feed and no shared timeline outside the relationships you have explicitly created.

Service providers

We rely on a small number of trusted third parties to run the App. These providers process personal data only on our instructions and under contractual confidentiality and security obligations:

• Google Firebase (Firebase Authentication, Cloud Firestore, and Firebase Storage) — hosts your account, your commitments and your proof media on Google Cloud Platform.
• Google Sign-In — used when you choose to authenticate with a Google account.
• Expo Push — delivers push notifications from our servers to your device.
• Superwall — configures the paywall screen and reports any future entitlement status back to the App. In the current closed beta there are no paid subscriptions; underlying payment for any future paid plans will be handled by Google Play.

Where possible we send these providers the minimum information they need to perform their function.

Legal disclosures

We may disclose information if we believe in good faith that it is necessary to comply with a legal obligation, court order or other lawful request from a public authority; to protect the rights, property or safety of KOMIT, our users or others; or to investigate and prevent fraud, abuse or security incidents.

Business transfers

If LINX Digital Ltd is involved in a merger, acquisition, restructuring, sale of assets, or insolvency event, personal information may be transferred to the successor or acquirer as part of that transaction. We will require the recipient to honour this Privacy Policy or notify you of any material changes.

4. Retention

We keep personal data only for as long as we need it.

• Proof media (photos and videos submitted as proof of a commitment) is automatically deleted four (4) hours after it is uploaded. This short, hard-coded time-to-live is a core design choice of KOMIT — proof is meant to be a moment, not a permanent archive.
• Account, profile and relationship data (such as your name, email, profile picture, commitment text and the list of people you are connected with) is retained for as long as your account is active, so that you and the people you are connected with can continue to use the App together.
• Support correspondence is retained for a reasonable period after we have closed your request, so that we can follow up if a related issue arises.
• Backend logs are retained for a short rolling window for security and debugging purposes.
• Deletion requests are actioned within thirty (30) days of receipt (see Section 5). After that, residual copies may remain in encrypted backups for a limited period before being overwritten in the normal course of backup rotation.

5. Your rights

You have rights over your personal information. Depending on where you live, these may include the right to access, correct, delete, restrict or object to our processing of your data, and the right to data portability.

You can exercise the most common rights directly in the App:

• Access: Your account profile, your commitments and your relationships are visible to you inside the App at any time.
• Edit: You can update your profile information directly in the App.

Account deletion. KOMIT does not currently include an in-app "Delete Account" button. To request deletion of your account and associated personal data, please email us from your account email address at help@ikomit.com with the subject line "Delete my account". LINX Digital Ltd will action your request within thirty (30) days of receipt. Once we have actioned the request, your profile, commitments and the relationship records that belong to you will be removed from our active systems; residual copies in encrypted backups will be overwritten in the normal course of backup rotation.

If you are in the United Kingdom or the European Economic Area, you also have the right to lodge a complaint with a supervisory authority. In the UK that is the Information Commissioner's Office (ICO) at ico.org.uk. We would, of course, appreciate the opportunity to address your concerns first by writing to help@ikomit.com.

6. Children's privacy

KOMIT is intended for users aged thirteen (13) and older. The signup screen requires you to enter your date of birth and will not let you create an account if the date you provide indicates that you are under 13. We do not knowingly collect personal information from children under 13.

If you believe a child under 13 has somehow created an account or provided us with personal information, please contact us at help@ikomit.com and we will promptly delete the account and any associated data. Parents and guardians of users between 13 and the age of digital consent in their country should review this Policy with their child.

7. Security

We take reasonable and appropriate technical and organisational measures to protect personal information against unauthorised access, alteration, disclosure or destruction:

• Encryption in transit. Traffic between the App and our backend is protected with TLS through the Firebase SDKs.
• Authentication. Access to your account is controlled by Firebase Authentication and, where you choose it, Sign in with Google.
• Server-side access controls. Firestore and Firebase Storage are protected by security rules that restrict reads and writes to the appropriate user and their relationship counterparties.
• Minimisation. Proof media is purged after four hours, reducing the amount of sensitive content held at any one time.
• Vendor security. Our underlying infrastructure (Google Cloud Platform via Firebase) is operated by Google to industry security standards.

No system is perfectly secure. If we become aware of a security incident affecting your personal information, we will notify you and the relevant authorities where required by law.

8. International users

KOMIT is operated from the United Kingdom by LINX Digital Ltd. The App is distributed through Google Play, and you can use it wherever Google Play makes it available.

Personal data is stored on Google Cloud Platform infrastructure operated by Firebase. Depending on Firebase configuration and routing, your data may be processed in the United Kingdom, the European Union, the United States, or other regions where Google operates data centres. Where data is transferred outside the UK or EEA, we rely on appropriate safeguards recognised under UK GDPR and EU GDPR, such as the UK International Data Transfer Addendum and the European Commission's Standard Contractual Clauses, together with Google's own certifications and supplementary measures.

If you are located in the UK or EEA, the UK GDPR and the EU GDPR give you the rights described in Section 5. If you are located in California or another US state with a comprehensive privacy law, you have similar rights to access, correct, delete and limit certain uses of your personal information. To exercise any of these rights, write to us at help@ikomit.com.

9. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in the App, in our practices, or in applicable law. When we make material changes, we will update the "Effective" date at the top of this Policy and, where appropriate, notify you in the App or by email at the address associated with your account. The latest version of this Policy will always be available at https://ikomit.com/privacy. Your continued use of KOMIT after an updated Policy takes effect constitutes your acknowledgement of the changes, to the extent permitted by law.

10. Contact

If you have any questions, requests or concerns about this Privacy Policy or about how we handle your personal information, please contact us:

• Email: help@ikomit.com
• Entity: LINX Digital Ltd, registered in England and Wales, United Kingdom
• Policy URL: https://ikomit.com/privacy
• Terms of Service: https://ikomit.com/terms

We aim to respond to all privacy-related correspondence within a reasonable period, and in any event within thirty (30) days for deletion requests and other formal rights requests.