Last Updated: April 19, 2026This Privacy Policy ("Policy") describes how Atrium Digital Ltd, a company registered in England and Wales (company number 16912544), with its registered office at 128 City Road, London, EC1V 2NX, United Kingdom ("Atrium Digital", "Korven", "we", "us", or "our"), collects, uses, discloses, and otherwise processes information in connection with the Korven mobile application (the "App") and related services (collectively, the "Services").For the purposes of the UK General Data Protection Regulation ("UK GDPR") and the EU General Data Protection Regulation ("GDPR"), Atrium Digital Ltd is the data controller in respect of any Personal Data processed in connection with the Services.By downloading, installing, accessing, or using the Services, you acknowledge that you have read and understood this Policy and agree to its terms. If you do not agree, you must not use the Services. This Policy should be read in conjunction with our Terms of Service.---1. Definitions- "Personal Data" means any information relating to an identified or identifiable natural person.
- "Processing" means any operation performed on Personal Data, whether automated or not.
- "User," "you," "your" means the individual using the Services.
- "Device Data" means information generated or stored locally on your device in connection with the Services.---2. Information We Collect2.1 Information You ProvideWhen you use the Services, you may provide certain information that is stored locally on your device, including:- Your first name (or chosen identifier).
- Your selection of body areas you choose to maintain.
- Your stated grooming-related preferences (hair growth speed, skin sensitivity, grooming standard, style sub-selections).
- The dates on which you indicate you have last performed a grooming activity.
- Your notification preferences.This information is stored locally on your device using device-level storage mechanisms. We do not transmit, replicate, or store this information on servers controlled by us.2.2 Information Collected AutomaticallyWhen you interact with the Services, certain information may be collected automatically, including:- Device type, operating system, and version.
- App version.
- Crash reports and diagnostic data (if enabled by your device-level settings or if you opt in to share with us).
- Aggregated, non-identifying usage statistics where applicable.We may use industry-standard tools (including, where applicable, those provided by Apple Inc.) to receive such information. We do not knowingly collect precise location data, contacts, photos, health data, or biometric information through the Services.2.3 Subscription and Purchase InformationSubscriptions and in-app purchases are processed by Apple Inc. through the Apple App Store. We do not collect, process, or store payment card details, billing addresses, or full transaction information.We use RevenueCat, Inc. ("RevenueCat"), a third-party subscription management platform, to validate App Store receipts, manage entitlements, and administer your subscription status across devices. In connection with this processing, RevenueCat may receive and process the following limited information:- A pseudonymous app user identifier (which is not directly identifying);
- Subscription status, plan, and renewal information;
- Receipt data provided by the Apple App Store;
- Country, currency, and billing-cycle metadata associated with the purchase;
- Device, operating system, and app version information.RevenueCat acts as a data processor on our behalf in respect of this information and is contractually bound by a Data Processing Agreement. Further information about RevenueCat's privacy practices is available at https://www.revenuecat.com/privacy/.2.4 CommunicationsIf you contact us by email or other means, we may retain those communications and any associated metadata (such as your email address) for the purposes of responding to you and maintaining records.---3. Legal Bases for Processing (EU/UK Users)Where the EU General Data Protection Regulation ("GDPR") or the UK GDPR applies, we process Personal Data on the following legal bases:- Performance of a contract: to provide the Services you have requested, including any paid subscription functionality.
- Legitimate interests: to operate, secure, improve, and administer the Services, prevent fraud, enforce our Terms of Service, and protect our legal rights, where such interests are not overridden by your rights and freedoms.
- Consent: where required by law (for example, for certain types of analytics or marketing communications).
- Legal obligations: where we are required by applicable law to process Personal Data.You may withdraw consent at any time where processing is based on consent.---4. How We Use InformationWe may use information described above for the following purposes:- To provide, operate, and maintain the Services.
- To personalize your in-App experience (entirely on your device).
- To deliver local notifications you have enabled.
- To process subscriptions and grant access to paid features.
- To respond to inquiries, provide support, and communicate with you.
- To monitor, secure, and improve the Services.
- To detect, prevent, and address technical issues, fraud, or abuse.
- To comply with applicable laws, regulations, legal process, or governmental requests.
- To enforce our Terms of Service, defend against claims, and protect our rights, property, and safety.We reserve the right to use aggregated, anonymized, or de-identified data for any lawful purpose, including for analytics, research, and service improvement, without further notice to you.---5. Sharing and Disclosure5.1 We Do Not Sell Your Personal DataWe do not sell Personal Data, and we do not "share" Personal Data for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA").5.2 Categories of RecipientsWe may disclose information in the following limited circumstances:- Service Providers: third-party vendors that assist with the operation of the Services, including Apple Inc. (app distribution, in-app purchase processing, and notification infrastructure) and RevenueCat, Inc. (subscription management and entitlement validation). Such providers are contractually bound to protect Personal Data, process it only on documented instructions, and use it only for the purposes for which it was disclosed.
- Legal and Compliance: where we believe in good faith that disclosure is required by law, regulation, court order, subpoena, governmental request, or to enforce our Terms of Service.
- Protection of Rights: to protect the rights, property, or safety of Korven, our users, or others, including to investigate or prevent fraud, security issues, or technical concerns.
- Business Transfers: in connection with a proposed or completed merger, acquisition, financing, reorganization, sale of company assets, bankruptcy, or similar corporate event. In any such transfer, your information would be transferred to the successor entity, and we will use reasonable efforts to ensure that the successor entity honors the substantive terms of this Policy or notifies you in advance of any material changes.---6. Third-Party ServicesThe Services may rely on, integrate with, or link to third-party services not operated by us, including but not limited to:- Apple Inc. — application distribution, subscription processing, push notification infrastructure, and operating system functionality. Apple's privacy practices are governed by Apple's Privacy Policy at https://www.apple.com/legal/privacy/.
- RevenueCat, Inc. — subscription management, receipt validation, entitlement administration, and related subscription analytics. RevenueCat's privacy practices are governed by its Privacy Policy at https://www.revenuecat.com/privacy/.Your interactions with such third parties are governed by their respective terms and privacy policies, not this Policy. We are not responsible for the practices of any third party.---7. Data RetentionWe retain information only for as long as necessary for the purposes set out in this Policy or as required by applicable law:- Locally stored Device Data: retained on your device until you delete it (by uninstalling the App, resetting your profile, or otherwise removing it). We do not retain copies of such data on our servers.
- Subscription information: retained as needed to administer your subscription and as required for tax, accounting, and audit purposes.
- Communications: retained for a reasonable period appropriate to the nature of the communication, typically not exceeding twenty-four (24) months unless a longer period is required by law or for the establishment, exercise, or defense of legal claims.
- Aggregated, anonymized, or de-identified data: may be retained indefinitely.---8. International Data TransfersWe are based in the United Kingdom. Certain of our service providers, including Apple Inc. and RevenueCat, Inc., are located in or process data in the United States and other jurisdictions outside the United Kingdom and the European Economic Area.Where Personal Data is transferred outside the UK or the EEA, we rely on appropriate safeguards as required by the UK GDPR and the GDPR, including:- The UK International Data Transfer Agreement or the UK Addendum to the European Commission's Standard Contractual Clauses;
- The European Commission's Standard Contractual Clauses (where applicable);
- Adequacy decisions issued by the UK Government or the European Commission, where in force;
- Other lawful transfer mechanisms permitted by applicable law.You may request a copy of the safeguards in place by contacting us using the details in Section 14, subject to redaction of confidential or commercially sensitive information.---9. SecurityWe implement reasonable technical and organizational measures designed to protect information against unauthorized access, alteration, disclosure, or destruction. Because most user-generated information is stored locally on your device, the security of that information also depends on your device's security configuration (passcode, biometric authentication, operating system updates).No method of transmission or storage is completely secure. We cannot guarantee absolute security, and to the maximum extent permitted by law, you use the Services at your own risk.---10. Your RightsDepending on your jurisdiction, you may have certain rights relating to your Personal Data, including:- The right to access Personal Data we hold about you.
- The right to request correction of inaccurate Personal Data.
- The right to request deletion of Personal Data, subject to legal exceptions.
- The right to restrict or object to certain processing activities.
- The right to data portability, where applicable.
- The right to withdraw consent, where processing is based on consent.
- The right to lodge a complaint with a supervisory authority.Because most information is stored locally on your device, you can directly access, modify, or delete most data within the App or by uninstalling the App. To exercise any other rights, contact us using the details in Section 14.We will respond to verifiable rights requests within the time frames required by applicable law. We may require you to provide reasonable information to verify your identity. We reserve the right to decline requests that are manifestly unfounded, excessive, or where retention is required or permitted by law.10.1 California Residents (CCPA/CPRA)If you are a California resident, you have additional rights including:- The right to know what categories of Personal Information have been collected about you, the sources, purposes, and categories of recipients.
- The right to delete Personal Information, subject to exceptions.
- The right to correct inaccurate Personal Information.
- The right to opt out of the sale or "sharing" of Personal Information (we do not sell or share Personal Information as defined by the CCPA/CPRA).
- The right to non-discrimination for exercising your rights.
- The right to limit the use of Sensitive Personal Information (we do not use Sensitive Personal Information for purposes that would trigger this right).To exercise these rights, contact us at the email address in Section 14.10.2 EEA, UK, and Other JurisdictionsYou have the right to lodge a complaint with the data protection authority in your jurisdiction. In the UK, this is the Information Commissioner's Office (ico.org.uk). In the EEA, you may contact your local supervisory authority.---11. Children's PrivacyThe Services are not directed to, and we do not knowingly collect Personal Data from, children under the age of seventeen (17). If you are under 17, do not use the Services. If we become aware that we have collected information from a child without verified parental consent, we will take appropriate steps to delete it. Parents or guardians who believe a child has provided information may contact us at the email in Section 14.---12. Automated Decision-MakingThe Services may generate a recommended grooming schedule based on your inputs. This output is purely informational and advisory and does not produce legal effects or similarly significantly affect you. You retain full discretion to follow, ignore, or modify any recommendation generated by the Services.---13. Changes to This PolicyWe may modify this Policy at any time, in our sole discretion. If we make material changes, we will provide notice through the Services, by updating the "Last Updated" date at the top of this Policy, or by other means we consider appropriate. Your continued use of the Services after the effective date of any modification constitutes your acceptance of the modified Policy. If you do not agree to the modified terms, your sole remedy is to discontinue use of the Services.---14. ContactFor questions about this Policy or to exercise your rights, contact us at:- Email: [email protected]
- Postal Address: Atrium Digital Ltd, 128 City Road, London, EC1V 2NX, United KingdomIf you are a UK resident and are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk/ or by post at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.---15. Disclaimers and LimitationTo the maximum extent permitted by applicable law:- The information generated, stored, or displayed by the Services is provided "as is" without warranties of any kind, express or implied, regarding accuracy, completeness, reliability, or fitness for a particular purpose.
- The Services are not medical, dermatological, or health advice. The Services are not intended to diagnose, treat, cure, or prevent any condition. Consult a qualified healthcare professional for any health, skin, or medical concerns.
- We are not liable for any decisions you make in reliance on information provided by the Services.The above disclaimers apply only to the extent permitted by applicable law and do not exclude or limit liability for matters that cannot lawfully be excluded or limited (such as liability for fraud, gross negligence, or, where applicable, death or personal injury caused by negligence).---16. SeverabilityIf any provision of this Policy is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect.---17. Governing LawThis Policy shall be governed by and construed in accordance with the laws of England and Wales, without regard to its conflict of laws principles. Any disputes arising out of or relating to this Policy shall be subject to the exclusive jurisdiction of the courts of England and Wales, except where mandatory consumer protection laws of your country of residence provide otherwise.---
© 2026 Atrium Digital Ltd. All rights reserved.Atrium Digital Ltd is a company registered in England and Wales with company number 16912544 and registered office at 128 City Road, London, EC1V 2NX, United Kingdom.