Effective date: June 3, 2026
This policy applies to the Kindred web application (kindred.app) and Android app distributed on Google Play.
Kindred ("we", "us", "our") is a personal journaling app that helps you privately record memories, emotions, and moments involving the people in your life. The app is operated by Shah Muhammad Jannatul Hasan. Questions may be sent to shahmdjhm@gmail.com.
We collect only what is necessary to provide the service.
| Category | Examples | Purpose |
|---|---|---|
| Account data | Name, email address, password (hashed by Supabase Auth) | Create and secure your account |
| Profile data | Display name | Personalise your experience |
| Journal content | Entries, people records, tags, emotional tone labels, share links | Core product functionality |
| Device & usage data | IP address, browser / OS type, timestamps of authentication events | Security, fraud prevention, abuse detection |
| Crash & error data | Stack traces, error messages (no entry content included) | Diagnose bugs and improve reliability |
We do not collect precise location, contacts, photos, microphone input, call logs, financial information, or any Android system permission beyond what the app explicitly requests. We do not use advertising SDKs or analytics platforms.
We do not sell your data. We do not use your journal content to train AI models, build advertising profiles, or share with third parties for their own purposes.
Where the GDPR applies, we rely on the following bases:
We share your data only with the vendors needed to run Kindred:
| Sub-processor | Role | Data shared | Location |
|---|---|---|---|
| Supabase Inc. | Database, auth, storage | All user and journal data | USA (AWS us-east-1) |
| Cloudflare Inc. | Edge CDN, Workers | Request metadata (IP, headers); no journal content | Global edge network |
No other third parties receive your personal data. We do not use Google Analytics, Meta Pixel, Firebase, or any advertising network.
You may generate a shareable link for a specific person's entries. Anyone with the link can view the shared content. Links can be disabled, password-protected, set to expire, and deleted at any time from Settings → Shared links. Disabling or deleting a link immediately revokes access.
Your data is retained for as long as your account is active. When you delete your account (Settings → Delete all data), we remove your entries, people, tags, and share links immediately. Your Supabase Auth record is deleted within 30 days. Anonymised crash logs may be retained for up to 90 days for debugging purposes.
All data in transit is encrypted with TLS 1.2+. Data at rest is encrypted by Supabase (AES-256). Passwords are never stored in plaintext — Supabase Auth uses bcrypt. We apply row-level security (RLS) policies so database queries are scoped to the authenticated user. Access to production infrastructure is limited to the maintainer.
You have the following rights over your data:
To exercise any right not reachable through the app, email shahmdjhm@gmail.com. We will respond within 30 days. EEA/UK users have the right to lodge a complaint with their local supervisory authority.
Kindred is not directed at children under 13 (or under 16 where required by local law). We do not knowingly collect personal data from minors. If you believe a child has provided us data, contact us and we will delete it promptly.
The web app uses a single session cookie set by Supabase Auth to keep you logged in. No third-party tracking cookies are used. The Android app stores your session token in secure device storage — no cookies, no advertising IDs, no IDFA/GAID accessed or transmitted.
The following reflects what is disclosed in the Google Play Data Safety section:
| Data type | Collected? | Shared? | Encrypted in transit? | Can be deleted? |
|---|---|---|---|---|
| Name | Yes | No | Yes | Yes — via Settings |
| Email address | Yes | No | Yes | Yes — via Settings |
| User-generated content (journal entries) | Yes | No | Yes | Yes — via Settings |
| App interactions (auth events) | Yes | No | Yes | After 90 days automatically |
| Crash logs | Yes (anonymised) | No | Yes | After 90 days automatically |
No data is used for advertising or shared with third parties for their own purposes. Data collection is required for core app functionality (authentication and storage).
Your data is stored on Supabase infrastructure in the United States. If you are located in the EEA, UK, or elsewhere, your data is transferred to the US. We rely on Supabase's Standard Contractual Clauses (SCCs) for transfers from the EEA/UK.
Material changes will be communicated via email to your registered address at least 14 days before the change takes effect. The "Effective date" at the top of this page will be updated. Continued use of Kindred after the effective date constitutes acceptance of the revised policy.
Shah Muhammad Jannatul Hasan
Email: shahmdjhm@gmail.com