← Back to KinKeep

Privacy Policy

Last updated: April 6, 2026

1. Information We Collect

Account Information

When you create a KinKeep account, we collect your name, email address, hashed password, and role (primary caregiver or invited caregiver).

Senior Profile Data

For each senior profile you create, we collect: name, date of birth, relationship to caregiver, state of residence, veteran status, VA file number (if applicable), phone number, and timezone.

Health Data

KinKeep collects health-related information that you provide, including:

  • Medications: name, dosage, frequency, prescriber, and pharmacy.
  • Symptoms: self-reported symptom entries.
  • Wellness Checks: periodic wellness check-in data.
  • Emergency Profile: blood type, allergies, medical conditions, DNR status, organ donor status, primary doctor, and insurance information.
  • Drug Interactions: results from drug interaction analysis.
  • Cognitive Screening: cognitive screening assessment data.

Financial Data

When you connect financial accounts through Plaid, we collect: bank account metadata (institution name, account type, last four digits), up to 90 days of transaction history, subscription detection results, and fraud analysis results. We do not store your bank login credentials.

Documents

KinKeep allows you to upload and store documents such as wills, trusts, insurance policies, medical records, financial documents, and government-issued identification. All uploaded documents are encrypted and stored via Vercel Blob.

Communication Data

We process email content submitted for fraud and scam scanning, and SMS metadata for notification delivery and verification.

Device & Usage Data

We automatically collect user agent strings, IP addresses, and activity logs when you use KinKeep.

Payment Data

Payment processing is handled by Stripe. We store only your Stripe customer ID and subscription ID. We do not store credit card numbers or other payment method details on our servers.

2. How We Use Your Information

We use the information we collect to:

  • Operate and maintain the KinKeep service, including senior profile management, medication tracking, health monitoring, and financial oversight.
  • Send notifications, alerts, and reminders related to your caregiving activities.
  • Perform AI-powered analysis, including drug interaction detection, fraud scanning, and health scoring.
  • Process payments and manage subscriptions through Stripe.
  • Provide customer support and respond to your inquiries.
  • Improve and optimize the Service using aggregated and anonymized data.
  • Comply with applicable legal obligations.

4. Third-Party Sub-Processors

We share data with the following sub-processors to provide the KinKeep service:

ProviderPurposeData SharedLocation
PlaidBank account linking and financial data retrievalFinancial dataUS
StripePayment processingEmail, subscription dataUS
Anthropic (Claude)AI analysisEmail/mail content, medication dataUS
TwilioSMS notificationsPhone numbers, message contentUS
ResendEmail deliveryEmail addresses, email contentUS
VercelHosting and document storage (Blob)All data in transit, uploaded documentsUS
NeonDatabaseAll stored dataUS
UpstashRate limitingIP addresses, request metadataUS

5. Data Sharing

We never sell your personal data. We share data only in the following circumstances:

  • Sub-Processors: We share data with the third-party sub-processors listed above solely to operate and provide the KinKeep service.
  • Caregiver Sharing: When you invite a caregiver to a senior profile, you are responsible for granting them access to that profile's data. Invited caregivers can view and manage the information within the profiles they have been granted access to.
  • Public Sharing: Emergency cards may be accessed via unique token-based URLs that you choose to share. Anyone with the link can view the emergency card information.
  • Legal Compliance: We may disclose your data if required to do so by valid legal process, such as a subpoena, court order, or government request.

6. Data Retention

  • Active account data: retained while your account remains active.
  • Medication, symptom, and wellness logs: retained for the lifetime of the senior profile.
  • Financial transactions: retained for 90 days.
  • Scan results: retained for 12 months.
  • Audit logs: retained for 24 months with personally identifiable information, then anonymized.
  • Resolved alerts: retained for 12 months.
  • Notification logs: retained for 6 months.

7. Account Deletion

You may request account deletion from your account settings or by contacting support. Upon deletion request, your account enters a 30-day grace period during which you may reverse the deletion.

After the grace period, we perform a hard delete that includes:

  • Revoking all Plaid access tokens.
  • Deleting all documents from Vercel Blob storage.
  • Purging your data from the database.
  • Transferring or deleting associated senior profiles (based on whether other caregivers are linked).
  • Anonymizing audit logs.
  • Canceling your Stripe subscription.
  • Sending a confirmation email.

Legal representatives may request account deletion on behalf of a deceased user by providing a death certificate and documentation establishing legal authority to legal@trykinkeep.com.

8. Data Export

You may request a data export from your account settings. KinKeep will generate a JSON archive containing all data associated with your account, including senior profiles, health data, financial data, documents, and activity logs. A secure download link will be provided within 48 hours of your request.

9. Security Measures

We implement the following security measures to protect your data:

  • Encryption at rest: AES-256-GCM encryption for sensitive data.
  • Encryption in transit: TLS for all data transmitted between your browser and our servers.
  • Password hashing: bcrypt with 12 rounds of salting.
  • Session security: HTTP-only cookies with JWT tokens that expire after 7 days.
  • Rate limiting: protection against brute-force and abuse.
  • Security headers: HSTS, X-Frame-Options, Content Security Policy (CSP), and X-Content-Type-Options (nosniff).

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate or incomplete data.
  • Deletion: request deletion of your personal data.
  • Portability: request your data in a structured, machine-readable format.
  • Object: object to processing of your data based on legitimate interest.
  • Restrict Processing: request that we limit how we process your data.
  • Withdraw Consent: withdraw consent for any processing based on consent at any time.
  • Human Review: request human review of any automated decision that significantly affects you.
  • Do Not Track: we honor Do Not Track browser signals.

To exercise any of these rights, contact us at privacy@trykinkeep.com.

11. CCPA Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to Know: request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: request deletion of your personal information.
  • Right to Opt-Out: opt out of the sale of your personal information. We do not sell your personal information.
  • Right to Non-Discrimination: we will not discriminate against you for exercising any of your CCPA rights.

Categories of personal information we collect:

  • Identifiers (name, email, IP address)
  • Financial information (bank metadata, transaction history)
  • Health information (medications, symptoms, emergency profile data)
  • Internet and device information (user agent, activity logs)
  • Geolocation data (state-level only)

Categories sold: NONE. We do not sell any personal information.

Categories disclosed to sub-processors: Identifiers and service data are disclosed to sub-processors solely for the purpose of providing the KinKeep service.

12. State Health Privacy Laws

KinKeep complies with applicable state health privacy laws, including:

  • Washington My Health My Data Act (MHMDA): consent-based processing of health data with 30-day deletion response time.
  • Connecticut: consent-based processing of health data with 30-day deletion response time.
  • Nevada: consent-based processing of health data with 30-day deletion response time.
  • Colorado: consent-based processing of health data with 30-day deletion response time.

13. Cross-Border Transfers

All KinKeep data is processed and stored within the United States. All of our sub-processors are US-based. For users in the European Union or European Economic Area, data transfers to the United States are conducted under Standard Contractual Clauses (SCCs) as approved by the European Commission.

14. Children's Privacy

KinKeep is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe that we have inadvertently collected information from a child under 13, please contact us at privacy@trykinkeep.com.

15. Automated Decision-Making

KinKeep uses automated processing to provide certain features, including:

  • Drug interaction detection: automated analysis of medication combinations for potential interactions.
  • Fraud and scam analysis: automated scanning of financial transactions and communications for signs of fraud.
  • Inactivity alerts: automated monitoring for unusual patterns of inactivity that may indicate a concern.
  • Health scoring: automated scoring based on self-reported health data.

These automated processes are not legally binding and do not produce legal effects. They are designed to assist caregivers and are informational only. You have the right to request human review of any automated decision by contacting us at privacy@trykinkeep.com.

16. Breach Notification

In the event of a data breach that affects your personal information, KinKeep will notify affected users within 72 hours of becoming aware of the breach. Notification will be provided via email and in-app alert and will include:

  • The nature of the breach.
  • The categories of data affected.
  • The measures taken to address the breach.
  • Recommendations for steps you can take to protect yourself.

We will also notify relevant authorities as required by applicable law.

17. Changes to This Policy

Material changes:For material changes to this Privacy Policy, we will provide at least 30 days' advance notice via email and may require re-consent before the changes take effect.

Non-material changes:Non-material changes (such as clarifications or corrections) will become effective upon posting to this page with an updated "Last updated" date.

18. Contact

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@trykinkeep.com.