Data & privacy
Hunique is a private space to turn reflection into better conversations. The things you type here are often deeply personal. Your reflections stay on your device. We can't read them. We don't want to.
This page explains exactly how that works, and what happens to the small amount of information that does leave your device when you use AI features. It's written to be readable rather than legally padded. If you want the shortest possible version, read the next three paragraphs and stop there.
The short version
Your reflections stay on your device. Everything you type into Hunique - logs, patterns, conversations - is stored only in your browser, on the device you're using. There's no server-side copy. No one at Kaol can read them.
When you use AI features, your input is processed by AI models via our hosting provider's infrastructure. The content isn't stored, isn't logged, and isn't used to train any AI model.
We use anonymous analytics to improve the app. We can see which features are used and where people get stuck. We cannot see what you write - every character you type is masked before it leaves your device. The screenshot below shows exactly what a recorded session of Hunique looks like to us.
What a recorded session of Hunique looks like to us
How each part works
Your reflections and app data
Everything you create in Hunique - your logs, tracked patterns, conversation history, settings - is stored in your browser's local storage on the device you're using. It never gets copied to any server we run.
The practical implications:
- No one at Kaol can read your content. There's no admin view. The data physically doesn't exist in a place we can reach.
- If you clear your browser data, switch devices, or use a different browser, your data won't follow you. There's no cloud backup. This is the trade-off of keeping things local.
- Anyone with physical access to your device could in principle see stored data through browser developer tools, the same way they could read your notes app. If this concerns you, use a private/incognito window - nothing will persist after you close it.
- You can delete everything at any time using the "Delete all my data" button in the Data & privacy panel, accessible from the footer of the app.
AI features
When you use an AI feature, your input is sent over an encrypted connection to an AI model via Cloudflare AI Gateway - a service run by Cloudflare, the same company that hosts the Hunique app itself. We route all AI requests through this gateway, which we've configured so that the content of requests and responses isn't logged or stored after processing.
We commit to the following regardless of which specific AI model handles your request:
- Nothing is retained after your request has been processed. No server-side copy of your input or the AI's response.
- Nothing is used for training. Your content doesn't contribute to training any AI model, now or in the future.
- Nothing leaves the processing boundary beyond what's needed to generate your response and return it to you.
Cloudflare retains some operational metrics - timestamps, response times, token counts, the name of the model used - for billing and reliability purposes, for up to 3 months. These contain no user content and no user identifier (Hunique has no user accounts, so there's nothing to identify).
If we change which AI models we use, we'll update this page. The commitments above will continue to apply.
Anonymous analytics
We use PostHog, a product analytics service, to understand how Hunique is used. Analytics data is stored on servers in Frankfurt, Germany, within the EU.
What we collect:
- Which pages and features are viewed and used
- Device and browser type, rough geographic region
- App errors and performance data
- A random device identifier that lets us distinguish one visitor from another (stored in your browser, not linked to your real-world identity)
- Masked session recordings showing how users navigate the app
What we don't collect:
- Anything you type
- Your conversation content, topics, or results
- Your IP address - we discard it before PostHog stores anything
- Your name, email address, or anything else that ties the device identifier to you as a person
All user-generated text is masked client-side - in your browser, before anything is sent - so even if something went wrong on our end, no content would reach PostHog.
We also use PostHog's AI-assisted analytics features to help us understand usage patterns more easily. These features process only the analytics data listed above. They never process anything you type in Hunique, because your content never reaches PostHog in the first place - the masking happens on your device before any data is sent.
The formal bits
Who we are
Hunique is provided by Kaol Ltd, a company registered in England and Wales under company number 16955479. Our registered address is 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom. We're registered with the UK Information Commissioner's Office under registration number ZC089019.
Kaol Ltd is the data controller for any personal data processed in connection with Hunique. Our Data Protection Officer is Andy Kilner, reachable at privacy@kaol.ai.
Who processes data on our behalf
We use two data processors to provide Hunique:
- Cloudflare, Inc. - hosts the Hunique app and provides the AI processing infrastructure. Cloudflare is a US-based company; transfers of personal data to the United States are protected by Standard Contractual Clauses.
- PostHog, Inc. - provides our product analytics. Analytics data is stored in PostHog's EU Cloud in Frankfurt, Germany. PostHog is a US-based company, so its staff may occasionally access stored analytics data from outside the EU for support, troubleshooting, and service improvement. These transfers are protected by the UK Extension to the EU-US Data Privacy Framework and by Standard Contractual Clauses.
Both companies have signed data processing agreements with us and are subject to their own UK GDPR obligations. Both may use their own sub-processors to deliver their services; PostHog's current list is at posthog.com/subprocessors.
PostHog offers AI-assisted analytics features which we have enabled, and which may involve third-party large language models (such as OpenAI) processing analytics data. These features only operate on the analytics data described in the "Anonymous analytics" section above - they never access anything you type in Hunique, because your content never reaches PostHog.
Legal basis for processing
Under UK GDPR, we rely on the following lawful bases:
- Performance of a contract (Article 6(1)(b)) for processing your input through AI features - this is the service you're actively asking us to provide.
- Legitimate interests (Article 6(1)(f)) for collecting anonymous usage analytics. The interest pursued is understanding how Hunique is used so we can improve it. Our assessment is that this processing has minimal privacy impact because no identifiable personal data is collected and no profiling takes place.
Storage of data on your device (local storage) falls within the "strictly necessary" exception to PECR consent requirements, because the app can't function without it.
How long we keep things
| Data | Retention |
|---|---|
| Your reflections and app data | On your device only, for as long as you choose to keep them. We have no copy. |
| AI request and response content | Not retained. |
| Cloudflare operational metrics | Up to 3 months. |
| PostHog analytics events | Up to 12 months. |
| PostHog session recordings | Up to 30 days. |
| IP addresses | Not retained (discarded before storage). |
Your rights
Under UK GDPR you have the right to access, correct, delete, or restrict the use of any personal data we hold about you, to object to processing based on legitimate interests, to data portability, and to complain to the UK Information Commissioner's Office at ico.org.uk/make-a-complaint.
In practice, because Hunique has no user accounts and we don't connect analytics data to your real-world identity:
- For content you've created in the app, you can use the "Delete all my data" button to erase everything from your device at any time. You don't need to ask us - nothing about it goes through us.
- For analytics data, there's a random device identifier but nothing that links it to you as a person. We can't go from the identifier to a real-world you, which means there's no personal record of you for us to find, export, or delete on a per-person basis. This isn't a policy choice; it's a consequence of how the app is built. If you'd rather not contribute analytics data at all, using a private or incognito browser window is the practical way to achieve that.
- If you believe we hold personal data about you that this page doesn't account for, email privacy@kaol.ai and we'll investigate and respond within one month.
We don't make automated decisions about you and we don't profile you.
Children
Hunique isn't directed at children under 16 and we don't knowingly collect data from them.
Changes to this page
If we make meaningful changes to how we handle data, we'll update this page and let you know inside the app. The version number and "Last updated" date below always reflect the current version.
Version 0.1 -- Last updated 13 April 2026