Kinswell Privacy Policy
Last Updated: December 7, 2025
1. Introduction
Kinswell ("we," "us," "our," or the "Service") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our family health records management application.
Please read this Privacy Policy carefully. By using Kinswell, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
2. Information We Collect
We collect information that you provide directly to us, as well as information collected automatically when you use the Service.
2.1 Information You Provide
Account Information
- Email address
- Password (stored securely using industry-standard encryption)
- Account preferences and settings
Family Member Information
- Names (first name, last name)
- Date of birth
- Relationship to account holder (e.g., self, spouse, child, parent)
- Gender
- Blood type
- Height and weight
Health Information
- Medications (name, dosage, frequency, prescribing doctor, pharmacy, start/end dates, notes)
- Health episodes (title, description, body system, symptoms, severity levels, dates)
- Symptoms (name, severity, notes)
- Appointments (date, provider name, specialty, location, type, reason, outcome, notes)
Communication Information
- Support inquiries and correspondence
- Feedback and suggestions you provide
2.2 Information Collected Automatically
Device and Usage Information
- Device type and operating system
- Browser type and version
- IP address (anonymized)
- Pages viewed and features used
- Date and time of access
- Referring website or source
Cookies and Similar Technologies
We use essential cookies to:
- Maintain your login session
- Remember your preferences
- Ensure the Service functions properly
We do NOT use:
- Advertising or tracking cookies
- Third-party analytics that track you across websites
- Social media tracking pixels
3. How We Use Your Information
We use the information we collect to:
3.1 Provide and Maintain the Service
- Create and manage your account
- Store and organize your family health records
- Display your data in the caregiver dashboard
- Process subscription payments (if applicable)
3.2 Improve the Service
- Understand how users interact with features
- Identify and fix bugs and technical issues
- Develop new features based on usage patterns
- Optimize Service performance
3.3 Communicate With You
- Send service-related notifications (password resets, account updates)
- Respond to your support requests
- Send important updates about changes to the Service or policies
- Send medication and appointment reminders (if enabled by you)
3.4 Ensure Security
- Detect and prevent fraud or unauthorized access
- Investigate suspicious activity
- Enforce our Terms of Service
4. What We Do NOT Do With Your Information
We take your privacy seriously. We do NOT:
- Sell your personal information or health data to anyone
- Share your health information with advertisers
- Use your health data for targeted advertising
- Share your data with data brokers
- Allow third-party advertising networks to access your data
- Use your health information for any purpose other than providing the Service to you
- Access your data for our own purposes without your consent
5. Information Sharing and Disclosure
We may share your information only in the following limited circumstances:
5.1 Service Providers
We use trusted third-party service providers to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database hosting and authentication | All account and health data (encrypted) |
| Stripe (if applicable) | Payment processing | Payment information only (not health data) |
| Email service provider | Transactional emails | Email address, name |
All service providers are contractually obligated to protect your data and use it only for the purposes we specify.
5.2 Legal Requirements
We may disclose your information if required to do so by law or in response to:
- Valid legal process (court order, subpoena)
- Government requests when legally required
- Protection of our rights, privacy, safety, or property
- Prevention of fraud or security issues
5.3 Business Transfers
If Kinswell is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change and any choices you may have.
5.4 With Your Consent
We may share your information in other ways if you give us explicit consent to do so.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
6.1 Technical Safeguards
- Encryption in Transit: All data transmitted between your device and our servers uses TLS/SSL encryption
- Encryption at Rest: Your data is encrypted when stored in our database
- Secure Authentication: Passwords are hashed using industry-standard algorithms
- Row Level Security (RLS): Database-level enforcement ensures you can only access your own data
- Regular Security Updates: We keep our systems updated with security patches
6.2 Organizational Safeguards
- Limited access to production data
- Regular security reviews
- Incident response procedures
6.3 Your Role in Security
You can help protect your data by:
- Using a strong, unique password
- Keeping your password confidential
- Logging out of shared devices
- Reporting any suspicious activity to us immediately
6.4 No Guarantee
While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
7. Data Retention
7.1 Active Accounts
We retain your data for as long as your account is active or as needed to provide the Service.
7.2 Deleted Accounts
When you delete your account:
- Your personal data and health records are permanently deleted
- Deletion is completed within 30 days of your request
- Some anonymized, aggregated data may be retained for analytics
- Backup copies are purged according to our backup retention schedule (typically within 90 days)
7.3 Legal Requirements
We may retain certain information as required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements).
8. Your Rights and Choices
You have the following rights regarding your personal information:
8.1 Access Your Data
You can view all data associated with your account through the Service interface.
8.2 Export Your Data
You can export your data in standard formats (CSV) through the Service. This allows you to:
- Keep a personal backup
- Transfer your data to another service
- Review what information we have stored
8.3 Correct Your Data
You can update or correct any information in your account at any time through the Service.
8.4 Delete Your Data
You can request deletion of your account and associated data by:
- Using the account deletion feature in Settings
- Contacting us at privacy@kinswell.app
Account deletion is permanent and cannot be undone.
8.5 Withdraw Consent
Where we rely on consent to process your information, you may withdraw consent at any time. This will not affect the lawfulness of processing before the withdrawal.
8.6 Communication Preferences
You can opt out of non-essential communications by:
- Adjusting your notification settings
- Clicking "unsubscribe" in marketing emails
- Contacting us at privacy@kinswell.app
Note: You cannot opt out of essential service communications (security alerts, Terms updates).
9. Children's Privacy
Kinswell is not intended for use by children under 18 as primary account holders. However, we understand that parents and guardians use our Service to manage health records for minor children in their care.
- Account holders must be 18 years or older
- Parents/guardians may enter health information for their minor children
- We do not knowingly collect personal information directly from children
- If we learn we have collected information from a child under 13 without parental consent, we will delete it
If you believe we have collected information from a child inappropriately, please contact us at privacy@kinswell.app.
10. International Data Transfers
10.1 Data Location
Your data is stored on servers located in the United States through our service provider, Supabase.
10.2 International Users
If you access the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.
By using the Service, you consent to this transfer. We take steps to ensure your data is protected in accordance with this Privacy Policy regardless of where it is stored.
11. Health Information Notice
11.1 Personal Health Records
The health information you enter into Kinswell constitutes your personal health records. This is information you choose to record for your own personal use.
11.2 HIPAA Notice
Kinswell is not a "covered entity" under the Health Insurance Portability and Accountability Act (HIPAA). HIPAA applies to healthcare providers, health plans, and healthcare clearinghouses.
As a consumer application where you enter and manage your own health information, we are not subject to HIPAA requirements. However, we are committed to protecting your health information with strong security measures and privacy practices.
11.3 Sensitive Data Handling
We treat all health-related information as sensitive and apply enhanced protections:
- Health data is never shared with third parties for marketing
- Access to health data is strictly limited
- We do not analyze your health data for any purpose other than providing the Service
12. Do Not Track Signals
Some browsers have a "Do Not Track" feature that signals to websites that you do not want your online activity tracked. We do not engage in tracking that would respond to such signals, as we do not use third-party tracking technologies.
13. Third-Party Links and Services
The Service may contain links to third-party websites or services (such as healthcare provider websites). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last Updated" date at the top of this policy
- For material changes, we will notify you by email or through the Service
- We will provide at least 30 days' notice before material changes take effect
Your continued use of the Service after changes become effective constitutes your acceptance of the revised policy.
15. California Privacy Rights (CCPA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):
15.1 Right to Know
You have the right to request information about:
- The categories of personal information we collect
- The purposes for which we use your information
- The categories of third parties with whom we share your information
- The specific pieces of personal information we have collected about you
15.2 Right to Delete
You have the right to request deletion of your personal information, subject to certain exceptions.
15.3 Right to Non-Discrimination
We will not discriminate against you for exercising your privacy rights.
15.4 Sale of Personal Information
We do not sell your personal information. We have not sold personal information in the preceding 12 months.
15.5 Exercising Your Rights
To exercise your California privacy rights, contact us at privacy@kinswell.app. We will verify your identity before processing your request.
16. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
16.1 Legal Basis for Processing
We process your data based on:
- Contract: To provide the Service you requested
- Consent: For optional features and communications
- Legitimate Interests: To improve the Service and ensure security
16.2 Your Rights
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
16.3 Data Protection Authority
You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe our processing of your data violates applicable law.
16.4 Contact for GDPR Inquiries
For GDPR-related requests, contact us at privacy@kinswell.app.
17. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Kinswell
Privacy Inquiries:
Email: privacy@kinswell.app
General Support:
Email: support@kinswell.app
We will respond to your inquiry within 30 days.
18. Summary of Key Points
| Topic | Summary |
|---|---|
| What we collect | Account info, family member profiles, medications, health episodes, appointments |
| How we use it | To provide and improve the Service, communicate with you, ensure security |
| What we DON'T do | Sell your data, share with advertisers, use for targeted ads |
| Who we share with | Only essential service providers (database, payments, email) |
| Your rights | Access, export, correct, and delete your data |
| Security | Encryption, secure authentication, row-level security |
| Data location | United States (Supabase servers) |
| Contact | privacy@kinswell.app |
This Privacy Policy was last updated on December 7, 2025.