Privacy Policy

Kinship Family ("we", "us", "the app") is a family health management application. This policy explains how we collect, use, and protect your information when you use the app.

By using Kinship Family you agree to the practices described in this policy. If you do not agree, please discontinue use and contact us to have your account deleted.

Account Information

• Email address (used for authentication)
• Display name (optional)

Family Health Data

• Medical profile for each member: name, date of birth, blood type, medical history
• Prescriptions and medication schedules
• Lab results and medical documents (photos/files you voluntarily upload)
• Conversation history with AI assistant Chip
• Vital measurements you log: blood pressure, blood glucose, weight, heart rate

Technical Data

• Push notification token (to deliver medication reminders)
• Session token (automatically deleted on sign-out)
• Anonymised crash reports via Sentry (no personally identifiable health information included)

Data We Do NOT Collect

• Precise GPS location
• Device contacts or call logs
• Advertising identifiers
• Payment information (the app is free)

• Core features: medication reminders, treatment tracking, family health overview
• Chip AI assistant: personalised responses based on your family's profiles
• Push notifications: timely medication reminders according to your schedule
• App improvement: anonymised error analysis via Sentry (no Protected Health Information)

• Encryption in transit: HTTPS/TLS for all network connections
• Encryption at rest: PostgreSQL with Row Level Security (RLS) — each family can only access their own data
• Authentication: Supabase Auth with JWT tokens; passwords are never stored in plain text
• Infrastructure: Supabase (Singapore region) + Railway — both SOC 2 compliant
• No advertising SDKs: we do not integrate any third-party advertising or tracking libraries

While we apply industry-standard safeguards, no system is completely immune to breaches. In the unlikely event of a security incident affecting your data, we will notify you within 72 hours by email.

We do not sell your data. Data is shared only with the following sub-processors, each bound by strict data processing agreements:

• Supabase Inc. — database storage and authentication (Singapore)
• Google (Gemini API) — AI query processing (maximally anonymised)
• Railway — API server hosting
• Sentry — technical error monitoring (no Protected Health Information)
• Law enforcement / courts — only when required by a valid legal order

We do not share data with advertisers, data brokers, or any party not listed above.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: view all your data within the app at any time
• Rectification: update profiles and medical information within the app
• Erasure: Settings → Account → Delete Account (processed within 30 days, in compliance with Apple App Store Guideline 5.1.1)
• Portability: contact us to receive a copy of your data in a machine-readable format
• Restriction / Objection: contact us at the email below to restrict specific processing

We retain your data for as long as your account is active. After you request account deletion:

• Active data is deleted within 30 days
• Anonymised, aggregated analytics may be retained indefinitely
• Backup copies are purged within 90 days of the deletion request

Kinship Family is rated 4+ on the App Store. The app allows adults to manage medical profiles for children in their family. Children do not create accounts directly — only adults (parents or guardians) register and manage data on their behalf.

We do not knowingly collect personal information directly from children under 13. If you believe a child has provided us with personal information without parental consent, please contact us immediately and we will delete it.

When this policy changes materially, we will notify you by email or in-app notification at least 7 days before the changes take effect. Continued use of the app after that date constitutes acceptance of the updated policy.

The current version of this policy is always available at chiphoc.com/en/privacy.html.