Xera: Private Context Cards
Privacy Policy
Effective date: July 3, 2026
Overview
Xera: Private Context Cards is provided by Sykes Holding Group. Xera lets users create private context cards and grant trusted people permission to use approved context for approved purposes through Krysta, Xera's AI assistant.
Information You Provide
You may choose to provide account information, display names, trusted contact names, relationship labels, context card titles, approved context items, definitely-not items, grant settings, questions to Krysta, and support messages.
Context cards can contain personal information. You choose what to enter and what to approve for a specific purpose.
Accounts and Backend Services
Xera is designed as an account-based app. Supabase is used or planned for authentication, context cards, trusted contacts, grants, revocation, audit metadata, usage metering, entitlements, and secure backend functions. Production behavior depends on configured backend services.
Xera does not place OpenAI API keys, Supabase service-role keys, RevenueCat secret keys, App Store Connect keys, private certificates, or environment files inside the iOS app.
AI Processing
When live AI is enabled, approved card content and a user's Krysta question may be sent through Xera's Supabase backend to OpenAI for processing. Krysta should only use context that was approved for the active purpose and grant. If live AI is not configured, Xera may show a preview response without calling OpenAI.
Subscriptions
Xera may offer optional monthly subscriptions. Apple processes iOS subscription purchases through StoreKit and App Store Connect. RevenueCat is used or planned to help manage subscription entitlements. Apple and RevenueCat may process purchase-related information according to their own policies and the configuration used for Xera.
What Xera Does Not Collect or Import
Xera v1 does not import private messages, email, photos, calendar data, location, or private AI chats. Xera does not include passive memory, autonomous agents, advertising, sponsored recommendations, or data selling.
Grant Controls and Revocation
Users can revoke grants. Revocation is intended to block future access, but it cannot erase screenshots, already-seen raw context, or already-seen generated responses.
Export and Deletion
The iOS app includes local privacy controls for preview data on the device. Server-side export and account deletion require configured Supabase authentication and backend functions. If you need help with data access or deletion, contact support.
Support
If you contact support, Sykes Holding Group receives the information you choose to include in your message, such as your email address, device details, app version, screenshots, or issue description. Do not send private card content, hidden context, allergies, credentials, API keys, or certificates unless support specifically asks for a redacted example.
Children's Privacy
Xera is for users 13 and older. Xera is not a children's app and does not support under-13 accounts, child profiles, kid cards, school data, location data about children, health data about children, or child photos.
Changes to This Policy
We may update this Privacy Policy from time to time. If we make changes, we will update the effective date on this page.
Contact
If you have questions about this Privacy Policy, contact Sykes Holding Group at [email protected].
Support page: https://sykesholdinggroup.com/apps/xera/support/.