Privacy Policy
Kintity is built on data minimization. We begin by telling you what we cannot collect—before explaining what little we must.
Information We Cannot Collect
We start with what we do not know—because this is the foundation of the trust you place in us.
All files, documents, text notes, and instructions stored inside your Vault are encrypted on your device before they ever reach our servers.
Kintity, its employees, and its infrastructure providers are architecturally incapable of reading, decrypting, or scanning the contents of any Vault. We store only mathematically scrambled ciphertext. The decryption keys are yours alone and never leave your device.
Information We Do Collect
Kintity collects only the minimum metadata required to securely operate the platform.
Identity Data
Your email address and phone number, used exclusively for one-time password authentication and account recovery. We do not collect government ID numbers, names, or dates of birth unless you choose to store them in your encrypted Vault.
Billing Data
Subscription and payment data is handled entirely by a certified third-party payment processor. Kintity does not store, log, or have access to your full card numbers, bank account details, or billing address beyond what is needed to manage your subscription status.
Technical Metadata
IP addresses at login, device type, timestamps of vault access events (required to operate inactivity-based continuity triggers), and the file sizes of encrypted payloads. This data is used solely for security, audit, and platform operation.
Beneficiary Data
The email addresses and phone numbers you designate for your beneficiaries. This data is required to deliver time-locked or event-triggered access when your protocol is activated.
How We Use the Information
Each data point has exactly one purpose. We do not use your data for advertising, profiling, or resale.
To authenticate your identity via one-time verification codes.
To monitor proof-of-life and inactivity triggers as defined by your continuity protocol.
To process subscription payments and detect fraudulent activity.
To dispatch automated system notifications, access links, and recovery communications.
To maintain an immutable audit log of vault access events for your security records.
Third-Party Service Providers
We do not sell data to data brokers, advertisers, or any third party. To operate the platform, we engage the following categories of service providers. Each receives only the specific data needed to perform its function.
For example, our phone verification provider receives only your phone number to deliver a one-time code—it receives no email address, profile data, or vault metadata.
Cloud infrastructure
Encrypted ciphertext storage and regional redundancy.
Email delivery
Transactional notifications and one-time code delivery to verified addresses.
Phone verification
One-time code delivery for mobile number authentication.
Payment processing
Subscription billing and fraud prevention.
Compliance with Legal Orders
If legally compelled by a valid court order or law enforcement request, Kintity will comply by producing the requested account metadata and stored ciphertext.
The Zero-Knowledge Limit
Because of our Zero-Knowledge architecture, we cannot and will not provide decrypted vault contents or encryption keys in response to any legal order—because we do not possess them. We can only produce what we hold: account metadata (email address, phone number, timestamps) and mathematically scrambled ciphertext that is meaningless without the user's private key.
Your Privacy Rights
Kintity respects privacy rights globally, including under the GDPR (European Union), CCPA (California), and the DPDP Act (India).
Right to Access
You may request a summary of all account metadata we hold about you at any time via your account settings.
Right to Correct
You may update your registered email address, phone number, or billing information directly within your account.
Right to be Forgotten
Account deletion permanently removes your ciphertext from our storage, your account metadata, and all beneficiary records. Because the ciphertext is encrypted with keys we do not hold, deletion is cryptographically irreversible.
Right to Data Portability
You may export your encrypted vault payloads at any time. Decryption requires your Master Recovery Key, which never left your device.
For privacy requests or questions, contact us at privacy@kintity.com.