Kindr Privacy Policy

Last updated: April 2025

Kindr ("the App") is a family calendar application that helps parents automatically extract school and activity events from their email. This Privacy Policy explains what data we access, how we use it, and how we protect it.

1. What Data We Access

When you connect Gmail, the App requests read-only access to your Gmail account (https://www.googleapis.com/auth/gmail.readonly). This allows us to:

Search your inbox for emails from school senders that you configure
Read the subject line and body text of those matching emails
Read PDF attachments from those emails to extract event dates

We do not read emails from senders you have not configured. We do not access any other Google services or data.

    Google User Data: Kindr's use of Google user data (Gmail read access) is limited to reading emails from school and activity senders that you explicitly configure in the app, for the sole purpose of extracting family calendar events to display in your personal calendar within the Kindr app.
  

2. How We Use Your Data

Email content is used exclusively to extract calendar events (dates, times, event names, locations) using an AI language model. The extracted events are stored locally on your device only. We do not:

Store email content, subject lines, or body text on our servers
Store your email address or any personally identifiable information on our servers
Use your email data for advertising, profiling, or any purpose other than event extraction
Transfer your data to any third party other than the AI provider processing your extraction request (Groq, Google Gemini, or Anthropic Claude)

3. OAuth Tokens

When you authenticate with Google, the App stores your OAuth access token and refresh token in server memory only. These tokens:

Are never written to disk or a database
Are discarded when the server restarts
Are used only to fetch emails on your behalf when you initiate a scan in the app

You can revoke access at any time via Google Account Permissions or by signing out within the app.

4. AI Processing

Email subject lines and body text from matching emails are sent to an AI language model (Groq LLaMA, Google Gemini, or Anthropic Claude) to extract event details. These requests are made over HTTPS. The AI providers' own privacy policies apply to their processing of this data. No personal identifiers beyond what appears in the email body are included.

5. Family Sync (Optional)

If you use the optional Family Calendar Sync feature, confirmed event titles and dates are stored in a shared Supabase database so family members can view the same calendar. This data includes only event titles, dates, times, and locations — never email content. You can leave a family room and remove your data at any time from within the app.

6. Data Retention

Email content: Never stored; discarded after event extraction
OAuth tokens: In-memory only; cleared on server restart or sign-out
Extracted events: Stored locally on your device; under your control
Family sync events: Retained in Supabase until you leave the family room

7. Security

All data is transmitted over HTTPS. OAuth tokens are stored in memory only and are never logged. The server applies rate limiting, security headers (via Helmet), and CORS restrictions.

8. Children's Privacy

Kindr is designed for use by parents. We do not knowingly collect personal data from children. The "children" data stored in the app refers to configuration entries (child names, classes) that are stored locally on the parent's device only.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the date at the top of this page.

10. Contact

If you have questions about this Privacy Policy or how Kindr handles your data, please contact us at:

ignacio.matadorai@gmail.com