Privacy policy
1. Who we are
Kindred is a weekly couples check-in app built by Kindred Connect ("we", "us", "our"). Kindred Connect is the data controller responsible for your personal data under applicable data protection law. This privacy policy explains how we collect, use, store, and protect your personal information when you use the Kindred mobile application ("the App").
Contact: privacy@kindredconnect.app
2. Information we collect
2.1 Account information
- Email address — used for authentication and account recovery.
- Display name — the name your partner sees within the App. This does not need to be your legal name.
2.2 Relationship information
- Partner pairing data — when you create or join a relationship in the App, we store the link between your account and your partner's account.
- Invite codes — temporary codes used to pair partners. These expire and are single-use.
2.3 Check-in data
- Responses to check-in questions — including numerical ratings and free-text answers across wellness, connection, reflection, and forward-looking categories.
- Review comments — written reflections shared between partners during a check-in session.
- Commitments — tasks and habits you create, including descriptions, categories, and status.
- Habit review ratings — ratings you give on your partner's habits during check-ins.
- Personal notes — private notes you write for yourself, which may be linked to commitments or used during check-ins.
2.4 Session data
- Check-in session metadata — timestamps, session status, and participation records.
- Session history — a permanent record of completed check-ins, including frozen snapshots of questions and commitments at the time of completion.
2.5 Device and technical data
- Push notification tokens — device-specific tokens used to deliver notifications (e.g., session invitations, mid-week commitment reminders).
- Device identifiers — standard technical identifiers transmitted during app usage.
- Crash reports and performance data — collected via Sentry to diagnose errors and improve app stability. This may include device type, operating system version, and stack traces. It does not include the content of your check-in responses.
2.6 Subscription data
- Subscription status — whether you have an active, trialing, or expired subscription. Managed through RevenueCat and Apple's in-app purchase system.
- We do not collect or store payment card details. All payment processing is handled by Apple through the App Store.
3. How we use your information
- Providing the service — running check-in sessions, storing your responses, syncing data between partners in real time, and maintaining your check-in history.
- Partner pairing — connecting you with your partner via invite codes.
- Notifications — sending push notifications for session invitations, partner activity, and mid-week commitment reminders.
- Subscription management — verifying your subscription status and managing access to premium features.
- Error monitoring and stability — using crash reports to identify and fix bugs.
- Product improvement — understanding usage patterns in aggregate to improve the App. We do not sell your data or use check-in content for advertising.
4. Legal basis for processing (GDPR)
If you are in the European Economic Area (EEA) or United Kingdom, we process your data under the following legal bases:
- Performance of a contract — processing necessary to provide the App and its features (account creation, check-ins, partner pairing, subscriptions).
- Legitimate interests — crash reporting, security, and aggregated product improvement, where these interests are not overridden by your rights.
- Consent — push notifications. You can withdraw consent at any time through your device settings.
5. Who we share your data with
5.1 Your partner
Check-in responses, review comments, and commitments are shared with your paired partner as a core function of the App. Personal notes are private and are never shared with your partner.
5.2 Service providers
We use the following third-party services to operate the App:
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Database hosting, authentication, real-time sync | All account and check-in data (encrypted in transit and at rest) |
| RevenueCat | Subscription management | User identifier, subscription status, purchase events |
| Apple (App Store) | Payment processing, app distribution | Payment and transaction data (handled directly by Apple) |
| Expo | Push notification delivery | Push notification tokens and notification content |
| Sentry | Crash reporting and error monitoring | Device info, error logs, performance traces. No check-in content. |
These providers process data on our behalf under data processing agreements. They do not use your data for their own purposes.
5.3 We do not
- Sell your personal data to anyone.
- Share your data with advertisers.
- Use your check-in content for AI training.
- Share data with data brokers.
5.4 Legal requirements
We may disclose your information if required by law, regulation, legal process, or governmental request.
6. Data retention
- Account and check-in data is retained for as long as your account is active.
- Inactive accounts — if your subscription has lapsed and you have not logged in for 12 months, we will notify you by email that your account is scheduled for deletion. If you do not respond or log in within 30 days of that notice, your account will be deleted and your data processed as described in the account deletion section below.
- In-progress session data (answers being drafted during a check-in) is temporary and is either finalized into your permanent check-in record or deleted when a session is completed or abandoned.
- Expired invite codes are retained for a short period for abuse prevention, then deleted.
- Crash reports are retained by Sentry according to their retention policies (typically 90 days).
- After account deletion, your account enters a 30-day deactivation period. After this period, your personal data is permanently removed in accordance with Section 8 below.
7. Data security
We implement appropriate technical and organisational measures to protect your data:
- All data is encrypted in transit (TLS) and at rest.
- Row-level security policies ensure you can only access data belonging to your own relationship.
- Authentication is required for all data access.
- Sensitive service credentials are stored in secure vault infrastructure.
- Push notification tokens are scoped to individual devices and users.
No system is perfectly secure. If we become aware of a security breach affecting your personal data, we will notify you and any applicable regulator as required by law.
8. Your rights
Depending on your location, you may have some or all of the following rights:
- Access — request a copy of the personal data we hold about you.
- Correction — request correction of inaccurate data.
- Deletion — request deletion of your account and associated data. When you delete your account, it enters a 30-day deactivation period. After this period, your personal data is permanently removed. Permanent check-in records shared with your partner are anonymised (your user ID is disassociated) so your partner retains their own check-in history without your identifying information.
- Data portability — request your data in a structured, machine-readable format (JSON). This includes your account information, check-in responses, commitments, personal notes, and habit review ratings.
- Withdraw consent — for processing based on consent (e.g., push notifications), you can withdraw at any time.
- Object — object to processing based on legitimate interests.
- Lodge a complaint — with your local data protection authority. For UK residents, this is the Information Commissioner's Office (ICO) at ico.org.uk.
California residents (CCPA): You have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To exercise your rights, contact us at the address below.
To exercise any of these rights, contact us at privacy@kindredconnect.app. We will respond within 30 days (or sooner if required by applicable law).
9. Children's privacy
Kindred is not intended for anyone under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from someone under 18, we will delete it promptly.
10. International data transfers
Your data is processed and stored on servers that may be located outside your country of residence. Where data is transferred outside the EEA or UK, we ensure appropriate safeguards are in place (such as standard contractual clauses) in accordance with applicable data protection law.
11. Push notifications
We send push notifications for:
- Session invitations — when your partner starts a check-in.
- Partner activity — when your partner completes a phase of the check-in.
- Commitment reminders — mid-week reminders about habits and tasks (sent approximately 4 days after your last check-in).
You can disable push notifications at any time through your device settings. Disabling notifications does not affect your ability to use the App.
12. Changes to this policy
We may update this policy from time to time. We will give you at least 30 days' notice of material changes via the App or by email before they take effect. The "Last Updated" date at the top of this page reflects the most recent revision.
13. Contact us
If you have questions about this privacy policy or your data, contact us at:
Kindred Connect
Email: privacy@kindredconnect.app
This privacy policy was last reviewed on 14 April 2026.