Kindred - AI Personal CRM

Privacy Policy

Last updated: February 21, 2026

Overview

Kindred ("we", "our", "the app") is a personal relationship management app. We take your privacy seriously. This policy explains what data we collect, how we protect it, and your rights.

Our Privacy Commitment

Kindred is built on a privacy-by-design architecture. Your personal data - contact names, voice notes, transcripts, relationship insights, and interaction history - is encrypted on your device before it ever leaves your phone. Our servers store only encrypted data that we cannot read.

Data We Collect

Data you provide

• Account information: Email address and password for authentication.
• Voice recordings: Audio recordings you make within the app, up to 30 seconds each.
• Contact information: Names, relationship tiers, tags, important dates, and notes you add about your contacts.
• Tasks and reminders: Follow-up items you create or accept from AI suggestions.

Data processed on your device

• Transcripts: Your voice recordings are sent to a third-party speech-to-text service, OpenAI Whisper, for transcription. The transcript is stored encrypted on your device.
• AI insights: Transcripts are sent to OpenAI to extract structured data such as summaries, tasks, and contact matches. All AI outputs are proposals. Nothing is saved without your explicit approval.

Data we store on our servers

• Encrypted records: All synced data is encrypted on your device before upload. Our servers store only ciphertext, nonces, and wrapped encryption keys. We cannot decrypt or read your data.
• Device tokens: Push notification tokens for delivering reminders. No sensitive content is included in push payloads.
• Authentication tokens: Session tokens managed by our authentication provider, Supabase Auth.

Data we do not collect

• We do not collect location data.
• We do not collect device contacts or phone book data without your explicit action.
• We do not track your browsing activity.
• We do not serve advertisements.
• We do not sell or share your data with third parties for marketing.

How We Protect Your Data

End-to-end encryption

• A unique master encryption key is generated on your device and stored in your device's hardware-backed secure storage, such as iOS Keychain or Android Keystore.
• Every record is encrypted with a unique per-record key before leaving your device.
• Our servers store only encrypted data. We have zero ability to read your content.
• Even in the event of a server breach, your data remains encrypted and unreadable.

Recovery key

• During setup, you can generate a recovery key to restore your data if you lose your device.
• The recovery key is shown once. We do not store it.
• Without your recovery key or device, your encrypted data cannot be recovered.

Third-Party Services

OpenAI - Speech-to-Text and AI Processing

• Voice recordings and transcripts are sent to OpenAI's API over encrypted connections.
• OpenAI processes this data to produce transcriptions and structured insights.
• We use OpenAI's API, which does not use submitted data for training.
• No data is persisted by OpenAI beyond the API request lifecycle.
• See OpenAI's Privacy Policy.

Supabase - Authentication and Encrypted Storage

• Supabase manages user authentication and stores encrypted data.
• Supabase stores only ciphertext, not plaintext user content.
• See Supabase's Privacy Policy.

Firebase Cloud Messaging - Push Notifications

• Firebase Cloud Messaging delivers push notification nudges to your device.
• Push payloads contain only generic messages, never contact names, transcripts, or other sensitive content.
• See Google's Privacy Policy.

Push Notifications

Push notifications from Kindred are privacy-safe nudges only. They never contain contact names, transcript content, summaries or AI-generated text, or personally identifiable information about your contacts.

Notification content is loaded in-app after you tap, where it is decrypted on your device.

Your Rights

• Access your data: All your data is visible within the app.
• Export your data: You can export your contacts and interaction history.
• Delete your data: You can delete your account and all associated data.
• Control AI processing: You review and approve all AI-generated suggestions before they are saved.
• Manage notifications: You can disable push notifications at any time in your device settings.

Data Retention

• Your data is retained as long as your account is active.
• When you delete your account, all data, including encrypted records on our servers, is permanently deleted within 30 days.
• Voice recordings are stored locally on your device and encrypted before any sync.

Children's Privacy

Kindred is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe we have collected data from a child, please contact us.

Changes to This Policy

We may update this policy from time to time. We will notify you of material changes through the app or via email. Continued use of the app after changes constitutes acceptance.

Contact Us

If you have questions about this privacy policy or your data, email privacy@kindredmemory.com.

App Store Privacy Labels

iOS App Privacy

Data linked to you: email address for authentication.

Data not linked to you: diagnostics such as crash logs and performance data, without user content.

Data not collected: location.