Effective date: June 9, 2026
Short version: KinMate is a personal record manager. Your documents stay on your device by default. We never read them.
KinMate is a Personal Record Manager and Family Information Organizer. It helps you and your family keep health documents, care reminders, and personal records organized in one private place. KinMate is NOT a medical service, telehealth platform, diagnostic tool, treatment provider, or insurance product. It does not perform medical monitoring of any kind.
Health documents (PDFs and images), text extracted from them, AI-generated explanations, and personal records you enter (such as care reminders, medication names, or condition labels) are stored locally in your device's secure storage. None of this content is uploaded to KinMate's servers.
To provide sign-in, family sharing, reminders, subscription, and cross-device sync we keep the following in your account: your email and sign-in method; profiles you create (yourself, dependents, pets); family group and care-coordination relationships; invite codes; subscription status; referral events; device identifiers used to prevent abuse. If you turn on cross-device sync or family sharing, structured fields you choose to share (such as document titles, dates, types, and AI summary text) are stored in your account to make those features work. Original document files are never uploaded to KinMate servers.
If you enable cloud backup, your local vault is encrypted on your device with AES-256-GCM using a key only you hold, then uploaded to a folder inside your own iCloud Drive, Google Drive, or OneDrive. KinMate never receives the file contents, the cloud OAuth token, or the decryption key.
When you tap 'AI explanation' on a document, the relevant text or image is sent through our secure proxy to a third-party large-language-model provider (currently Azure OpenAI) solely to generate the explanation. We do not use your data to train models, and we do not retain the prompt or output on our servers. The resulting summary is stored only on your device. AI explanations are for personal understanding only — they are not medical advice.
We use a small set of providers to deliver KinMate: Supabase (account, authentication, structured cloud sync), Apple App Store and Google Play (subscription billing), Azure OpenAI (AI explanations via our proxy, retention-free), Firebase Cloud Messaging (Android push notifications, tokens only), and OAuth providers you choose for BYOC (Google, Microsoft, Apple iCloud). We do not embed any third-party advertising SDK, behavioral analytics SDK, or crash-reporting SDK.
We send sign-in and account-verification codes to your email through an email delivery provider. We do not use your email for marketing without your separate opt-in.
Paid subscriptions are processed by Apple App Store or Google Play according to their terms. We never see or store full payment-card details.
We do not run third-party advertising SDKs. We do not sell, rent, or share your personal data with data brokers. KinMate is funded by subscriptions only.
You can delete your account from inside the app (Settings → Delete account). On confirmation we permanently disable the account, rename the email so the original address is released back to you, and mark every server-side row tied to your user id as deleted. Local data is removed when you uninstall the app or use Settings → Clear local data. Data you previously backed up to your own cloud drive stays under your control — manage or delete it from your cloud provider directly.
Depending on where you live (for example GDPR in the European Union and United Kingdom, CCPA in California, or PIPL in mainland China), you may have the right to access, correct, export, or delete your personal data, and to object to certain processing. Email kinmate@elolin.com from the address linked to your account and we will respond within a reasonable time.
Our backend providers may process data in countries other than yours. Where required by law, we rely on appropriate safeguards for such transfers, including standard contractual clauses.
KinMate is not directed to children under 13 (or the minimum age in your country) and we do not knowingly collect their data. An adult may manage a dependent profile on behalf of a child as part of family care coordination; the adult is responsible for that content.
Data in transit is protected with TLS. Cloud backups in BYOC are encrypted with AES-256-GCM using a key that only you hold. Account data is protected by row-level security so you can only access your own records.
We may update this policy. Material changes will be reflected by the effective date above and, where appropriate, surfaced in the app.
Privacy questions, data subject requests, or data deletion: kinmate@elolin.com.
