Skip to main content

Privacy Policy

Effective date: February 24, 2026

Introduction

Kinfile (“we,” “us,” or “our”) operates the Kinfile platform at kinfile.com. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our service.

By creating an account or using Kinfile, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Information you provide

  • Account information: Your name, email address, and password when you create an account.
  • Vault data: Documents, credentials, contacts, instructions, and other information you store in your vault.
  • File uploads: Documents and files you attach to vault items.
  • Payment information: Billing details processed securely through Stripe. We do not store your full credit card number.
  • Contact information: Names, email addresses, and phone numbers of trusted contacts and professional advisors you add.

Information collected automatically

  • Device information: A hash of your user-agent and browser language for login security alerts. We do not use browser fingerprinting for tracking.
  • Usage analytics: Page views and general usage patterns collected via PostHog, which is cookieless in our configuration and does not track individual users across sites.
  • Audit logs: Records of actions you take within your account (e.g., creating vault items, sharing access) for security and accountability purposes.

How We Use Your Information

  • To provide, maintain, and improve the Kinfile service.
  • To process your subscription and manage billing through Stripe.
  • To send transactional emails (account verification, emergency access notifications, new device alerts, subscription updates).
  • To detect and prevent unauthorized access, fraud, and security threats.
  • To validate uploaded file types and content for security.
  • To check passwords against known data breaches using the HaveIBeenPwned API (using k-anonymity — your full password is never transmitted).
  • To enforce our Terms of Service and comply with legal obligations.

Data Storage & Encryption

Your data is stored on infrastructure provided by Supabase, which uses SOC 2-compliant hosting with encryption at rest and in transit.

  • Vault credentials are encrypted with AES-256-GCM using a unique key derived for each user. Your credentials are only decrypted on our servers when you request them and are never sent to the client in plaintext form that could be intercepted.
  • File uploads are stored in Supabase Storage with server-side encryption and access controlled by Row Level Security policies.
  • Passwords are hashed by Supabase Auth using bcrypt. We never store or have access to your plaintext password.

Data Sharing

We do not sell your personal information. We share data only in these limited circumstances:

  • Emergency access: When a trusted contact you designated requests emergency access and the request is approved (by you or automatically after your configured wait period), they gain access to the vault data you have shared with them.
  • Household sharing: If you join or create a shared household vault, other members can see items according to the permission scope set by the vault owner.
  • Granular sharing: When you explicitly share specific items or categories with trusted contacts or professional advisors.
  • Service providers: We use Stripe (payments), Resend (email delivery), Supabase (database and storage), Upstash (rate limiting), and Anthropic (AI onboarding). Each provider receives only the minimum data necessary to perform their function.
  • Legal requirements: We may disclose information if required by law, subpoena, or court order.

Data Retention

  • Your vault data is retained as long as your account is active and your subscription is current.
  • If your subscription lapses, a 21-day grace period begins. During this period your data is preserved but access becomes read-only after day 21 (quarantine).
  • After quarantine, your data is retained for an additional 90 days to allow you to resubscribe and recover your vault.
  • If you delete your account, we will delete your vault data, files, and personal information within 30 days, except where retention is required by law.
  • Audit logs may be retained for up to 12 months for security purposes.

Your Rights

You have the right to:

  • Access your personal data. You can view all data stored in your vault at any time.
  • Export your data. You can download a complete copy of your vault data at any time.
  • Correct inaccurate information by editing your vault items or account settings.
  • Delete your account and all associated data by contacting us at support@kinfile.com.
  • Withdraw consent to data processing where applicable, by closing your account.

If you are located in the European Economic Area, you may also have rights under the GDPR, including the right to lodge a complaint with a supervisory authority. If you are a California resident, you may have additional rights under the CCPA.

Cookies & Tracking

Kinfile uses only essential cookies required for authentication and session management. We do not use advertising cookies or third-party tracking cookies.

Our analytics provider, PostHog, is configured in cookieless mode and does not track users across sites.

Children's Privacy

Kinfile is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on our website before the changes take effect. Your continued use of Kinfile after the effective date constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at support@kinfile.com.