Privacy Policy
Plain-English Summary: We collect what we need to run the service. We don't sell your data. Health data and voice prints are treated with the highest sensitivity. You can export or delete everything. We use a handful of trusted third-party services — all listed below.
Table of Contents
- Who We Are
- Data We Collect
- Sensitive & Special Category Data
- How We Use Your Data
- Legal Basis for Processing (GDPR)
- Data Sharing & Disclosure
- Sub-Processors
- Data Retention
- Security
- California Residents (CCPA)
- EU/EEA Residents (GDPR)
- Illinois Residents (BIPA)
- Children's Privacy
- Cookies & Analytics
- Data Deletion
- Contact & DPO
1. Who We Are
KinBridge ("we," "us," "our") is operated by KinBridge Inc. We are the data controller for personal data processed through kinbridge.polsia.app. Our primary contact for privacy matters is privacy@kinbridge.app.
2. Data We Collect
Account & Profile Data
- Name, email address, and password (hashed)
- Profile preferences (companion name, personality preferences)
- Subscription and billing information (processed by Stripe — we do not store card numbers)
- Account activity and login timestamps
Conversation Data
- AI companion chat messages and session metadata
- Heartfelt Moments identified by AI from conversations
- Caregiver and family interaction logs
Health & Wearable Data
When you connect a wearable device via Terra, we receive:
- Heart rate, heart rate variability, resting heart rate
- Steps, active minutes, calories burned
- Sleep duration and sleep stage data
- Blood oxygen (SpO2) and stress scores where available
- Body measurements (weight, BMI) if synced by the device
Technical & Usage Data
- IP address, browser type, device type, OS
- Pages visited, feature usage, session duration
- Error logs and performance metrics
3. Sensitive & Special Category Data
Health Data
Health metrics constitute sensitive personal information under CCPA and special category data under GDPR Article 9. We process health data solely to provide the health monitoring features you enable. Health data is never used for advertising, profiling for non-service purposes, or sold.
Biometric Data (Voice Prints)
If you use the Last Words voice cloning feature, we collect a voice print — a biometric identifier. This is the most sensitive category of data we process. Key protections:
- Collected only with explicit, documented consent from the individual whose voice is cloned
- Stored encrypted and isolated from other user data
- Never used for any purpose other than generating your farewell audio content
- Deleted immediately upon consent revocation or account closure
- Subject to BIPA protections for Illinois residents (see Section 12)
Spiritual & Religious Preferences
We may process spiritual or religious preferences you voluntarily provide to personalize companion interactions. This is a special category under GDPR Article 9. We process it solely to deliver your selected experience and never share it with third parties for commercial purposes.
End-of-Life & Bereavement Data
Last Words projects and farewell content are treated with the highest confidentiality. Access is restricted to the account holder and authorized family members you designate. This data is never used in aggregate analytics or shared with third parties except as required to deliver the service (e.g., voice synthesis providers under NDA).
4. How We Use Your Data
| Purpose | Data Used | Basis |
|---|---|---|
| Provide AI companion conversations | Profile, conversation data | Contract performance |
| Display health metrics dashboard | Wearable/health data | Contract + consent |
| Generate Heartfelt Moments | Conversation data | Contract performance |
| Create voice clone for Last Words | Voice print (biometric) | Explicit consent |
| Process payments | Billing data (via Stripe) | Contract performance |
| Send account & service emails | Email address | Contract / Legitimate interest |
| Improve platform (aggregate, anonymized) | Usage data | Legitimate interest |
| Comply with legal obligations | As required by law | Legal obligation |
| Detect fraud and abuse | Account, technical data | Legitimate interest |
We do not use your data for advertising. We do not sell your data. We do not use health or biometric data to train AI models without explicit, separate consent.
5. Legal Basis for Processing (GDPR)
For EU/EEA users, our legal bases are:
- Contract (Art. 6(1)(b)): Core service delivery
- Explicit Consent (Art. 6(1)(a) + Art. 9(2)(a)): Voice cloning, health data, spiritual preferences
- Legitimate Interests (Art. 6(1)(f)): Platform security, fraud prevention, product improvement
- Legal Obligation (Art. 6(1)(c)): Tax records, law enforcement requests
6. Data Sharing & Disclosure
We share data only in these circumstances:
- Sub-processors: Third-party services necessary to operate the platform (see Section 7)
- Enterprise customers: Care facility administrators may access summary data for patients in their care program, subject to the signed BAA
- Authorized family members: Caregiver dashboard access you explicitly grant
- Legal compliance: When required by law, court order, or to protect rights and safety
- Business transfer: In connection with merger or acquisition, with advance notice and your right to export/delete data
We never sell personal data. We never share health or biometric data with insurers, employers (except enterprise customers with BAAs), or advertisers.
7. Sub-Processors
We use the following third-party sub-processors. All are bound by data processing agreements (DPAs) with appropriate protections.
| Processor | Purpose | Location | Data Processed |
|---|---|---|---|
| Neon / Render | Database & hosting infrastructure | USA | All user data |
| Stripe | Payment processing | USA | Billing information |
| Anthropic | AI language model (companion conversations) | USA | Conversation messages |
| Terra | Wearable device data aggregation | USA | Health & wearable data |
| ElevenLabs / Voice AI Provider | Voice synthesis for Last Words | USA | Voice recordings (biometric) |
| Twilio | SMS messaging (daily check-ins) | USA | Phone number, message content |
| Postmark | Transactional email | USA | Email address, message content |
| Cloudflare R2 | Media file storage | USA | Audio files, images, documents |
This list is maintained and updated as processors change. Enterprise customers may request immediate notification of processor changes by emailing enterprise@kinbridge.app.
8. Data Retention
| Data Type | Retention Period | Basis |
|---|---|---|
| Account & profile data | Duration of account + 30 days after closure | Contract |
| Conversation data | Duration of account + 30 days | Contract |
| Health & wearable data | Duration of account + 30 days | Consent |
| Voice print (biometric) | Duration of consent (max 3 years) or account closure | Explicit consent |
| Farewell / Last Words content | Duration of account; exportable on request | Contract |
| Billing records | 7 years | Legal obligation (tax) |
| Consent audit logs | 10 years | Legal / regulatory |
| Server logs | 90 days | Legitimate interest (security) |
9. Security
We implement technical and organizational security measures appropriate for the sensitivity of the data. Key measures include:
- Encryption at rest (AES-256) and in transit (TLS 1.3)
- Biometric data stored in isolated, access-controlled storage
- Role-based access controls — staff access to user data is restricted and logged
- Regular security reviews and dependency updates
- HIPAA-aligned administrative safeguards for enterprise customers
For full security details, see our Security page.
10. California Residents (CCPA / CPRA)
California residents have specific rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA.
Your Rights
- Right to Know: Request disclosure of categories and specific pieces of personal information collected, used, disclosed, or sold in the past 12 months
- Right to Delete: Request deletion of your personal information, subject to certain exceptions
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale: We do not sell personal information. No opt-out needed.
- Right to Limit Use of Sensitive PI: You may limit use of sensitive personal information (health data, voice print, spiritual preferences) to what is necessary to provide the service
- Right to Non-Discrimination: We will not discriminate against you for exercising these rights
Categories of Personal Information (past 12 months)
We collect: Identifiers, Commercial information (billing), Internet or electronic network activity, Health information, Biometric information (voice print, if applicable), Inferences drawn from other data.
Submit a CCPA Request
Email privacy@kinbridge.app with subject "CCPA Request." We will respond within 45 days.
11. EU/EEA Residents (GDPR)
EU/EEA residents have rights under the General Data Protection Regulation (GDPR).
Your Rights
- Access (Art. 15): Receive a copy of your personal data
- Rectification (Art. 16): Correct inaccurate data
- Erasure (Art. 17): "Right to be forgotten"
- Restriction (Art. 18): Restrict processing in certain circumstances
- Portability (Art. 20): Receive data in machine-readable format
- Objection (Art. 21): Object to processing based on legitimate interests
- Withdraw Consent (Art. 7(3)): Withdraw consent at any time without affecting prior processing
International Transfers
Data is processed primarily in the USA. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for international transfers. Enterprise DPAs include SCCs on request.
Lodge a Complaint
You may lodge a complaint with your national supervisory authority. Contact us first at privacy@kinbridge.app — we aim to resolve all concerns within 30 days.
12. Illinois Residents (BIPA)
Illinois residents using voice cloning features are protected by the Biometric Information Privacy Act (740 ILCS 14).
Our BIPA compliance commitments:
- We have a written policy (this Privacy Policy) governing biometric data retention and destruction
- We obtain written consent before collecting any biometric identifier (voice print)
- We do not sell, lease, trade, or profit from biometric identifiers
- We use biometric data only for the purpose disclosed at collection (farewell voice synthesis)
- Voice prints are destroyed when the purpose is fulfilled or within 3 years, whichever comes first
- All third parties handling biometric data sign agreements requiring equivalent protections
To request destruction of your biometric data, contact privacy@kinbridge.app.
13. Children's Privacy
KinBridge is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact privacy@kinbridge.app immediately for deletion.
14. Cookies & Analytics
We use cookies and similar technologies for:
- Essential: Authentication session, CSRF protection — required for the service to function
- Analytics: We operate a self-hosted, privacy-first analytics system. No data is sent to Google Analytics or other third-party analytics. No cross-site tracking.
We do not use advertising cookies or behavioral tracking cookies.
15. Data Deletion
You can delete your account and all associated data through:
- In-app: Settings → Account → Delete Account
- Email: privacy@kinbridge.app — subject "Delete My Account"
Upon deletion request:
- Account and personal data removed from primary database within 30 days
- Media files (audio, images) removed from Cloudflare R2 within 30 days
- Voice print and biometric data removed immediately (within 72 hours)
- Third-party sub-processors notified within 7 days of your deletion request
- Backup copies overwritten within 90 days
- Confirmation email sent upon completion
16. Contact & DPO
Privacy inquiries: privacy@kinbridge.app
Data deletion requests: privacy@kinbridge.app
Enterprise / DPA: enterprise@kinbridge.app
GDPR Data Protection Officer: dpo@kinbridge.app
We aim to acknowledge all privacy requests within 3 business days and resolve them within 30 days (45 days for CCPA requests).