KindPing Logo
KindPing

Privacy Policy

Last Updated: January 2026.

Data Controller: KindPing Ltd (Company Number: 16940659)
ICO Registration Number: 00013289667
Contact Email: support@thekindping.com

1INTRODUCTION

At KindPing Ltd ("KindPing", "we", "us"), we treat your privacy not just as a legal requirement, but as a critical component of your safety. This Privacy Policy outlines how we collect, use, process, and protect your personal data in accordance with the UK Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).

2THE DATA WE COLLECT

We collect two distinct categories of data:

2.1 Identity & Contact Data (Standard Data)

  • Name, Date of Birth, Email Address and Phone Number.
  • Technical Data: IP address, device type, and login data.

2.2 Special Category Data (Article 9 UK GDPR)

This is the "Sensitive Data" required to operate the Service. By using the App, you provide explicit consent for us to process:

  • Emotional State Data: Your daily logs (e.g., "Sad," "Anxious," "Lonely").
  • Behavioural Patterns: Your check-in frequency, missed check-ins, and response times.
  • Health Insights: Historical trends of your emotional well-being (e.g., "Velocity of Decline").
  • Personal Demographics (Religion & Ethnicity): Collected voluntarily to ensure the non-clinical grounding activities, uplifting messages, and support prompts are culturally relevant and can be tailored to align with your faith or personal background.

2.3 Third-Party Data (Trusted Contacts)

We collect the Name and Phone Number of the individuals you designate as "Trusted Contacts."

Important: You warrant that you have obtained the explicit permission of your Trusted Contact to share their details with us for the purpose of Safety Escalation.

3HOW WE USE YOUR DATA (LEGAL BASIS)

We process your data under the following legal bases:

3.1 Performance of Contract

To deliver the core Service: sending check-in prompts, logging your mood, and generating your Insight Reports.

3.2 Explicit Consent (Article 9)

To process your mental health data and to share specific status alerts with your Trusted Contact. You may withdraw this consent at any time by deleting your account, but this will immediately cease the Service.

3.3 Vital Interests

In rare, critical circumstances, we may process your data if we believe it is necessary to protect your life or the life of another person (e.g., cooperating with emergency services during a verified crisis).

4THE "SAFETY ESCALATION" PROTOCOL (DATA SHARING)

We adhere to a strict "Silence Only" sharing policy. We do NOT sell your data- (including health and mood data) to advertisers, insurance companies, or data brokers.

4.1 To Your Trusted Contact

  • Trigger: When you miss the "Safety Threshold" (e.g., 3 missed checkins) or request a Voluntary Escalation.
  • Data Shared: Your Name, the fact that you have missed check-ins, and your last logged emotional state (if applicable).

4.2 To Our Infrastructure Partners

  • Twilio (SMS Provider): To deliver the text messages.
  • Firebase (Google Cloud) & Convex: To securely host the application backend, manage authentication, and store the encrypted database..

Note: All partners are bound by strict Data Processing Agreements (DPAs).

5AUTOMATED DECISION MAKING

KindPing uses automated algorithms to detect "Silence."

  • The Logic: If [Check-in = Missed] AND [Duration > 3 Days] THEN [Trigger SMS].
  • Your Rights: Under GDPR, you have a right to object to automated decision-making. However, as this automation is the core function of the KindPing safety net, objecting to this processing will render the App unusable.

6DATA RETENTION AND DELETION

6.1 Retention Period

We retain your Emotional Insight data for as long as your account is active, to allow you to view historical trends.

6.2 The "Right to be Forgotten"

If you delete your account via the App settings:

  • Your Identity Data is permanently deleted within 30 days.
  • Your Emotional Data is anonymised (stripped of your name) and used solely for aggregate research (e.g., "Average anxiety levels in January").

7SECURITY MEASURES

We employ industry-standard encryption (AES-256) to protect your data both in transit and at rest. However, no digital transmission is 100% secure. You acknowledge that you provide your personal health data at your own risk.

8YOUR LEGAL RIGHTS

Under the UK GDPR, you have the right to:

  • Request Access: Ask for a copy of the data we hold about you (Subject Access Request).
  • Request Correction: Fix the wrong data.
  • Request Erasure: Ask us to delete your data.
  • Withdraw Consent: Stop us from processing your health data (Account termination).

To exercise these rights, contact our privacy team at: support@thekindping.com

9INTERNATIONAL TRANSFERS

If our servers or service providers (like Twilio) process data outside the UK/EEA, we ensure protection through the UK International Data Transfer Agreement (IDTA) or equivalent safeguards.

BECAUSE BEING NOTICED MAKES ALL THE DIFFERENCE