Privacy & security

All your data, calendar events, notes, documents, health records, is strictly scoped to your family at the database level. Other families can't see it, and KinLife staff can't browse your calendar, notes, or documents.

The assistant uses Google Gemini to understand your requests and read documents you upload. The AI model processes your content to answer you, but does not train on or retain your documents. Every AI call is logged internally with token counts and the channel it came from, for cost and abuse monitoring, not content snooping.

• Calendar OAuth tokens and Apple app-specific passwords are encrypted at rest. KinLife never sees your real iCloud or Google password.
• Passwords are hashed; plaintext is never stored.
• Password resets use a single-use token with an expiry.
• Sessions use encrypted cookies.
• Database credentials are server-only and never exposed to the browser.

• WhatsApp: only numbers you explicitly register and activate receive AI responses.
• Email: inbound mail from non-family senders is logged for visibility but never triggers an automatic reply.
• Webhooks: inbound webhooks (email, WhatsApp) are cryptographically verified before they're trusted.
• Wiki images: served through an authenticated proxy that checks you belong to the owning family; there are no public image links.

You can review every action in the Activity log, change or revoke calendar sharing at any time, and edit or remove what the assistant remembers in Settings → Memory. Deleting a note sends it to Trash first, so mistakes are recoverable.