Privacy Policy

Effective Date: March 13, 2026

Last Updated: March 13, 2026

KindredLink, Inc. (“KindredLink,” “we,” “us,” or “our”) operates the KindredLink.ai platform, including its web applications, mobile experiences, and related services (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, password (stored in hashed form), and optional profile details such as your relationship to the senior whose story is being preserved.

1.2 Life-History Data

The core of our Service involves recording and preserving personal life stories. This includes biographical information, memories, anecdotes, family relationships, places of residence, career history, military service records, cultural traditions, and other life details shared during AI-guided conversations or entered manually into the life map.

1.3 Voice and Audio Data

If you use our voice recording features (including Digital Presence and Eternal Voice), we collect audio recordings of your voice. These recordings are used to create a personalized voice persona and may be transcribed into text for story preservation.

1.4 Media and Uploaded Content

You may upload photographs, reference images, documents, and other media files. We store these securely and use them to generate illustrated storyboards, life map visuals, and other personalized content.

1.5 Device and Technical Data

We automatically collect device identifiers, browser type and version, operating system, IP address, referring URLs, pages visited, time and date of access, and interaction patterns within the Service.

1.6 Wearable and Sensor Data

If you connect wearable devices or participate in facility-based programs, we may collect motion data, location data within a facility, engagement metrics, and behavioral indicators used to support cognitive therapy and wellness monitoring.

1.7 Cookies and Similar Technologies

We use cookies, local storage, and similar technologies as described in Section 8 below.

2. How We Use Your Information

• Service Delivery: To operate, maintain, and improve the Service, including generating AI-guided conversations, life maps, storyboards, and family engagement reports.
• AI Personalization: To personalize your experience by training your individual voice persona, tailoring conversation prompts to your life history, and generating contextually relevant content. Your data is used solely for your own personalization — never for general model training.
• Clinical and Facility Reporting: For facility customers, to generate cognitive engagement scores, wellness indicators, and clinical insights for authorized care teams.
• Safety and Security: To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues.
• Communication: To send you service-related notices, respond to inquiries, and, with your consent, send promotional communications you can opt out of at any time.
• Analytics and Improvement: To analyze usage patterns in aggregate to improve the Service, develop new features, and conduct internal research. We use anonymized and aggregated data for these purposes whenever possible.

3. AI and Your Data

We are committed to responsible AI practices. The following principles govern how AI interacts with your data:

• No Model Training: Your personal data, life stories, voice recordings, and media are never used to train foundational AI models. We do not contribute your data to any third-party AI training datasets.
• Data Processing Agreements: We maintain Data Processing Agreements (DPAs) with all AI service providers (including providers of large language models and speech synthesis services) that contractually prohibit them from using your data for model training or any purpose beyond fulfilling our Service requests.
• No Persistent Storage by AI Providers: AI providers process your data transiently to generate responses and do not retain your data after processing is complete. Conversation context is maintained within our own infrastructure, not by third-party AI providers.
• Minimum Necessary Principle: We send only the minimum data necessary to AI providers to generate the requested output.

4. How We Share Your Information

4.1 Authorized Care Teams

For residents of care facilities, we share relevant engagement data, cognitive insights, and wellness indicators with authorized care team members as configured by the facility administrator.

4.2 Family Members

Life stories and related content may be shared with family members you have authorized. You control which family members have access and can modify permissions at any time.

4.3 Service Providers

We engage trusted third-party service providers who perform services on our behalf, including cloud hosting (Supabase, Vercel), AI processing, email delivery, and payment processing. These providers are contractually obligated to use your data only as directed by us and in accordance with this Privacy Policy.

4.4 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a government request.

4.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

4.6 With Your Consent

We may share your information for other purposes with your explicit consent.

4.7 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We have never sold personal information and have no plans to do so.

5. Data Security

We implement robust technical and organizational measures to protect your information:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3.
• Encryption at Rest: Stored data is encrypted using AES-256 encryption.
• Access Controls: Role-based access control (RBAC) ensures that only authorized personnel and systems can access your data, limited to what is necessary for their function.
• Audit Logging: Comprehensive audit logs track data access and modifications for security monitoring and compliance.
• Data Isolation: Each family’s and facility’s data is logically isolated using row-level security policies.
• Incident Response: We maintain an incident response plan to promptly address any security events.

While we take commercially reasonable measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention and Deletion

We retain your personal information for as long as your account is active or as needed to provide the Service. We also retain data as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

You may request deletion of your account and associated data at any time. Upon receiving a verified deletion request, we will delete or anonymize your personal information within 30 days, except where retention is required by law. Certain audit logs may be retained in anonymized form to comply with legal and regulatory requirements.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to certain legal exceptions.
• Portability: Request a machine-readable copy of your data for transfer to another service.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Objection: Object to processing of your data for certain purposes.
• Withdrawal of Consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@kindredlink.ai. We will respond to verified requests within 30 days (or sooner where required by law).

8. Cookies and Similar Technologies

We use the following categories of cookies:

• Strictly Necessary Cookies: Essential for the Service to function, including authentication tokens, session management, and security cookies. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with the Service so we can improve the user experience. These are anonymized where possible and can be disabled.
• Functional Cookies: Remember your preferences (such as language, theme, and accessibility settings) to provide a personalized experience.

We do not use advertising or tracking cookies. We do not engage in cross-site tracking or serve targeted advertisements.

9. Children’s Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will promptly delete it. If you believe a child under 13 has provided us with personal information, please contact us at privacy@kindredlink.ai.

10. International Data Transfers

Our Service is primarily hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where our service providers maintain facilities. These countries may have data protection laws that differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy. Where required, we implement appropriate safeguards (such as Standard Contractual Clauses) for international data transfers.

11. State-Specific Disclosures

California (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You may request details about the categories and specific pieces of personal information we have collected, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share information.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising. Because we do not engage in these practices, there is no need to opt out, but we honor all such requests.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Personal Information: Where applicable, you may limit our use of sensitive personal information to what is necessary to provide the Service.

To exercise these rights, contact privacy@kindredlink.ai. We will verify your identity before processing your request.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on this page with a revised “Last Updated” date and, where appropriate, by sending you an email notification or displaying a prominent notice within the Service. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: