Privacy Notice

1. Who are we and what is this Privacy Notice about?

Kin AI ApS (“Kin”, “we”, “us”) is a company offering the app Kin, and owns and operates the site mykin.ai.

We want to provide you with privacy-friendly services and experiences which is why we constantly aim at processing as few personal data as possible. In a perfect world, we would not need to provide you with this Privacy Notice as we would not need to process any of your personal data altogether. However, we are not quite there yet, and Kin is still growing into a truly private product. So for now, we still need some information to provide you with our services and to make sure we can develop Kin in the right direction.

To provide you with Kin and other services, Kin will process certain personal data about you as part of our products and services.

In the Privacy Notice (“Notice”) you will be able to read why and how your personal data is processed, what rights you have as an individual, what legal basis Kin rely on etc. There will be certain references to “GDPR” which we are obligated to provide you with. “GDPR”  stand for the General Data Protection Regulation ((EU) 2016/679) which we are subject to.

2. Who is responsible for your personal data?

Kin AI ApS determines the purpose and the means of the processing of personal data we collect from you which means we are the data controller of your data.

Our contact details:
‍
Kin AI ApS
CVR: 43118420
Sortedam Dossering 55
2100 Copenhagen Ø
Denmark
Email: [email protected]

Kin does not employ a Data Protection Officer. If you have any questions or concerns regarding Kin or other of our services and the use of your personal data, please contact us on the email address above.

3. Your data protection rights

We take your privacy seriously and that also includes your rights.

In relation to the personal data, we process about you, you have the following rights:
‍

• Right of access: you have the right to request access to your personal data and to request information about the processing we carry out.
• Right to rectification: you have the right to have inaccurate personal data rectified and to have incomplete personal data completed.
• Right to erasure: you have the right to request deletion of your personal data.
• Right to restriction of processing: you have the right to obtain restricted processing of your personal data to the effect that such personal data may not be processed other than merely by being stored.
• Right to data portability: you have the right to receive your personal data which you have provided yourself to a controller, in a structured, commonly used and machine-readable format.
• Right to object: you have the right to object at any time to any unlawful processing of your personal data.

Note that restriction may apply to these rights which will depend on how the personal data is processed. If you want to know more, feel free to contact us.

You also have the right to withdraw a consent, e.g., for direct marketing (our newsletter) at any time. Withdrawing a consent does not affect the lawfulness of processing based on consent carried out before the withdrawal.

If you wish to file a complaint with the data protection authorities, you can always file a complaint with the Danish Data Protection Authorithy (Datatilsynet) by visiting www.datatilsynet.dk

4. Why, how and what personal data is processed

We aim to either only process anonymous data about you, or make sure we do not have access to your data at all. Kin ensures only you have access to your data.

Using and interacting with Kin

When you interact with Kin, all data that is generated, e.g., conversations and memories, are stored locally, on your own device. To provide features like personalized conversations and memory extraction, we utilize ML models like LLMs. E.g., in a conversation, user messages and smaller chunks of the Kin user’s memory are sent to an LLM to generate Kin's response.

It is important to emphasise, that KIN DOES NOT have access to this data at all.

Regarding individuals, Kin users, and processing of data, user input and partial data will be processed by Fireworks.ai and/or Cerebras and/or Azure Speech Services and/or Cartesia to provide you with the Kin functionality, such as chatting, transcription, voice mode, etc. Without processing this input, the functionality would not be available. Kin does not have access to any information, and data is sent directly from your device to the service provider.

Interacting with Kin

We at Kin AI ApS are the controller for some personal data to make sure we can provide and develop Kin, and to send a newsletter to you from time to time. See the details of the personal data we control here:

What is a DID?

When you sign up to Kin, we generate a “DID” which is unique identifier for each user. We use is to store certain settings about your user, as well as correlate errors and see if they are happening specifically for one user, or if they happen across all users.

6. Recipients of personal data, transfer outside the EU/EEA and disclosures

Kin AI ApS use certain service providers to provide our services. These providers process personal data on our behalf and under our instructions and are our data processors.In general, we treat all personal data you provide to us as confidential, and we therefore only utilise providers which are necessary for our operation.

Our providers support us with email marketing, user verification, in-app functionality, in-app and web analytics (anonymous), customer service and feedback management and beta test management.

It may be necessary to transfer personal data to countries outside the EU/EEA to provide our services by way of our providers. If this is the case, such data will be transferred in accordance with applicable requirement to third-country transfers and safeguarded by an adequacy decision by the European Commission, the Commissions Standard Contractual Clauses (SCCs) or other applicable transfer mechanisms in accordance with the GDPR. If you want to obtain a list of such third country transfers, please reach out to us.Note that we may also in special circumstances transfer data for the purpose of establishing, making or defending a legal claim.

To the extent it is necessary to disclose or share your personal data to comply with a legal obligation or court directives, to enforce or apply this Notice or other agreements, or to protect our rights or security, we may do so.

7. Account Deletion

As a user of the Kin app, you have the right to delete your account at any time. All your user data is stored client-side on your device. Therefore, when you delete your account, there is no data stored on our servers that needs to be deleted. To request account deletion, please follow these steps:

1. In-App Deletion: Navigate to the 'Settings' section within the Kin app. Here, you will find an option labeled "Delete account." Selecting this option will initiate the process of deleting your account.

2. Email Deletion Request: Alternatively, if you prefer or are unable to delete your account through the app, you can send an email to [email protected]. Please include your Decentralized Identifier (DID) in the email.

Upon receiving your request, we will proceed to delete your account and all associated data. Please note that after initiating the account deletion process, either through the app or via email, it may take up to 30 days to completely remove all your data from our systems. During this period, your account will be deactivated, and your data will not be accessible.

8. Changes to this Notice

We might need to change to Notice from time to time as we grow and develop, and to make sure we continue to minimise our controllership of your personal data. Therefore, we reserve the right to change this Notice when considered necessary. When you access our product and services you will always be presented with the latest version of this Notice.