Kohler Health launched Dekoda in October 2025, a $600 device (plus a monthly subscription) that clips onto your toilet rim.
It uses optical sensors and a camera to capture images inside the bowl, analyzing waste to assess gut health, hydration levels, and more.
The Kohler Health app provides users with insights.
To ease privacy concerns about intimate photos, Kohler prominently features “end-to-end encryption” across its homepage, app page, and support docs.
Media like CNET, The Verge, and TechCrunch echoed the claim. But emails with Kohler’s privacy team reveal a mismatch.
Actual end-to-end encryption (E2EE) means only the user controls decryption keys no server access, even for Kohler. Instead, Kohler decrypts data on its systems, undermining the promise.
True End-to-End Encryption Explained
End-to-end encryption secures data so only endpoints such as the sender and receiver can read it. Keys stay on user devices; servers see gibberish.
Apps like Signal or WhatsApp use public-key cryptography: your device encrypts with the recipient’s public key, decrypts with their private key.
See the EFF’s deep dive for details. Even if hackers breach servers, E2EE protects data.
Client-side encryption, like in 1Password, goes further: users hold keys for backups synced to servers no developer access. E2EE blocks prying eyes from apps, ISPs, or governments.
Kohler’s setup skips this. No user-to-user sharing exists, so “ends” are unclear one is your phone/toilet, the other Kohler’s servers.
Kohler’s Encryption Falls Short
Kohler clarified: “User data is encrypted at rest on the user’s mobile phone, toilet attachment, and our systems.
Data in transit is encrypted end-to-end between devices and our systems, where it decrypts for processing.”
This is standard HTTPS/TLS (Transport Layer Security) protecting transit since the early 2000s via TLS 1.3 handshakes and AES-256 cipher suites.
Encryption at rest likely uses AES, too, but Kohler holds keys.
They add: identifiable images get “data encryption, technical safeguards, and governance controls” to block employee access. Yet Kohler processes and stores decrypted data.
Worse, data fuels AI. Signup prompts let Kohler use it “to research, develop, and improve products,” de-identifying for “lawful purposes.”
The privacy policy allows the sharing of aggregated/anonymized data with third parties “to train our AI and machine learning models.” Emails confirm: “Algorithms train on de-identified data only.”
Re-identification risks persist in health data. This mislabeling erodes trust in IoT health gadgets.
Users expect E2EE; Kohler delivers basic hygiene. Demand absolute privacy, or skip the subscription.
 that clips onto your toilet rim.){kind=link}