Kinder — Privacy Policy
1. Who We Are
Kinder is operated by Konnecturs, Lda., a company registered in Portugal with NIF 518700470, with registered address at Ave Infante Dom Henrique, Lote 1 G1D, 1950-421 Lisboa, Lisbon, Portugal (referred to as “we,” “us,” or “Konnecturs” throughout this policy).
Konnecturs is the data controller for personal data processed through the Kinder app and website (KonnectKinder.com).
Data Protection Officer:
Email: dpo@konnecturs.com
Supervisory Authority:
Comissão Nacional de Proteção de Dados (CNPD)
Av. D. Carlos I, 134 — 1.º, 1200-651 Lisboa
www.cnpd.pt
2. What This Policy Covers
This privacy policy explains how we collect, use, store, share, and protect your personal data when you use the Kinder app (iOS, Android, and web) and the KonnectKinder.com website. It applies to all users, including primary account holders and Support Circle members.
We have written this policy in clear, plain language because we believe you deserve to understand exactly what happens with your data. If anything is unclear, please contact us at privacy@konnecturs.com.
3. What Data We Collect
3.1 Data You Provide Directly
Account Information (required to use Kinder):
- Email address
- Password (stored only as a cryptographic hash — we never store your actual password)
- Display name
- Date of birth (used to calculate your age bracket; the exact date is not displayed to other users)
- Native language
Profile Information (optional — you control what to share):
- Gender
- Country and city
- Biography (free text)
- Profile photo
- Preferred languages and translation preferences
- How you prefer to end connections (closure preference)
Privacy and Safety Preferences:
- Encryption mode (standard or end-to-end)
- Enhanced Protection setting (enables more thorough AI safety checks on messages you receive)
- Visibility toggles for each profile field (you choose exactly what other users can see)
- AI Insights setting (whether you want AI-generated reflections on your journal entries)
- Mindful Mode settings (session time limits, reminder style)
- Notification preferences (per-feature timing and quiet hours)
Content You Create:
- Messages you send to connections
- Reflection journal entries (always private — only you can see these)
- Gratitude thread entries (shared with the connections you choose)
- Connection Seed responses (shared as you choose: privately, with a specific person, or with all connections)
- Story Builder contributions (shared with your co-author)
- TITYOW (“Today I Thought of You When...”) messages
- Closure messages when ending a connection
Support Circle Information (if you invite supporters):
- Supporter’s name and email address
- Your relationship to them (e.g., daughter, friend, caregiver)
- Their role (primary, secondary, emergency)
- Permissions you grant them (view connections, receive safety alerts, view activity summary)
3.2 Data We Collect Automatically
When you use the app, we automatically collect:
- Session data: when you open and close the app, session duration, and general usage patterns (screens visited, messages sent)
- Connection metadata: when connections were formed, message counts, estimated time invested in each connection
- Safety analysis results: safety scores and flags generated by our automated safety system (explained in Section 5)
- AI decision logs: records of automated safety and insight decisions, used for quality assurance
- Timestamps on all activities (messages sent, reflections written, etc.)
Device Information:
- Firebase Cloud Messaging device token (required to deliver push notifications)
- Basic device metadata collected by Firebase Cloud Messaging in the course of delivering notifications
We do not collect: GPS or real-time location data, advertising identifiers, contacts from your phone, browsing history, or data from other apps on your device.
3.3 Data We Do Not Collect
We want to be clear about what Kinder does not collect, even though we serve a senior audience:
- No medication information
- No medical conditions or diagnoses
- No cognitive or mobility assessments
- No emergency medical contact information
- No health monitoring data of any kind
- No financial or payment information (Kinder is currently free)
The Support Circle feature is a social support tool, not a health monitoring system.
4. Why We Process Your Data (Legal Bases)
Under the General Data Protection Regulation (GDPR), we must have a legal basis for each way we use your data. Here are our legal bases:
| What We Do | Legal Basis | GDPR Article |
|---|---|---|
| Provide the Kinder service (messaging, connections, features) | Performance of contract | Art. 6(1)(b) |
| Protect user safety (AI safety pipeline, content moderation) | Legitimate interest (protecting users from harm) | Art. 6(1)(f) |
| Send you push notifications you have configured | Performance of contract | Art. 6(1)(b) |
| Generate AI reflection insights on your journal entries | Your consent (opt-in via AI Insights toggle) | Art. 6(1)(a) |
| Translate messages between languages | Performance of contract | Art. 6(1)(b) |
| Maintain security logs and prevent abuse | Legitimate interest (security) | Art. 6(1)(f) |
| Comply with legal obligations (tax records, law enforcement requests) | Legal obligation | Art. 6(1)(c) |
| Improve our service through anonymized, aggregated analytics | Legitimate interest (service improvement) | Art. 6(1)(f) |
Important note about health-related information: While Kinder does not ask you for health data, you may choose to discuss health topics in your messages, journal entries, or profile. Free-text content that you voluntarily write may contain health-related information. We process this content under the legal bases above (contract performance for messaging, consent for AI insights). We do not use any health-related information you share in free text for profiling, advertising, or any purpose beyond delivering the feature you are using.
5. How We Use Artificial Intelligence
Kinder uses AI in three specific ways. We believe in full transparency about this.
5.1 Message Safety Pipeline
What it does: Every message you send passes through a two-step safety system before delivery. The first step uses pattern detection (no external service). The second step uses Anthropic’s Claude AI to assess whether the message contains potentially harmful content (financial exploitation attempts, romance scam patterns, manipulation, violent threats, or other harmful behavior).
What data is sent to the AI: Your message text, basic connection context (how long you’ve been connected, approximate age brackets of both users, whether Enhanced Protection is enabled), and the last few messages in the conversation for context.
What it does not do: The safety system does not read your messages for advertising, profiling, or any purpose other than protecting you and your connections from harm.
Your data is protected: Before sending data to Anthropic’s Claude, personally identifiable information is removed. Only age brackets (e.g., “61-70”), not your name or email, are included. Anthropic’s API does not use your data to train their AI models and automatically deletes it within 7 days.
What happens with the results: Safety assessments are logged internally for quality assurance and to support our human safety team. If a message is flagged as potentially harmful, it may be blocked from delivery, and safety alerts may be sent to your Support Circle members (if you have granted them alert permissions).
5.2 Reflection Journal Insights
What it does: When you write a journal entry and have AI Insights enabled, the AI generates a short (60–100 word) contemplative perspective on your reflection. This is delivered 2–4 hours after you write the entry.
What data is sent to the AI: Your reflection text, with personally identifiable information removed before transmission.
This is entirely optional. You can turn AI Insights on or off at any time in your settings. When disabled, no reflection data is sent to any AI service.
These are not professional assessments. AI-generated insights are for personal reflection only. They are not psychological evaluations, therapy, or clinical guidance.
5.3 Message Translation
What it does: When you and a connection speak different languages, Google Cloud Translation translates messages into each person’s preferred language.
What data is sent: The message text and the source language code.
You control this. You can set your translation mode to “none” to disable translation entirely.
AI Provider Data Practices
| Provider | What They Receive | Data Retention | Used for AI Training? |
|---|---|---|---|
| Anthropic (Claude) | Safety analysis data, reflection text (anonymized) | Auto-deleted within 7 days | No |
| OpenAI (GPT-4) | Reflection text when configured (anonymized) | Retained 30 days for abuse monitoring | No (API usage) |
| Google Cloud Translation | Message text for translation | Per Google Cloud data processing terms | No |
We have executed Data Processing Agreements with all AI providers. All AI processing occurs on EU-based servers where available.
6. Automated Decision-Making
Kinder uses automated processing in ways that may affect your experience:
Safety decisions: The AI safety pipeline can automatically block messages, pause connections, and generate safety alerts — without a human reviewing each decision first. These decisions are made to protect you, but they are not infallible.
Connection scoring: The app automatically estimates time invested in each connection and assigns friendship stage labels (Acquaintance, Casual Friend, Friend, Close Friend, Best Friend) based on published friendship research. These labels are visible only to you in your own dashboard.
Your rights regarding automated decisions: Under GDPR Article 22, you have the right not to be subject to automated decisions that significantly affect you. If you believe an automated safety decision was made in error, you can contact us at support@konnecturs.com and a human team member will review the decision. You can also disable AI Insights at any time.
7. Who We Share Your Data With
We share your personal data only with the following categories of recipients, and only to the extent necessary:
Service Providers (Data Processors)
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Railway | Database hosting | European Union | Data Processing Agreement, encryption at rest |
| Vercel | API and web hosting | European Union | Data Processing Agreement |
| Anthropic | AI safety analysis and reflection insights | DPA with SCCs, EU-US DPF certified | DPA + SCCs + DPF |
| OpenAI | AI reflection insights (when configured) | DPA with SCCs, DPF certified | DPA + SCCs + DPF |
| Google Cloud | Message translation, push notifications (FCM) | European Union | Data Processing Agreement |
| Amazon Web Services (S3) | Media file storage (photos) | European Union | Data Processing Agreement |
| Sentry | Error tracking and crash reporting | European Union | Data Processing Agreement |
| SendGrid (Twilio) | Transactional email delivery | DPA with SCCs, DPF certified | DPA + SCCs + DPF |
We have executed Data Processing Agreements (GDPR Article 28) with every provider listed above. Where data is transferred outside the European Economic Area, we rely on the EU-US Data Privacy Framework adequacy decision and/or Standard Contractual Clauses as transfer mechanisms.
Your Support Circle Members
If you create a Support Circle and invite supporters, they may see:
- The display names of your connections
- Safety alerts (when generated)
- An activity summary (aggregate information about your app usage — number of sessions, connections made)
- Verification status of your connections
Supporters never see: your message content, reflection journal entries, gratitude entries, or the specific content of any communication.
You control exactly what each supporter can see through individual permission toggles, and you can remove supporters at any time.
Other Users
Other Kinder users can see your profile information based on your visibility settings. You control each field independently (name, age, gender, location, bio, photo). Messages are visible only to the sender and recipient.
Legal and Safety Obligations
We may disclose your data if required by law, court order, or regulatory request (e.g., from the CNPD or law enforcement). We may also disclose data if necessary to protect the safety of our users, investigate fraud, or respond to an emergency.
8. International Data Transfers
Your data is primarily stored and processed within the European Economic Area (EEA). Where we use service providers based outside the EEA (primarily AI providers based in the United States), we ensure adequate protection through:
- EU-US Data Privacy Framework: Verified certification for each US-based provider.
- Standard Contractual Clauses (SCCs): The European Commission’s approved contractual safeguards for international transfers, executed with all relevant providers.
- Transfer Impact Assessments: Conducted for each US-based provider to evaluate the adequacy of data protection.
We prioritize EU-based data hosting. Our database, cloud infrastructure, media storage, and error tracking services all operate within the EU.
9. How We Protect Your Data
We implement the following security measures:
- Encryption at rest: All data stored in our database is encrypted using AES-256 encryption. Messages are additionally encrypted using AES-256-GCM.
- Encryption in transit: All data transmitted between your device and our servers is protected by TLS 1.3.
- End-to-end encryption: Available as an option for messages between connections.
- Password security: Passwords are hashed using the scrypt algorithm with random salts. We never store your actual password.
- Access control: Internal access to production data is restricted to authorized personnel only, with multi-factor authentication required. All access is logged.
- AI data minimization: Personally identifiable information is removed from data before it is sent to external AI providers.
- Profile photo moderation: Uploaded photos go through a review process before being visible to other users.
10. How Long We Keep Your Data
| Data Type | Retention Period |
|---|---|
| Account and profile data | Until you delete your account |
| Messages | Until you delete your account (or the connection is closed via Graceful Closure) |
| Reflection journal entries | Until you delete your account |
| Gratitude entries | Until you delete your account |
| Session logs (detailed) | 90 days, then deleted. Aggregated statistics retained for your dashboard. |
| Safety logs and AI decision logs | 1 year, then anonymized |
| Support Circle data | Until you remove the supporter or delete your account |
| Tax and invoicing records (when applicable) | 10 years (Portuguese tax law) |
When you delete your account: All your personal data is permanently deleted within 30 days. During this period, your account is deactivated and your data is inaccessible. After 30 days, data is irreversibly purged from our systems, except where we are legally required to retain specific records (such as tax invoices, which are retained for 10 years with restricted access and encryption).
Messages you sent to other users are part of their conversation history. On your account deletion, your identity is anonymized in those conversations (your name is replaced with “Former User”), and any personal information within your message text is redacted where technically feasible.
11. Your Rights
Under the GDPR and Portuguese Law 58/2019, you have the following rights:
Right of access (Art. 15): You can request a copy of all personal data we hold about you. Kinder’s Transparency Dashboard lets you view and export your data directly in JSON format at any time.
Right to rectification (Art. 16): You can correct any inaccurate personal data. Most information can be updated directly in the app’s settings.
Right to erasure (Art. 17): You can request that we delete your personal data. You can delete your account directly in the app, or contact us to request deletion.
Right to restriction (Art. 18): You can request that we limit how we process your data in certain circumstances.
Right to data portability (Art. 20): You can export your data in a structured, machine-readable format (JSON) via the Transparency Dashboard.
Right to object (Art. 21): You can object to processing based on our legitimate interests. You can also object to automated decision-making.
Right to withdraw consent (Art. 7): Where we process your data based on consent (such as AI Insights), you can withdraw consent at any time through the app’s settings. Withdrawal does not affect the lawfulness of processing before withdrawal.
How to exercise your rights: You can exercise most rights directly through the app. For formal requests, contact us at privacy@konnecturs.com. We will respond within one month. If your request is complex, we may extend this by up to two months, and we will inform you of the extension within the first month.
Right to lodge a complaint: If you believe we have not handled your data correctly, you have the right to lodge a complaint with the CNPD (www.cnpd.pt) or your local data protection authority.
12. Cookies and Similar Technologies
On the KonnectKinder.com website: We use cookies for essential functionality (session management, security). We do not use cookies for advertising. Non-essential cookies (analytics) are only activated after you give explicit consent through our cookie banner.
In the Kinder app: We do not use cookies. Firebase Cloud Messaging requires a device token to deliver push notifications — this token is generated only after you consent to receiving notifications. No tracking SDKs or analytics tools are initialized before you provide consent.
13. Children and Age Restrictions
Kinder is designed for adults aged 18 and older. We do not knowingly collect personal data from anyone under 18. Our registration process includes an age verification step that prevents users under 18 from creating an account.
If we discover that we have collected data from a person under 18, we will delete that data immediately. If you believe a minor has created an account, please contact us at privacy@konnecturs.com.
14. Changes to This Policy
We may update this privacy policy to reflect changes in our practices, technology, or legal requirements. When we make material changes:
- We will notify you through the app (in-app notification)
- We will update the “Last Updated” date at the top of this policy
- For significant changes, we will ask for your renewed consent where legally required
We encourage you to review this policy periodically. The current version is always available in the app under Settings > Privacy Policy and at https://konnectkinder.com/privacy.
15. Contact Us
For any questions about this privacy policy or your personal data:
General privacy inquiries: privacy@konnecturs.com
Data protection officer: dpo@konnecturs.com
Support: support@konnecturs.com
Konnecturs, Lda.
Ave Infante Dom Henrique, Lote 1 G1D, 1950-421 Lisboa
Lisbon, Portugal
NIF: 518700470