ENPrivacy Policy — Kenotex

Last updated: 2026-06-01 · Effective with the launch of Kenotex Pro subscription.

Kenotex (the "App") is published by Kai XU as an independent developer. This Privacy Policy explains what information the App collects, how we use it, and the choices available to you.

1. Information We Collect

1.1 Locally on Your Device

• Your content: todos, calendar events, Omni Input drafts, habits, themes, and preferences are stored locally in a SQLite database on your device. The App reads this data only to provide its features.
• Apple Calendar / Reminders metadata (if you grant access): event titles, dates, and reminder times so the App can integrate with the system Calendar app. This data is read into local memory; the App does not transmit it to a server.
• Voice input (if you grant microphone & speech-recognition access): when you dictate into Omni Input, the App captures audio and transcribes it using Apple's Speech framework. Depending on your device and language, Apple may process the audio on its servers (governed by Apple's privacy policy). Kenotex does not store the audio — only the resulting transcript becomes editable text.
• Note output: Omni Input does not keep note-type content inside Kenotex. When a block is parsed as a note, its text is dispatched to the destination you choose (Apple Notes, Bear, Obsidian, Notion, or the system clipboard). That content then leaves Kenotex and is handled by the receiving app under its own policy.

1.2 iCloud Sync (private database)

• If you enable iCloud sync, your todos / events / notes / settings are synchronized across your devices via Apple's private iCloud database tied to your Apple ID. We do not have access to the contents — Apple stores and transmits them under your Apple ID's encryption.
• iCloud sync is opt-in and can be disabled at any time in Settings → iCloud.

1.3 LLM Proxy Service (api.kenx.me)

• When you use the AI parsing feature in Omni Input, the text you submit is sent to our proxy server at api.kenx.me, which relays it to a large language model provider for parsing. See Section 1.4 below for the specific providers and data-residency disclosure.
• To improve parsing quality, the request may also include: (a) your optional personalization profile (e.g., working hours, workdays, deadline habits, and any free-form notes you enter in Settings), and (b) a small sample of your recent todo titles as context. These are sent only as part of a parse request and are subject to the same transient-processing and data-residency terms described here and in Section 1.4.
• The proxy server processes input transiently and does not retain prompt content after returning the response. We log only:
  • An anonymized iCloud user ID hash (for quota enforcement and JWT issuance).
  • Daily call counts (for rate limiting; reset every 24h UTC).
  • HTTP request metadata required for security (timestamp, response status).
• We do not associate the iCloud user ID hash with your real identity, name, or email.

1.4 AI Service Providers and Data Residency

• Kenotex's AI parsing feature is powered by two large-language-model providers based in the People's Republic of China:
  • ByteDance Volcano Engine (Doubao / 豆包 model)
  • DeepSeek
• Both providers have completed the generative-AI large-model filing with the Cyberspace Administration of China (CAC) under the Interim Measures for the Administration of Generative Artificial Intelligence Services (《生成式人工智能服务管理暂行办法》).
• All AI processing for Kenotex occurs within the People's Republic of China. No cross-border data transfer takes place as part of the AI parsing pipeline.

1.5 In-App Purchase Information

• When you purchase Kenotex Pro, Apple sends a signed transaction (JWS) to our proxy server at api.kenx.me/v1/subscription/verify for entitlement validation.
• We store: subscription tier (free / pro), product identifier, expiration date, environment (Sandbox / Production), and an Apple-provided original transaction ID. We do not receive your credit card, billing address, or Apple ID password — Apple handles all payment.
• Apple's App Store & Privacy applies to the purchase itself.

1.6 Diagnostics & Usage Data (Optional — Requires Your Consent)

• Kenotex can collect diagnostics and anonymized usage data to help us fix crashes and improve the App. This collection is off by default and only begins after you explicitly opt in via the consent prompt (or the Diagnostics section of the App's Settings). You may withdraw consent at any time, which stops all collection immediately.
• When enabled, we collect:
  • Usage events: feature-interaction signals such as which tab you switch to, which sheets you open, when a parse is triggered (with input length bucketed, never the content), and whether a sync succeeded. We never collect the text of your todos, events, notes, or anything you type.
  • Diagnostics: crash, hang, launch-time, memory, and energy reports provided by Apple's MetricKit. These reports are also delivered to Apple under Apple's own diagnostics policy.
  • Device context: a randomly generated installation identifier hashed into a 16-character device fingerprint, plus your app version, OS version, and device model (e.g., iPhone15,2). The fingerprint is not your Apple ID, advertising identifier (IDFA), name, or email, and is not used to track you across other apps.
• This data is sent to our own server (api.kenx.me), retained for up to 90 days, then deleted. It is never sold and never used for advertising.

2. How We Use Your Information

• To provide the App's features (parsing input, syncing across devices, sending notifications).
• To enforce daily quota limits for free-tier users.
• To verify and apply your subscription entitlement.
• To diagnose service issues using anonymized server logs.
• If you opt in, to diagnose crashes and improve the App using the diagnostics & usage data described in Section 1.6.

3. Data Sharing

• We do not sell your data.
• We share submitted text with the AI provider routed by our proxy strictly for the purpose of generating the parsing response. The provider is contractually obligated not to retain or use prompts for model training (per their published policies).
• We share subscription transaction information with Apple (as required to validate purchases).
• If you enable diagnostics, crash and performance reports are also delivered to Apple via MetricKit under Apple's diagnostics policy. We do not use any third-party advertising or analytics SDKs.

4. Data Retention

• Local data: stored on your device until you delete the App or clear its data.
• iCloud data: stored under your Apple ID until you remove it from System Settings → Apple ID → iCloud.
• Server records (subscription state + anonymized usage counters): retained for as long as your subscription is active or up to 90 days after expiration for refund / dispute handling, then deleted.
• Diagnostics & usage data (only if you opted in): retained on our server for up to 90 days, then deleted.

5. Your Choices

• Disable iCloud sync at any time in the App's Settings.
• Delete your local data by uninstalling the App.
• Cancel your subscription via Settings → Subscription → Manage Subscription (deep link to Apple's subscription manager).
• Turn diagnostics & usage data collection on or off at any time in the App's Settings (Diagnostics) — it stays off until you opt in, and withdrawing consent stops collection immediately.
• Request deletion of your server-side records by emailing us (see Contact below). We will delete within 30 days, retaining only what is necessary for tax and billing compliance.

6. Children's Privacy

Kenotex is not directed to children under 13. We do not knowingly collect personal information from children.

7. Security

The App uses HTTPS for all server communication. JWT tokens are stored in the iOS / macOS Keychain. We follow industry-standard practices but cannot guarantee absolute security.

8. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest revision. Material changes will be surfaced inside the App.

9. Contact

For privacy questions or data deletion requests:

Kai XU
Email: [email protected]

This Privacy Policy is provided as-is. The App is offered without warranty; see Terms of Service for details.

中文隐私政策 — Kenotex

最近更新:2026-06-01 · 与 Kenotex Pro 订阅一同生效。

Kenotex(以下简称"本应用")由 Kai XU 作为独立开发者发行。本隐私政策说明本应用收集哪些信息、如何使用、以及您可以做出的选择。

1. 我们收集的信息

1.1 本地存储在您的设备上

• 您的内容:待办、日历事件、Omni Input 草稿、习惯打卡、主题、偏好等数据存储在设备上的 SQLite 数据库中。本应用仅在为您提供功能时读取这些数据。
• Apple 日历 / 提醒事项元数据(如果您授予权限):事件标题、日期、提醒时间,用于让本应用与系统日历集成。这些数据仅在内存中处理,不会上传到服务器。
• 语音输入(如果您授予麦克风与语音识别权限):当您在 Omni Input 中口述时,本应用会采集音频并使用 Apple Speech 框架转写。视您的设备与语言而定,Apple 可能在其服务器上处理该音频(适用 Apple 隐私政策)。Kenotex 不存储音频 —— 仅将转写出的文本作为可编辑文本。
• 笔记输出:Omni Input 不在 Kenotex 内保存笔记类内容。当某个块被解析为笔记时,其文本会分发到您选择的目标(Apple 备忘录、Bear、Obsidian、Notion 或系统剪贴板)。该内容随即离开 Kenotex,由接收方应用按其自身政策处理。

1.2 iCloud 同步(私有数据库)

• 如果您开启 iCloud 同步,您的待办 / 事件 / 笔记 / 设置会通过 Apple 的私有 iCloud 数据库(绑定您的 Apple ID)在多台设备之间同步。我们无法访问其内容 —— Apple 在您的 Apple ID 加密下存储和传输这些数据。
• iCloud 同步默认关闭,可随时在设置 → iCloud 中开启或关闭。

1.3 LLM 代理服务(api.kenx.me)

• 当您在 Omni Input 中使用 AI 解析功能时,您提交的文本会发送到我们位于 api.kenx.me 的代理服务器,由其转发给大型语言模型提供商进行解析。具体提供商及数据驻留地见下文 1.4 节。
• 为提升解析质量,该请求还可能包含:(a) 您可选的个性化画像(例如工作时段、工作日、deadline 习惯,以及您在设置中填写的任意自由文本备注),以及 (b) 少量您近期待办的标题作为上下文。它们仅作为解析请求的一部分发送,并适用本节及第 1.4 节所述的瞬时处理与数据驻留条款。
• 代理服务器仅瞬时处理输入,不会在响应返回后保留提示内容。我们仅记录:
  • 匿名化的 iCloud 用户 ID 哈希(用于额度执行与 JWT 颁发)。
  • 每日调用次数(用于速率限制;每 24 小时 UTC 重置)。
  • 安全所需的 HTTP 请求元数据(时间戳、响应状态)。
• 我们不会将 iCloud 用户 ID 哈希与您的真实身份、姓名或邮箱关联。

1.4 使用境内 AI 服务声明

• Kenotex 的 AI 解析功能通过以下两家位于中华人民共和国境内的大语言模型服务商提供:
  • ByteDance 火山引擎(豆包模型)
  • DeepSeek 大模型
• 两家服务商均已根据《生成式人工智能服务管理暂行办法》在国家互联网信息办公室(网信办)完成生成式人工智能大模型备案。
• 本应用涉及的所有 AI 解析数据处理均在中华人民共和国境内进行,AI 解析管道不发生数据跨境传输。

1.5 应用内购买信息

• 当您购买 Kenotex Pro 时,Apple 会向我们位于 api.kenx.me/v1/subscription/verify 的代理服务器发送一份签名交易凭证(JWS),用于验证订阅权益。
• 我们存储:订阅等级(free / pro)、产品标识符、过期日期、环境(Sandbox / Production)、以及 Apple 提供的原始交易 ID。我们不会收到您的信用卡、账单地址或 Apple ID 密码 —— 所有支付由 Apple 处理。
• 购买行为本身适用 Apple 的 App Store 与隐私条款。

1.6 诊断与使用数据(可选 —— 需经您同意)

• Kenotex 可以收集诊断与匿名化的使用数据,帮助我们修复崩溃、改进应用。该收集默认关闭,仅在您通过同意弹窗(或应用设置中的「诊断与改进」)明确开启后才开始。根据《中华人民共和国个人信息保护法》,此属于单独同意事项;您可随时撤回同意,撤回后立即停止一切收集。
• 开启后,我们收集:
  • 使用事件:功能交互信号,例如切换到哪个标签页、打开哪个面板、何时触发解析(仅记录输入长度的区间,绝不记录内容)、以及同步是否成功。我们绝不收集您待办、事件、笔记的文本,或您输入的任何内容。
  • 诊断:由 Apple MetricKit 提供的崩溃、卡顿、启动耗时、内存、能耗报告。这些报告同时也会按 Apple 自身的诊断政策投递给 Apple。
  • 设备上下文:由随机生成的安装标识符哈希而成的 16 位设备指纹,以及应用版本、系统版本、设备型号(例如 iPhone15,2)。该指纹不是您的 Apple ID、广告标识符(IDFA)、姓名或邮箱,也不用于跨其他应用追踪您。
• 这些数据发送到我们自己的服务器(api.kenx.me),最多保留 90 天后删除。绝不出售,绝不用于广告。

2. 我们如何使用您的信息

• 提供本应用的功能(解析输入、跨设备同步、发送通知)。
• 对免费用户执行每日额度限制。
• 验证并启用您的订阅权益。
• 使用匿名化的服务器日志诊断服务问题。
• 若您选择开启,使用第 1.6 节所述的诊断与使用数据来排查崩溃、改进应用。

3. 数据共享

• 我们不会出售您的数据。
• 我们会将您提交的文本通过代理转发给 AI 提供商,仅用于生成解析响应。该提供商在合同义务上不得保留或使用提示用于模型训练(详见其公开政策)。
• 我们会与 Apple 共享订阅交易信息(用于验证购买,这是必需的)。
• 若您开启诊断,崩溃与性能报告还会通过 MetricKit 按 Apple 的诊断政策投递给 Apple。我们不使用任何第三方广告或分析 SDK。

4. 数据保留

• 本地数据:存储在您的设备上,直到您删除本应用或清空数据。
• iCloud 数据:存储在您的 Apple ID 下,直到您从系统设置 → Apple ID → iCloud 中移除。
• 服务器记录(订阅状态 + 匿名化使用计数):在您的订阅有效期内保留;到期后最多再保留 90 天用于退款 / 争议处理,随后删除。
• 诊断与使用数据(仅在您开启时):在我们的服务器上最多保留 90 天,随后删除。

5. 您的选择

• 随时在本应用设置中关闭 iCloud 同步。
• 卸载本应用以删除本地数据。
• 通过设置 → 订阅 → 管理订阅(深度链接到 Apple 订阅管理页)取消订阅。
• 随时在应用设置中的「诊断与改进」开启或关闭诊断与使用数据收集 —— 未经您开启始终关闭,撤回同意后立即停止收集。
• 通过下方联系方式邮件请求删除服务器端记录。我们将在 30 天内删除,仅保留税务与账单合规所必需的内容。

6. 儿童隐私

Kenotex 不面向 13 岁以下儿童。我们不会有意识地收集儿童的个人信息。

7. 安全

本应用所有与服务器的通信均使用 HTTPS。JWT 令牌存储在 iOS / macOS 钥匙串(Keychain)中。我们遵循行业标准做法,但无法保证绝对安全。

8. 政策变更

我们可能会不定期更新本隐私政策。文首的"最近更新"日期反映最新修订。重大变更会在应用内提示。

9. 联系我们

如有隐私问题或数据删除请求,请联系:

Kai XU
邮箱: [email protected]

本隐私政策按"现状"提供。本应用不附带任何担保;详见服务条款。