Privacy Policy
Kintity is built on data minimization. We begin by telling you what we cannot collect—before explaining what little we must.
Information We Cannot Collect
We start with what we do not know—because this is the foundation of the trust you place in us.
All files, documents, text notes, and instructions stored inside your Vault are encrypted on your device before they ever reach our servers.
Kintity, its employees, and its infrastructure providers are architecturally incapable of reading, decrypting, or scanning the contents of any Vault at rest. We store only mathematically scrambled ciphertext. The decryption keys are yours alone and never leave your device.
One opt-in exception: the optional Smart Import feature can transmit document content to an external AI provider for field extraction before that content is encrypted into your Vault. Smart Import is off by default, requires per-use consent, and is documented in detail in Section 5 below.
Information We Do Collect
Kintity collects only the minimum metadata required to securely operate the platform.
Identity Data
Your email address and phone number, used exclusively for one-time password authentication and account recovery. We do not collect government ID numbers, names, or dates of birth unless you choose to store them in your encrypted Vault.
Billing Data
Subscription and payment data is handled entirely by a certified third-party payment processor. Kintity does not store, log, or have access to your full card numbers, bank account details, or billing address beyond what is needed to manage your subscription status.
Technical Metadata
IP addresses at login, device type, timestamps of vault access events (required to operate inactivity-based continuity triggers), and the file sizes of encrypted payloads. This data is used solely for security, audit, and platform operation.
Beneficiary Data
The email addresses and phone numbers you designate for your beneficiaries. This data is required to deliver time-locked or event-triggered access when your protocol is activated.
How We Use the Information
Each data point has exactly one purpose. We do not use your data for advertising, profiling, or resale.
To authenticate your identity via one-time verification codes.
To monitor proof-of-life and inactivity triggers as defined by your continuity protocol.
To process subscription payments and detect fraudulent activity.
To dispatch automated system notifications, access links, and recovery communications.
To maintain an immutable audit log of vault access events for your security records.
Third-Party Service Providers
We do not sell data to data brokers, advertisers, or any third party. To operate the platform, we engage the following categories of service providers. Each receives only the specific data needed to perform its function.
For example, our phone verification provider receives only your phone number to deliver a one-time code—it receives no email address, profile data, or vault metadata.
Cloud infrastructure
Encrypted ciphertext storage and regional redundancy.
Email delivery
Transactional notifications and one-time code delivery to verified addresses.
Phone verification
One-time code delivery for mobile number authentication.
Payment processing
Subscription billing and fraud prevention.
AI extraction (opt-in only)
When you opt into Smart Import Tier 2 / Tier 3, document content is sent to one of: Google (Gemini), DeepSeek, or Anthropic (Claude). See Section 5 for the full disclosure.
AI-Assisted Document Extraction (Smart Import)
Kintity offers an optional Smart Import feature that uses machine-learning models to extract structured fields (account numbers, expiry dates, party names, and similar metadata) from documents you upload, so you don't have to type them in by hand. Smart Import is opt-in: it runs only when you explicitly choose a tier that uses an external AI provider, and you must check a consent box before any data is sent.
Important — Read Before Using Smart Import
When you select a tier that uses an external AI processor, the contents of the documents you upload are sent to that provider for extraction. This is the only path on the platform where unencrypted document content leaves your device en route to a third party. Standard manual vault entry, file uploads, and all other surfaces remain end-to-end encrypted and zero-knowledge.
Tier 1 — Local extraction (no third party)
Runs entirely in your browser via on-device parsing (e.g. PDF.js text extraction) plus a Cloudflare Workers AI model that runs inside our own infrastructure boundary. No third-party AI provider is involved. This is the default for free accounts.
Tier 2 / Tier 3 — External AI processor
When you opt in, the document text or content is transmitted to one of the following processors, depending on the active configuration: Google (Gemini), DeepSeek, or Anthropic (Claude). The provider performs field extraction and returns the structured fields, which are then encrypted on your device before being saved into your vault. Once extracted, the resulting fields and the original file in your vault are protected by the same E2EE that applies to every other vault entry.
Data minimization
Where the document type allows it (e.g. PDFs), we extract text on your device first and send only the extracted text to the AI processor — not the raw file bytes. For images and scans, the image is transmitted because the model needs visual context.
Retention by AI processors
Kintity does not log the document content sent for extraction. Each AI processor has its own data-retention policy, which we do not control. Where the provider offers a zero-retention or no-training data-processing addendum, we configure the API to use it. We recommend reviewing the active provider's policy before opting in.
Your control
Smart Import is never invoked silently. The active processor for a given account is shown in the Smart Import UI before you confirm. You can decline the consent prompt and continue using Kintity with manual entry only — no functionality outside Smart Import depends on the AI processors.
Compliance with Legal Orders
If legally compelled by a valid court order or law enforcement request, Kintity will comply by producing the requested account metadata and stored ciphertext.
The Zero-Knowledge Limit
Because of our Zero-Knowledge architecture, we cannot and will not provide decrypted vault contents or encryption keys in response to any legal order—because we do not possess them. We can only produce what we hold: account metadata (email address, phone number, timestamps) and mathematically scrambled ciphertext that is meaningless without the user's private key.
Your Privacy Rights
Kintity respects privacy rights globally, including under the GDPR (European Union), CCPA (California), and the DPDP Act (India).
Right to Access
You may request a summary of all account metadata we hold about you at any time via your account settings.
Right to Correct
You may update your registered email address, phone number, or billing information directly within your account.
Right to be Forgotten
Account deletion permanently removes your ciphertext from our storage, your account metadata, and all beneficiary records. Because the ciphertext is encrypted with keys we do not hold, deletion is cryptographically irreversible.
Right to Data Portability
You may export your encrypted vault payloads at any time. Decryption requires your Master Recovery Key, which never left your device.
For privacy requests or questions, contact us at privacy@kintity.com.