Privacy Policy

Last updated: May 22, 2026

This Privacy Policy describes how Kin App (“Kin,” “we,” “us”) collects, uses, shares, and protects information about you when you use the Kin mobile application and related services (collectively, the “Service”). By using the Service, you consent to the practices described below.

1. Information We Collect

1.1 Information you provide

Account & profile. Email address, username, display name, password (stored hashed by our authentication provider), optional profile photo, bio, date of birth (used for age verification when enabling Encounters), and account preferences.
Posts, hangouts, and events. Text content, optional category, place names and geographic coordinates you attach, scheduled start/end times, recurrence settings, and any media URLs (photos, GIFs, or images) you include. When you scope a hangout to a group, the identifier of the group conversation it targets.
Messages. Text messages, image attachments, voice messages (audio file plus duration), GIF references, and reply metadata in one-to-one and group conversations.
Encounters preferences. When you enable Encounters (the optional 20+ matching feature), your gender, who you wish to be shown to, what you are looking for (friendship / dating / both), interests, distance and age range, and a short Encounters-specific bio. Date of birth is collected to verify you are 20 or older.
User reports. If you report another user or piece of content, we store the report (reason, optional description, and a reference to the reported item).
Translation suggestions. If you are an authorised admin and you submit a translation suggestion through the in-app editor, we store the proposed text, the language, and your account id.

1.2 Information collected automatically

Location. When you grant foreground location permission, we collect your device's current latitude/longitude to centre the map, show nearby posts and events, and optionally let friends see your live location.
Presence. Short-lived signals (active / inactive, last-seen timestamp) so contacts can see when you are online, subject to your settings.
Push notification tokens. A device-specific token issued by Apple or Google when you opt into notifications. Cleared on logout.
Device and technical data. App version, OS, device model, language, and timestamps; used for crash reporting, abuse detection, and service reliability.
Server logs. Standard request/response logs (IP address, timestamp, endpoint) retained for up to 90 days for security and debugging.

1.3 Information we do not collect

We do not upload the contents of your device address book even if you enable the optional “Find Friends” toggle — only a preference flag is stored. If we later change this, we will update this policy first and require fresh consent.
We do not perform background location tracking. Location is captured only while the app is active in the foreground.
We do not sell your personal information.

2. How We Use Information

We use the information we collect to:

Operate, maintain, and improve the Service, including the map, feed, chat, events, hangouts, and Encounters features.
Verify your age before enabling Encounters and enforce the 18+ requirement for that feature.
Enforce community guidelines, detect spam and abuse, run automated content moderation (keyword filters that block prohibited submissions and flag borderline ones for human review), and respond to user reports.
Send transactional and feature notifications (e.g., new messages, joins, nearby hangouts) using your push token, subject to your notification settings.
Localise the interface and apply admin-approved translation overrides.
Diagnose, debug, and prevent abuse of the Service, and protect the rights, property, and safety of Kin, our users, and others.
Comply with legal obligations and respond to lawful requests from public authorities.

We do not use your information for behavioural advertising or sell it to data brokers.

3. How We Share Information

3.1 With other users

Your username, display name, profile photo, bio, and any content you post are visible to other users according to the privacy setting you choose for each post (public, friends-only, group, or private).
Your approximate or exact location is shared with other users only as governed by your location privacy mode and friend-sharing preferences.
Messages you send are visible to the participants of the conversation.

3.2 With service providers (sub-processors)

We rely on the following service providers to operate the Service. Each is bound by contractual confidentiality and data-protection obligations.

Supabase — database hosting, authentication, file storage, and realtime infrastructure.
Cloudflare Pages — hosts this marketing site and serves static assets.
Mapbox — renders the map tiles, geocoding, and address search. Mapbox may receive your IP address and approximate location at the time tiles are requested.
GIPHY — serves GIFs when you use the GIF picker. GIPHY may receive your IP address and the search term you type.
Apple Push Notification service and Firebase Cloud Messaging — deliver push notifications to your device.
Expo (EAS) — over-the-air JavaScript updates and crash reporting.
Apple Sign In, Google Sign In — optional single sign-on. We receive only the basic profile attributes you authorise.

3.3 For legal reasons

We may disclose information if we believe in good faith that disclosure is necessary to (a) comply with applicable law, regulation, subpoena, or court order; (b) protect the rights, property, or safety of Kin, our users, or others; or (c) investigate suspected fraud or violations of these Terms.

4. Location Data

Location is central to Kin's experience, but it is designed to be foreground-only and privacy-aware.

Foreground only. Kin requests foreground location access and only uses location while the app is active.
Privacy modes.
- Exact — precise coordinates.
- Approximate — jittered within a ~500 m radius.
- Off — no location updates sent.
Storage. Live location and presence expire automatically after about 5 minutes if not refreshed. A single most-recent location record per user is retained in the database and overwritten with each update — there is no historical trail.
Sharing. Live location is shared with friends only when you have explicitly enabled sharing and the relationship is accepted on both sides.

5. Camera, Photos & Microphone

The app requests camera, photo library, and microphone permission only when you actively use a feature that requires it (taking a profile photo, attaching media, or recording a voice message).
If you deny permission, the relevant feature is disabled but the rest of the app continues to work.
We do not record audio or capture images in the background, and we do not scan your camera roll outside of files you explicitly select.

6. Push Notifications

When you opt in, we store your push token and use it to deliver notifications about new messages, hangouts, friend requests, encounter matches, and similar events.
We never include sensitive information in the visible body of a push notification.
If you log out or revoke notification permission, your push token is cleared.

7. Encounters (20+ Feature)

Encounters is an optional matching feature available only to users aged 20 or older. We use the date of birth you provide to verify age before enabling the feature.
Your Encounters preferences (gender, show-me, looking-for, interests, age range, distance) are used to surface a small number of curated matches each day.
You can disable Encounters at any time from Settings; doing so stops new matches but does not retroactively delete conversations you have already started with prior matches.

8. Content Moderation & Messages

Posts and events pass through an automated keyword filter on submission. Content that matches a hard-block term is rejected and recorded as a blocked attempt. Content that matches a softer term is published but flagged for admin review.
Other users can report posts, events, profiles, or specific conversations; admins review the report and may remove content, warn the user, or suspend accounts that violate our Community Guidelines (see the Terms of Service).
Messages are private to the participants. Your one-to-one and group conversations are stored encrypted at rest by our infrastructure provider and are not read by Kin staff during normal operation. Kin staff can only review a section of a conversation when both of the following are true: (i) a participant has filed a report on that conversation, and (ii) that same participant has explicitly authorised review of the reported window for a limited time. Outside of an authorised report window, our administrative tooling does not return message content for any conversation — this is enforced in the database by row-level security and a single audited review endpoint.
Push notification servers (Apple, Google) and our database provider may handle message data as required to deliver the Service; these providers operate under contractual confidentiality and data-protection obligations.

9. Data Retention

Ephemeral data (live location, presence) — ~5 minute TTL, then auto-deleted.
Profile and settings — retained until account deletion.
Posts, hangouts, events — automatically deleted 14 days after they are created. You can delete them sooner manually. Recurring series are exempt from this auto-deletion: the parent series and its currently-active instance remain until you remove the series or set an end date on the recurrence.
Chat messages — retained for the lifetime of the conversation. When a user deletes their account, the content of every message that user has sent — in every conversation, including group chats and direct messages — is replaced with an “Account deleted” placeholder. Any attached media URLs and the original author identifier are cleared at the same time. Other participants will see the placeholder in place of the original text. This happens before the user record itself is removed.
Encounter matches and conversations — retained for the lifetime of the conversation; expired matches that no decision was made on are automatically pruned.
Reports and blocked-attempt logs — retained for up to 24 months to support pattern detection and abuse response.
Server logs — up to 90 days, then automatically purged.

10. Your Rights and Choices

You may exercise the following choices at any time:

Access & correction. Most profile and preference data is editable from Settings or your profile screen. For other access requests, contact us at [email protected].
Deletion. Use the in-app “Delete Account” flow in Settings. We will delete your account, profile, posts, events, and media within 30 days, subject to retention required by law or for fraud-prevention purposes. Some content delivered to other users (e.g., messages already in their inbox) may persist in those users' histories.
Portability. You may request a machine-readable copy of the personal information you have provided directly to Kin by writing to [email protected].
Withdraw consent. Disable location, notifications, contacts, or Encounters at any time from Settings or your device's system settings.
Object / restrict processing. Where applicable law (e.g., GDPR) gives you these rights, contact us at [email protected] and we will respond within 30 days.

Region-specific notes

EEA / UK residents. The lawful bases on which we process personal data are: performance of the contract you enter into when you sign up (Art. 6(1)(b) GDPR); our legitimate interests in operating, securing, and improving the Service (Art. 6(1)(f)); compliance with legal obligations (Art. 6(1)(c)); and your consent for optional features such as Encounters, location, or notifications (Art. 6(1)(a)). You may lodge a complaint with your local supervisory authority.
California residents. Under the CCPA/CPRA you have rights to know, delete, and correct personal information, and to opt out of any sale or sharing for cross-context behavioural advertising. We do not sell or share your information for such advertising. To exercise your rights, email [email protected].

11. Children

Kin requires users to be at least 18 years old. We collect a date of birth at signup and reject accounts that do not meet the minimum age. Kin is not directed at children, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has created an account or provided us with personal information, please contact [email protected] and we will delete the account and any associated data promptly. The optional Encounters feature is further restricted to users 20 or older.

12. International Data Transfers

Our service providers operate in multiple countries, including the United States and the European Union. Where required, we rely on appropriate transfer safeguards such as the European Commission's Standard Contractual Clauses for transfers outside the EEA.

13. Security

We use industry-standard safeguards including transport encryption (TLS), encryption at rest in our database and storage provider, role-based access controls, and row-level security policies that restrict what each user can read or modify. No system is perfectly secure; if you suspect your account has been compromised, please contact [email protected].

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you in the app or by email. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

15. Contact Us

If you have questions about this Privacy Policy or how Kin handles your data, please reach out:

Privacy: [email protected]
Security: [email protected]
Website: https://get-kin.app