Privacy Policy

Kind Care ("we", "us", "our") is a service operated from Portugal. We are the data controller for personal data processed through the Kind Care service (akind.care and the Kind Care app).

Questions, complaints, or data requests: contact@akind.care.

Legal identity: Kind Care, NIF [NIF_TBD], Portugal.

This policy covers the Kind Care website, the Kind Care progressive web app, and any backend services we run to support them. It does not cover third-party services you reach via links (for example Stripe's payment pages or an external GP portal).

3.1 Account data

Email address, name, a hashed password (if you don't sign in with Google), and the organisational role you pick when you sign up.

3.2 Patient and care data

Kind Care is local-first. Information you enter about a patient — name, care plan, medications, visit notes, observations, concern flags, fluid intakes — is stored on your device in an encrypted browser database. A subset is synced to our server so it's available on your other devices and to carers you share with.

3.3 Health-related data (GDPR Article 9)

Some information we process is special-category health data: medications, observed wellbeing, fluid tracking, concerns. We only process it to provide the coordination service to you, with your explicit consent and on the basis that it is manifestly necessary for the direct care of the patient you are coordinating for.

3.4 Payment data

If you subscribe to a paid plan, payment is processed by Stripe. We never see or store your card number. We store your Stripe customer ID, subscription status, and billing period.

3.5 Technical data

IP address (for rate limiting and abuse prevention), browser/OS information, error reports (via our self-hosted Bugsink instance, request bodies are stripped before submission), and anonymous page-view analytics (via our self-hosted Umami instance — no cookies, no cross-site tracking).

• Contract (GDPR Article 6(1)(b)) — to deliver the service you signed up for.
• Explicit consent (Article 9(2)(a)) — for the processing of health data.
• Legitimate interests (Article 6(1)(f)) — for fraud prevention, security, and improving the service using anonymous analytics.
• Legal obligation (Article 6(1)(c)) — to keep financial records, respond to lawful requests, and honour data-subject rights.

Server-side data is hosted in the European Union (Germany). Local-first data lives on your device and is not transmitted to us unless you choose to sync.

We share data only with processors we need to run the service:

• Hetzner Online GmbH (Germany) — cloud hosting for the API, database, and backups.
• Stripe — payment processing. Processes your payment details directly.
• MxRoute — transactional email (account verification, password reset).
• Cloudflare — content delivery and static hosting for the marketing site and PWA.
• Bugsink (self-hosted) — error tracking.
• Umami (self-hosted) — anonymous usage analytics.

Carers you grant access to through a share link receive access to the subset of data you authorise. We never grant platform-wide access to a carer; access is always owner-controlled and revocable.

We do not sell your data, share it for advertising, or let third parties process it for their own purposes.

• Account data — while your account is active, plus 30 days after deletion for operational reasons (then purged).
• Care data on our server — same as above; your device retains a local copy until you clear it.
• Billing records — retained for the period required by applicable tax and accounting law (typically 7 years).
• Error reports — 90 days.
• Analytics — aggregate only, no personal identifiers retained.

Under the EU General Data Protection Regulation (and equivalent national laws), you have the right to:

• Access a copy of your data (right to access).
• Correct inaccuracies (right to rectification).
• Delete your data (right to erasure).
• Export your data in a portable format (right to portability).
• Restrict or object to specific processing.
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with the data-protection authority in your EU member state of residence, work, or where the alleged infringement occurred.

Email contact@akind.care from the address on your account. We aim to respond within 30 days. For account deletion, you can also use the Delete account option in Settings — your data is removed within 30 days.

Our primary processing happens in the EU (Germany). The following sub-processors are based outside the EU/EEA and may transfer personal data internationally:

• Stripe, Inc. (United States) — payment processing.
• Cloudflare, Inc. (United States) — content delivery and static hosting.
• MxRoute (United States) — transactional email.

Transfers to these processors are made under the European Commission's Standard Contractual Clauses. For UK residents, the UK International Data Transfer Addendum applies in addition. For Swiss residents, equivalent safeguards under the revised Swiss FADP apply.

Our self-hosted error tracking and analytics services run on EU infrastructure and do not transfer data outside the EU. To request copies of the transfer mechanisms in place, email contact@akind.care.

Kind Care is not intended for use by people under 18 creating their own account. Information about minor patients (for example a parent coordinating a child's care) is processed on behalf of the adult account holder responsible for that coordination.

The Kind Care app does not set authentication cookies for end users. Your access token is held in memory only, and your refresh token is stored on your device in your browser's IndexedDB. We use a small amount of localStorage for non-identifying preferences such as your theme (light/dark) and which audience view you last selected on the landing page — these never leave your browser. The administration panel (used only by Kind Care staff) uses a strict same-site session cookie.

We use no advertising cookies, no cross-site trackers, no fingerprinting.

Our analytics provider (Umami, self-hosted) does not set cookies and does not collect personal data — no consent banner is required under the ePrivacy Directive.

All traffic is encrypted with TLS. Passwords are salted and hashed with Identity's default algorithm. Server logs never contain request bodies (to prevent health-data leakage). Carer access is scoped per patient, per token, and owner-revocable.

No system is perfectly secure; if we become aware of a breach affecting your data, we will notify you within 72 hours as required by GDPR Article 33.

If we change this policy materially, we'll notify signed-in users by email and post a notice on the website at least 14 days before the change takes effect.

Questions or complaints: contact@akind.care.

Unsatisfied with our response? You can lodge a complaint with the data-protection authority in your EU member state of residence, work, or where the alleged infringement occurred. A directory of authorities is published by the European Data Protection Board at edpb.europa.eu.