Privacy Policy

1. Who we are

Kindiro is operated by Tatooine Technology Ltd, limited company in the United Kingdom, acting as data controller. Contact: [email protected].

2. What we collect

• Account data from your Google account: email address, display name, and (optionally) avatar image URL. We use Google Sign-In via Supabase Auth; we don't store your Google password and never see it.
• Trip content you enter: trip names, dates, destinations, members' display names, expenses, payments, schedule items, and any hero images you upload.
• Session cookies: two short-lived cookies that keep you signed in. Strictly necessary — the app doesn't work without them. Not used for tracking.
• Server logs: request metadata (timestamp, path, status code) and error traces, held briefly for operational troubleshooting.

We don't use cookies for analytics, advertising, or third-party tracking. There are no third-party trackers on any Kindiro page.

3. Why we collect it

To sign you in and to run the product you signed up for: showing your trips, letting your friends join them, computing who owes whom. That's the only purpose.

Legal basis under UK-GDPR: performance of a contract with you (article 6(1)(b)) — we need the data to provide the service you've asked for.

4. Where it lives

Your data sits on managed infrastructure in the European Union:

• Supabase (EU region) — database and authentication.
• Render (Frankfurt) — application servers and managed Redis cache.
• Cloudflare — DNS, CDN edge for static assets and uploaded images. Cloudflare may route your request through a point of presence outside the EU for performance; the data it handles in transit is encrypted end-to-end.
• Resend (via Supabase SMTP relay) — outbound transactional email (sign-in links). Stores the minimum needed to deliver mail.
• Open-Meteo — used for the weather forecast on trip pages. We send only the trip's destination coordinates and date range; no personal data.
• Google — we use Google Sign-In. Google sees that you authenticated to Kindiro and returns your email + basic profile; we don't send anything else.
• Sentry (EU region) — error tracking and performance traces. When the app crashes or a request fails, Sentry receives the stack trace, request path, and an anonymised user identifier (your trip-member id, never your email or auth token). We use this to debug bugs and slow paths; events expire on a rolling 90-day window.

Each of these is a sub-processor under standard data-protection terms. If this list changes, we'll update this page.

5. Who can see your data

The members of a trip can see that trip's content (that's the whole point). Nobody else gets access to your trips, expenses, or payments.

We don't sell your data. We don't share it with advertisers or brokers. We only disclose it if legally compelled to (e.g. by a court order), and we'll push back on overreaching requests where we reasonably can.

6. How long we keep it

We hold your data for as long as your account is active. If you ask us to delete your account, we delete your profile and the trips you own within 30 days. Trips where you were a member but not the creator will have your membership removed but won't be deleted — they belong to the trip creator.

Server logs and encrypted database backups may persist for up to 30 days beyond that for operational reasons (debugging, disaster recovery). They're not queried for any other purpose.

7. Your rights

Under UK-GDPR you have the right to access, correct, delete, or export your personal data, and to object to or restrict our processing of it. Email [email protected] with any of these requests — we'll respond within 30 days.

If you're unhappy with how we handle your data, you can complain to the UK Information Commissioner's Office at ico.org.uk.

8. Changes

We'll update this policy when the app or its sub-processors change. The "Last updated" date at the top of the page always reflects the current version. For material changes we'll do our best to email signed-in users in advance.