Privacy

Privacy policy

Last updated: May 2, 2026

We've tried to write this the way we'd want to read it: short, honest, and free of the lawyer-speak you've come to ignore. The legal force of the document is intact, but the goal is for you to actually understand what we do with your data.

01

Who we are

Kithnkins (“we,” “us,” “our”) is operated by [Your Company, Inc.], a [State/Country] corporation. You can reach our privacy team at privacy@kithnkins.com.

02

What we collect

When you sign up for an account:

  • Your email address (required)
  • Your name, if you provide it
  • Your profession, if you tell us — used only to tailor onboarding

When you use the product:

  • Contacts you create or upload — names, emails, phone numbers, notes, custom fields, and any details you record about people in your network
  • Interactions you log — text notes, voice recordings (which we transcribe and then delete the audio file)
  • Email and calendar metadata, if you connect Gmail or Google Calendar via OAuth — see “What we don't collect” below for what we never see
  • Usage signals — anonymized data about how you use the product, like which pages you visit and when you log in

When you pay:

  • Billing details are handled entirely by Stripe. We never see your full card number; we only receive a token that lets us charge subscriptions and a customer reference for managing your account.
03

What we don't collect

To make this concrete, here's what we explicitly do not access, even if you've connected Gmail or Google Calendar:

  • Email bodies. We read sender, subject line, and timestamp — never message contents.
  • Calendar event details. We sync attendees and times only; we don't read meeting descriptions or notes.
  • Anything we don't need. If we don't use it to deliver the service, we don't collect it.
04

How we use what we collect

We use your data to:

  • Provide the service — your dashboard, your notes, your reminders
  • Send your daily morning digest, weekly summary, and other transactional emails you've subscribed to
  • Process subscription billing through Stripe
  • Improve the product — but only in aggregate. We don't read individual users' notes to build features.
  • Respond to support requests when you contact us
  • Comply with legal obligations and enforce our terms
05

Who we share data with

We use a small set of service providers who process data on our behalf. Each is bound by data processing agreements that match (or exceed) our own commitments to you.

  • Supabase — hosts our database and authentication. You can choose your data region during onboarding.
  • Stripe — handles all payment processing. They have their own privacy policy at stripe.com/privacy.
  • OpenAI — transcribes voice notes via the Whisper API. Audio is sent encrypted, transcribed, and deleted from their servers per their data policy. We have opted out of any data use for model training.
  • Resend — sends transactional email (digests, reminders, billing receipts).
  • Google — if you connect Gmail or Calendar, you authorize them to share specific scoped data with us via OAuth.
  • Vercel — hosts our web application infrastructure.

We never sell your data. We never share it with advertisers. We never use it for marketing on behalf of other companies. If those things ever change, this document will say so before they happen.

06

Data about your contacts

This part is important. Kithnkins is a relationship tool, so most of what you store with us is data about other people in your life — clients, colleagues, friends. Under most privacy laws (including GDPR), you are the “data controller” for that information, and we are the “data processor.”

By using Kithnkins, you confirm that:

  • You have a legitimate relationship with the people you add (clients, friends, colleagues, network connections)
  • You're complying with any applicable privacy laws in your jurisdiction — particularly relevant under GDPR if you're in the EU/UK
  • You'll respond to any requests from those people if they want their data removed from your Kithnkins account

If a contact reaches out to us directly asking to be removed from your Kithnkins account, we'll forward the request to you and ask you to handle it within a reasonable time.

07

Your rights

You can, at any time:

  • Access all data we hold about you (export feature in your settings)
  • Correct anything that's wrong
  • Delete your entire account, which deletes all your data within 30 days
  • Object to or restrict certain types of processing
  • Take your data elsewhere — export to JSON or CSV anytime

To exercise any of these, email privacy@kithnkins.com or use the in-app controls in your settings. We aim to respond within 30 days.

If you're in the EU/UK and you believe we've mishandled your data, you have the right to lodge a complaint with your local data protection authority — but please email us first; we'd rather fix it directly.

08

How we protect your data

  • All data encrypted in transit (TLS) and at rest
  • Database access controlled by row-level security — even our engineers cannot query your data without explicit authorization for support
  • OAuth tokens for Gmail and Calendar are encrypted using a key stored separately from the data itself
  • Voice recordings are stored with short-lived signed URLs and deleted from our infrastructure after transcription completes
  • We review our security practices regularly and patch dependencies promptly

No system is perfectly secure. If we ever discover a breach affecting your data, we will notify affected users within 72 hours of confirming the breach.

09

Data retention

  • While you're a user: we keep your data for as long as your account is active.
  • After you cancel: your data is kept in read-only state for 60 days so you can come back, then permanently deleted.
  • If you explicitly request deletion: we delete within 30 days.
  • Backups: deleted within 90 days of the corresponding production data.
  • Aggregated analytics: we may retain anonymized usage statistics indefinitely.
10

Cookies and tracking

We use only essential cookies — to keep you logged in and to remember your preferences. We don't use advertising cookies, third-party analytics cookies, or cross-site trackers. You won't see Kithnkins ads following you around the internet, because we don't run any.

11

Children

Kithnkins is not directed at anyone under 18, and we don't knowingly collect data from minors. If we discover an account belongs to someone under 18, we'll close it and delete the data.

12

International transfers

Our primary servers are based in the United States. If you're located outside the US, your data may be transferred to and processed there. For users in the EU/UK, this transfer is covered by Standard Contractual Clauses and other appropriate safeguards.

13

Changes to this policy

We may update this policy as the product evolves or laws change. For meaningful changes, we'll email you at least 30 days before they take effect. Cosmetic changes (typos, clarifications) we'll just update — the “last updated” date at the top tells you when.

14

Contact

For privacy questions, data requests, or to report a concern: privacy@kithnkins.com

For everything else: hello@kithnkins.com