Legal
Privacy Policy
How KinPet collects, uses, stores, and protects your personal data across the KinPet platform.
Last updated: May 25, 2026
KINPET PRIVACY POLICY
Version: 2.1 — International Production Effective Date: May 25, 2026 Last Reviewed: May 25, 2026
DOCUMENT NOTICE: This Privacy Policy is a legally binding document governing the collection, use, storage, sharing, and protection of your Personal Data in connection with KinPet's Platform, including the Kin AI companion, PawScan, Kin Credits, and all associated features. This Policy is incorporated by reference into KinPet's Terms of Service. Capitalized terms not defined herein have the meanings given to them in the Terms of Service.
CRITICAL NOTICE TABLE
| 🔴 Topic | Summary |
|---|---|
| Who We Are | KinPet, Inc., a Delaware corporation — Data Controller for EEA, UK, and Brazil users |
| Data Location | Primary processing in the United States. International transfers use appropriate legal mechanisms |
| AI Processing | Your conversations with Kin and PawScan uploads are processed by AI systems — see Section 9 |
| No Sale of Data | KinPet does not sell your Personal Data as defined under the CCPA/CPRA |
| Children | Platform not intended for users under 18 (or applicable age of majority in your jurisdiction) |
| Pet Health Data | Treated with heightened protection — see Section 7.1 |
| Your Rights | Rights vary by jurisdiction — see Section 15 and Appendix A |
| Contact | privacy@kinpet.com |
TABLE OF CONTENTS
- About This Policy and Our Identity
- Definitions
- Information We Collect
- How We Collect Information
- Legal Bases for Processing
- How We Use Your Information
- Special Categories and Sensitive Information
- Cookies, Tracking Technologies, and Analytics
- AI-Specific Privacy Disclosures — Kin and PawScan
- How We Share Your Information
- Third-Party Service Providers
- International Data Transfers
- Data Retention
- Data Security
- Your Privacy Rights
- Marketing and Communications
- Children's Privacy
- Third-Party Links and Services
- Changes to This Policy
- Contact Information and Exercising Your Rights
- EU and EEA Specific Provisions
- United Kingdom Specific Provisions
- California Specific Provisions (CCPA/CPRA)
- Brazil Specific Provisions (LGPD)
- Canada Specific Provisions
- Australia Specific Provisions
- Other U.S. State Specific Provisions
Appendix A — Summary of Rights by Jurisdiction Appendix B — Data Processing Activities Table Appendix C — Third-Party Service Providers List Appendix D — Standard Contractual Clauses Notice Appendix E — Cookie Classification Table
SECTION 1 — ABOUT THIS POLICY AND OUR IDENTITY
1.1 Purpose of This Policy. This Privacy Policy explains how KinPet, Inc. ("KinPet," "we," "us," or "our") collects, uses, stores, shares, and protects Personal Data in connection with your use of the KinPet Platform, including:
- The KinPet mobile Application (iOS and Android);
- The KinPet Website and web-based interfaces;
- The Kin AI-powered pet care companion;
- The PawScan document scanning and OCR feature;
- The Kin Credits system;
- Reminder, notification, and alert features;
- All other features, tools, and services offered through the Platform.
This Policy also describes your rights with respect to your Personal Data and how you can exercise them.
1.2 Our Identity. The data controller responsible for your Personal Data is:
KinPet, Inc. 8 The Green, Suite A Dover, Delaware 19901 United States of America Email: privacy@kinpet.com
1.3 EU Representative. Pursuant to Article 27 of the General Data Protection Regulation (EU) 2016/679 (GDPR), KinPet has designated an EU Representative for users located in the European Economic Area:
[EU Representative Name and Details — To Be Completed Before Launch] Contact: eurepresentative@kinpet.com
1.4 UK Representative. Pursuant to Article 27 of the UK General Data Protection Regulation (UK GDPR), KinPet has designated a UK Representative for users located in the United Kingdom:
[UK Representative Name and Details — To Be Completed Before Launch] Contact: ukrepresentative@kinpet.com
1.5 Privacy Contact. KinPet has assessed its data processing activities and determined that appointment of a formal Data Protection Officer (DPO) is not required under Article 37 of the GDPR, Article 37 of the UK GDPR, or equivalent applicable legislation, as KinPet's core activities do not involve: (i) processing carried out by a public authority or body; (ii) regular and systematic monitoring of data subjects on a large scale; or (iii) large-scale processing of special categories of personal data as defined under GDPR Article 9. Documentation of this assessment is maintained internally and is available to supervisory authorities upon request.
All privacy-related inquiries, data subject rights requests, and regulatory correspondence should be directed to KinPet's designated Privacy Contact:
Privacy Contact: privacy@kinpet.com Mailing Address: KinPet, Inc. — Attn: Privacy, 8 The Green, Suite A, Dover, DE 19901, USA
1.6 Scope. This Policy applies to all users of the Platform globally, with jurisdiction-specific provisions detailed in Sections 21 through 27 and the Appendices. This Policy does not apply to third-party services, websites, or applications that may be accessible through links on the Platform. Those services are governed by their own privacy policies.
1.7 Relationship to Terms of Service. This Privacy Policy is incorporated by reference into KinPet's Terms of Service. In the event of a conflict between this Policy and the Terms of Service regarding privacy matters, this Policy will govern.
SECTION 2 — DEFINITIONS
For purposes of this Privacy Policy, the following definitions apply in addition to those set forth in the Terms of Service:
"Aggregate Data" means data that has been combined and summarized such that it cannot reasonably be used to identify any individual.
"Anonymized Data" means data from which all identifying information has been permanently removed such that re-identification is not reasonably possible.
"Behavioral Data" means data collected about how you interact with the Platform, including navigation patterns, feature usage, session duration, click patterns, and in-app actions.
"Consent" means any freely given, specific, informed, and unambiguous indication of your agreement to the processing of your Personal Data, given by a statement or clear affirmative action.
"Cookie" means a small text file placed on your Device by a website or application that stores information about your visit or preferences.
"Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.
"Data Protection Authority" or "DPA" means a national or regional supervisory authority responsible for overseeing compliance with data protection laws.
"Data Subject" means a natural person whose Personal Data is processed by KinPet.
"Device Data" means technical information about the Device you use to access the Platform, including device type, operating system, app version, device identifiers, and network information.
"Health Data" means data relating to the physical condition, medical history, diagnoses, treatments, or medications of your Pet, as submitted to or processed by the Platform.
"Inference Data" means data derived or inferred by KinPet's AI systems about your Pet or your use of the Platform based on other data we have collected.
"Pet Data" means all information you provide or that we derive about your Pet(s), including name, species, breed, age, weight, health records, vaccination records, medication records, veterinary visit records, and any other information relating to your Pet(s).
"Personal Data" means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Note: Pet Data is not Personal Data under most Data Protection Laws but is treated with heightened protection under this Policy.
"Processor" means a natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Controller.
"Profile Data" means data relating to your Account, preferences, settings, and history on the Platform.
"Pseudonymized Data" means data that can no longer be attributed to a specific Data Subject without the use of additional information, which is kept separately and is subject to technical and organizational measures to ensure non-attribution.
"Purpose Limitation" means the principle that Personal Data collected for specified, explicit, and legitimate purposes should not be further processed in a manner incompatible with those purposes.
"Sensitive Personal Information" (SPI) has the meaning given under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), as amended, and includes categories of data such as precise geolocation, racial or ethnic origin, religious beliefs, and biometric data.
"Sub-processor" means a Processor engaged by KinPet to carry out processing activities on its behalf.
"Technical and Organizational Measures" or "TOMs" means the security and privacy-by-design measures implemented by KinPet to protect Personal Data.
"Usage Data" means data about how you use the Platform, including features accessed, interactions with Kin, documents processed through PawScan, Credits used, and session information.
SECTION 3 — INFORMATION WE COLLECT
KinPet collects information in three primary ways: (i) information you provide directly; (ii) information collected automatically through your use of the Platform; and (iii) information received from third parties. This Section provides a detailed account of each category.
3.1 Information You Provide Directly.
(a) Account Registration Data. When you create an Account, we collect: your full name; email address; password (stored in hashed, non-recoverable form); date of birth (for age verification purposes); and any optional profile information you choose to provide, such as a profile photograph.
(b) Pet Profile Data. When you create a Pet profile on the Platform, we collect: pet name; species (e.g., dog, cat, rabbit, bird); breed; date of birth or estimated age; sex and reproductive status (neutered/spayed status); weight and body condition information; color and distinguishing markings; and any other information you voluntarily add to the Pet profile.
(c) Pet Health Records. When you use the Platform's health record features or PawScan, we collect: vaccination records and dates; medication names, dosages, and administration schedules; veterinary visit records and notes; diagnosis and treatment information; allergy information; surgical and procedure records; microchip numbers; insurance policy information; and any other health or medical documents you upload or enter.
(d) Veterinary and Provider Information. You may choose to provide information about your veterinary providers, including veterinarian name, clinic name, address, contact details, and notes. This information is stored in your Account for your convenience.
(e) Documents Uploaded to PawScan. When you use PawScan, we collect and process the documents you upload, including veterinary records, prescriptions, vaccination certificates, lab results, invoices, and other pet-related documents. These documents may contain Personal Data about you (such as your name and address on a veterinary invoice) as well as sensitive information about your pet's health.
(f) Communications with Kin. When you interact with the Kin AI companion, we collect the text and other content of your conversations with Kin, your questions and queries, and information about your Pet that you share during conversations.
(g) Payment Information. When you purchase a Subscription or Kin Credits, we or our third-party payment processors collect payment-related information including billing name, billing address, and, where processed directly by KinPet, truncated payment card details. We do not store full payment card numbers — these are handled and stored by our payment processor partners.
(h) Communications with KinPet. When you contact us through support channels, email, or feedback forms, we collect the content of your communications, your contact details, and any information you voluntarily provide in connection with your inquiry, complaint, or feedback.
(i) Preferences and Settings. We collect your in-app settings, notification preferences, language preferences, and other configuration choices.
(j) Reminders and Calendar Data. When you set up reminders for medications, vaccinations, appointments, or other pet care events, we collect the event name, date, time, recurrence settings, and associated pet and provider information.
3.2 Information Collected Automatically.
(a) Device Data. We automatically collect information about the Device(s) you use to access the Platform, including: device type and model; operating system version; application version; device identifiers (including Advertising ID, IDFA, Android ID, or equivalent, where applicable and subject to your consent where required); time zone settings; language settings; mobile network information; and IP address.
(b) Usage Data. We automatically collect information about how you interact with the Platform, including: features accessed and used; pages and screens viewed; Kin conversation initiation and completion events (not full conversation content, see Section 9); PawScan upload events and processing outcomes; Kin Credits consumption events; reminder creation and completion events; session start and end times; crash logs and error reports; and navigation paths and click patterns.
(c) Log Data. Our servers automatically record log data when you use the Platform, including: IP address; access times and dates; referring URLs; Platform version accessed; request details; and server response codes.
(d) Performance and Diagnostic Data. We collect data about the Platform's performance on your Device, including crash reports, error logs, response times, and similar technical diagnostics, which help us identify and resolve technical issues.
(e) Location Data. We collect limited location data in the following circumstances:
- Approximate location (derived from IP address): Used to detect your country/region for purposes of displaying applicable pricing, language settings, legal notices, and emergency resources.
- Precise location (from Device GPS or network): Collected only if you explicitly grant location permission in your Device settings and only where a specific feature requires it. You can withdraw location permission at any time through your Device settings.
(f) Cookies and Tracking Technologies. We use cookies and similar technologies as described in detail in Section 8.
3.3 Information from Third Parties.
(a) App Store Operators. When you download the Application from an App Store, we receive limited information from the App Store Operator, which may include your App Store account identifier, country of purchase, and purchase confirmation details.
(b) Payment Processors. Our payment processors provide us with transaction confirmation information, anonymized payment method identifiers (such as the last four digits of a card), and transaction IDs. We do not receive full payment card details from our processors.
(c) Authentication Providers. If you choose to register or log in using a third-party identity provider (such as "Sign in with Apple" or "Sign in with Google"), we receive the information those providers share with us pursuant to your consent, which typically includes your name and email address.
(d) Analytics Providers. Our analytics service providers may provide us with aggregated and/or Pseudonymized data about Platform usage to help us understand user behavior and improve our services.
(e) Referrals. If another user refers you to KinPet through a referral program, we may receive your email address from the referring user for purposes of contacting you about KinPet's services.
3.4 Information We Do Not Collect. KinPet does not intentionally collect the following categories of information, and you should not submit such information through the Platform:
- Government-issued identification numbers (social security numbers, national ID numbers, passport numbers);
- Financial account information beyond what is required for payment processing;
- Human health or medical information;
- Information about third parties who have not consented to share their information with KinPet;
- Special categories of Personal Data about you as defined under GDPR Article 9, unless incidentally included in documents you upload to PawScan.
SECTION 4 — HOW WE COLLECT INFORMATION
4.1 Directly from You. We collect most of the information described in Section 3.1 directly from you when you register, set up your Account and Pet profiles, use Platform features, communicate with Kin, upload documents to PawScan, make purchases, contact support, or otherwise interact with the Platform.
4.2 Automatically. We collect the information described in Section 3.2 automatically through your use of the Platform using technologies including server logs, cookies, pixel tags, mobile SDKs, and similar technologies described in Section 8.
4.3 From Third Parties. We receive information from the third parties described in Section 3.3 when you use their services in connection with the Platform.
4.4 Inferences. We may derive Inference Data about your Pet's health needs, care routines, or Platform usage patterns from the data we collect. We use such inferences to personalize your Platform experience and improve Kin's responses.
SECTION 5 — LEGAL BASES FOR PROCESSING
5.1 Applicability. This Section applies primarily to users in the EEA, UK, and other jurisdictions that require a legal basis for the processing of Personal Data. For other jurisdictions, see the jurisdiction-specific provisions in Sections 21 through 27.
5.2 Contract Performance (GDPR Article 6(1)(b); UK GDPR Article 6(1)(b)). We process certain Personal Data because it is necessary to perform the contract between you and KinPet (i.e., the Terms of Service). This includes:
- Creating and maintaining your Account;
- Providing access to Platform features, including Kin and PawScan;
- Processing your Subscription and Kin Credit purchases;
- Fulfilling your requests for Platform functionality;
- Providing customer support;
- Sending essential account-related communications;
- Enforcing our Terms of Service.
5.3 Legitimate Interests (GDPR Article 6(1)(f); UK GDPR Article 6(1)(f)). We process certain Personal Data where we have a legitimate interest in doing so, provided that our interests do not override your fundamental rights and freedoms. We have conducted Legitimate Interests Assessments (LIAs) for the following processing activities:
| Processing Activity | Our Legitimate Interest |
|---|---|
| Fraud detection and prevention | Protecting KinPet and users from fraudulent activity and abuse |
| Platform security monitoring | Identifying and preventing unauthorized access and security threats |
| Improving Platform features | Understanding how users interact with the Platform to improve the user experience |
| Analytics and performance monitoring | Measuring and improving Platform performance and reliability |
| AI model improvement (anonymized/aggregated) | Improving the accuracy and helpfulness of Kin and PawScan |
| Sending service improvement surveys | Understanding user satisfaction and needs |
| Defending legal claims | Protecting KinPet's legal rights and interests |
| Direct marketing to existing customers | Promoting relevant KinPet services to users who have shown interest |
You have the right to object to processing based on legitimate interests at any time. See Section 15.5.
5.4 Consent (GDPR Article 6(1)(a); UK GDPR Article 6(1)(a)). We rely on your consent for:
- Non-essential cookies and tracking technologies (see Section 8);
- Sending marketing communications to users who are not existing customers;
- Processing precise geolocation data (where this feature is enabled);
- Any other processing activity for which we expressly request your consent.
You can withdraw your consent at any time without affecting the lawfulness of processing that occurred before your withdrawal. See Section 15 for how to withdraw consent.
5.5 Legal Obligation (GDPR Article 6(1)(c); UK GDPR Article 6(1)(c)). We process Personal Data where necessary to comply with applicable legal obligations, including:
- Tax and financial record-keeping obligations;
- Data breach notification obligations;
- Responding to lawful requests from competent authorities;
- Compliance with court orders;
- Anti-money laundering and sanctions compliance obligations.
5.6 Vital Interests (GDPR Article 6(1)(d); UK GDPR Article 6(1)(d)). In rare and exceptional circumstances involving a serious and immediate threat to the vital interests of a natural person, we may process Personal Data to protect those vital interests.
5.7 Legal Bases for Special Categories (GDPR Article 9). In the rare event that we process Special Categories of Personal Data (for example, where a user incidentally includes such data in a PawScan upload), we rely on one or more of the following legal bases under GDPR Article 9: (i) explicit consent; (ii) vital interests; (iii) the data having been manifestly made public by the Data Subject; or (iv) the establishment, exercise, or defense of legal claims.
5.8 LGPD Legal Bases (Brazil). For users in Brazil, we process Personal Data on the following legal bases under the Lei Geral de Proteção de Dados (LGPD):
| LGPD Legal Base | Applicable Processing Activities |
|---|---|
| Execution of a contract (Art. 7(V)) | Account management, service provision, billing |
| Legitimate interests (Art. 7(IX)) | Fraud prevention, security, analytics, AI improvement |
| Consent (Art. 7(I)) | Marketing communications, non-essential cookies |
| Compliance with a legal obligation (Art. 7(II)) | Legal record-keeping, regulatory compliance |
| Exercise of rights in judicial, administrative, or arbitration proceedings (Art. 7(VI)) | Defense of legal claims |
Pursuant to Resolution CD/ANPD nº 2/2022, if KinPet qualifies as an Agent of Small Size (Agente de Pequeno Porte) under ANPD criteria, KinPet fulfills its obligations under LGPD Article 41 by making its Privacy Contact publicly available at privacy@kinpet.com in lieu of a formal Encarregado appointment, as permitted under the simplified compliance framework established by the ANPD.
SECTION 6 — HOW WE USE YOUR INFORMATION
6.1 Service Provision. We use your information to provide, operate, and maintain the Platform and its features, including:
- Authenticating your identity and maintaining your Account;
- Creating and maintaining Pet profiles;
- Enabling Kin AI conversations and generating Kin responses;
- Processing documents uploaded to PawScan;
- Delivering reminders and notifications;
- Processing Subscription and Kin Credits transactions;
- Providing customer support;
- Sending essential service communications, including receipts, security alerts, and policy updates.
6.2 AI Features. We use your information, including Pet Data, Health Data, and Kin conversation content, to:
- Generate personalized and relevant responses from Kin;
- Process and extract data from documents via PawScan;
- Improve the contextual accuracy of Kin responses over time;
- Analyze PawScan processing patterns for quality improvement (in anonymized/aggregated form).
See Section 9 for detailed disclosures about AI-specific data processing.
6.3 Platform Improvement and Analytics. We use aggregated, anonymized, and/or Pseudonymized data derived from your use of the Platform to:
- Understand how features are used;
- Identify bugs, errors, and performance issues;
- Develop and test new features;
- Improve the accuracy and reliability of Kin's AI models;
- Improve PawScan's OCR accuracy;
- Conduct A/B testing and product research.
6.4 Personalization. We use your information to personalize your experience on the Platform, including:
- Displaying your Pet profiles and health records;
- Surfacing relevant care reminders and suggestions;
- Tailoring Kin's responses to the specific needs of your Pet;
- Providing contextually relevant in-app guidance.
6.5 Safety and Security. We use your information to:
- Detect and prevent fraud, abuse, and unauthorized access;
- Monitor for suspicious account activity;
- Enforce our Terms of Service and other policies;
- Protect the rights and safety of KinPet, our users, and third parties;
- Comply with sanctions screening obligations.
6.6 Legal and Regulatory Compliance. We use your information to:
- Comply with applicable laws and regulations;
- Respond to lawful requests from competent authorities;
- Comply with tax and financial reporting obligations;
- Notify users and authorities of Data Breaches as required by applicable law;
- Establish, exercise, and defend legal claims.
6.7 Marketing and Communications. We use your information to:
- Send you marketing communications about KinPet's services, promotions, and updates (where you have provided consent or where permitted by applicable law);
- Conduct user satisfaction surveys;
- Share product updates, feature announcements, and tips.
You can opt out of marketing communications at any time. See Section 16.
6.8 Billing and Financial Administration. We use your information to:
- Process payments for Subscriptions and Kin Credits;
- Issue invoices and receipts;
- Manage refund requests;
- Prevent and investigate payment fraud and chargebacks;
- Comply with applicable financial record-keeping obligations.
6.9 Research and Development. With appropriate anonymization and safeguards, we may use data derived from Platform usage for research and development purposes, including to advance AI technology for pet care applications.
6.10 Purpose Limitation. We will not use your Personal Data for purposes that are incompatible with the purposes for which it was collected without your consent, unless otherwise required by applicable law.
SECTION 7 — SPECIAL CATEGORIES AND SENSITIVE INFORMATION
7.1 Pet Health Data — Heightened Protection. Although pet health data is not classified as Special Category Personal Data under GDPR or equivalent regulated data under most Data Protection Laws, KinPet treats Pet Health Data (including veterinary records, medication records, diagnosis information, vaccination records, and related data) with heightened protection because of its sensitive nature. Pet Health Data is:
- Stored with access controls that restrict access to authorized systems and personnel only;
- Never sold or shared with third parties for their own marketing or commercial purposes;
- Used only as described in this Privacy Policy;
- Retained only for the period necessary to provide the Services or as required by law.
7.2 Human Health Data — Inadvertent Collection. PawScan documents and other uploads may incidentally contain Personal Data or special category data relating to natural persons (for example, a veterinary invoice bearing your home address, or a document containing your health information). KinPet does not intentionally seek to collect human health data. If your uploaded documents contain such information:
- We process it only to the extent necessary to perform the PawScan feature;
- We do not use inadvertently collected human health data for any other purpose;
- You should review documents before uploading and redact any sensitive human information that is not relevant to pet care management.
7.3 Biometric Data. KinPet does not use biometric identification or authentication technology, except where enabled by your Device's operating system for Device login purposes (such as Face ID or Touch ID), which is managed by your Device operating system and not by KinPet.
7.4 Precise Geolocation. Precise geolocation data (GPS-level accuracy) is treated as Sensitive Personal Information under applicable law and:
- Is collected only with your explicit opt-in consent;
- Is collected only when a specific Platform feature requires it;
- Is not collected in the background without your knowledge;
- Can be disabled at any time through your Device settings;
- Is not shared with third parties for their own purposes.
7.5 Payment Card Data. KinPet uses PCI-DSS compliant third-party payment processors and does not store, process, or transmit full payment card numbers on our systems. Tokenized or truncated payment identifiers used for subscription management do not allow reconstruction of full card details.
7.6 Minor's Data. As described in Section 17, the Platform is not directed at children under 18 (or the applicable age of majority in your jurisdiction). Where we discover that data has been collected from a minor, we take immediate steps to delete it.
SECTION 8 — COOKIES, TRACKING TECHNOLOGIES, AND ANALYTICS
8.1 What Are Cookies? Cookies are small text files placed on your Device by websites or applications that store information about your session, preferences, or interactions. Similar technologies include pixel tags (web beacons), software development kits (SDKs), device fingerprinting, and local storage.
8.2 Types of Cookies and Tracking Technologies We Use.
(a) Strictly Necessary / Essential Cookies. These cookies are required for the Platform to function and cannot be switched off. They include session authentication cookies, security tokens, and load balancing cookies. No consent is required for these cookies, and they cannot be refused without affecting Platform functionality.
(b) Functional / Preference Cookies. These cookies remember your preferences and settings to enhance your experience, such as language preferences, notification settings, and interface customizations. These cookies require consent in jurisdictions where cookie consent is mandatory.
(c) Analytics and Performance Cookies. These cookies collect aggregated information about how users interact with the Platform, which features are popular, performance metrics, crash data, and similar insights. These cookies require consent in jurisdictions where cookie consent is mandatory.
(d) Mobile Analytics SDKs. In our mobile Application, we use software development kits (SDKs) from analytics providers to collect Usage Data, Device Data, and performance data. These SDKs function similarly to analytics cookies in a mobile context.
(e) Marketing and Advertising Cookies. We may use limited advertising-related tracking to measure the effectiveness of our own marketing campaigns (conversion tracking). We do not use third-party advertising networks to serve behavioral advertising to users based on their activities on the Platform. Marketing tracking cookies require your consent in jurisdictions where cookie consent is mandatory.
8.3 Third-Party Analytics Providers. We use third-party analytics services to help us understand Platform usage. These providers process data on our behalf as Processors and are subject to appropriate Data Processing Agreements.
8.4 Your Cookie Choices. You can manage cookies and tracking technologies through the following mechanisms:
- Cookie Consent Manager: For web-based access to the Platform, we provide a cookie consent manager that allows you to accept, reject, or customize non-essential cookies;
- App Permissions: For mobile Application usage, you can manage analytics and tracking permissions through your Device settings, including disabling the Advertising ID;
- Browser Settings: You can configure your browser to refuse all or some cookies, or to alert you when cookies are being set;
- Opt-Out Tools: For specific analytics providers, you may use their individual opt-out tools (details in Appendix C).
Note that disabling certain cookies or tracking technologies may affect the functionality of the Platform.
8.5 Do Not Track. Some browsers support "Do Not Track" (DNT) signals. The Platform does not currently respond to DNT signals, as there is no universally accepted standard for what constitutes a response to DNT. However, you can use the cookie management options described in Section 8.4.
8.6 EU and UK Cookie Consent. For users in the EEA and UK, we comply with the applicable requirements of the ePrivacy Directive (2002/58/EC), the PECR (Privacy and Electronic Communications Regulations 2003, UK), and applicable national implementing legislation. Non-essential cookies are placed only after you have given informed consent through our cookie consent mechanism.
8.7 Google Analytics. If we use Google Analytics, your Device Data and Usage Data may be processed by Google LLC in the United States. We have configured Google Analytics to anonymize IP addresses and have entered into a Data Processing Agreement with Google. You can opt out of Google Analytics across all websites using the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout.
SECTION 9 — AI-SPECIFIC PRIVACY DISCLOSURES — KIN AND PAWSCAN
9.1 Why This Section Exists. Kin and PawScan involve AI processing of your data, including potentially sensitive Pet Health Data. Because AI processing involves unique privacy considerations, this Section provides detailed disclosures about how we process data in connection with these features, consistent with transparency requirements under the EU AI Act (Regulation (EU) 2024/1689) and applicable data protection laws.
9.2 Kin — Data Processed. When you interact with Kin, we process:
- The content of your messages and queries to Kin;
- Contextual information about your Pet that you share during the conversation;
- Your Pet profile data, which may be used to provide Kin with relevant context;
- Kin's responses to you;
- Metadata about the conversation, including timestamp, session duration, Credits consumed, and conversation outcome.
9.3 How Kin Uses Your Data. Your conversation data with Kin is used:
- Primarily: To generate a response to your query in real time;
- Secondarily: To maintain context within a single conversation session (session memory);
- For improvement: In anonymized and aggregated form, to improve the accuracy, safety, and helpfulness of Kin's AI model;
- For safety: To detect and prevent misuse of the Platform, including attempts to circumvent Kin's safety filters.
9.4 Session Memory vs. Long-Term Memory. By default, Kin maintains context within a single conversation session (session memory), which is cleared at the end of the session. We may offer features that allow Kin to retain information across sessions (persistent memory) with your explicit consent. If persistent memory is offered, it will be clearly disclosed and opt-in only.
9.5 Kin — Third-Party AI Model Providers. Kin's AI capabilities may be powered in whole or in part by third-party AI model providers, which may include large language model (LLM) API providers. When your queries are processed by third-party AI models:
- Data is transmitted to the third-party AI provider's servers;
- This transmission is governed by a Data Processing Agreement between KinPet and the AI provider;
- The AI provider processes data as a Processor on KinPet's behalf;
- AI providers are contractually prohibited from using your data for their own model training purposes;
- Transmission may involve international data transfers subject to appropriate safeguards;
- The identity of our primary AI model provider(s) is disclosed in Appendix C.
9.6 PawScan — Data Processed. When you use PawScan, we process:
- The full content of documents you upload, including images, text, and any Personal Data or Pet Health Data contained within those documents;
- OCR-extracted text output;
- AI-interpreted and structured data extracted from documents (such as medication names, dosages, dates, and veterinarian names);
- Metadata about the upload, including file type, file size, upload timestamp, processing time, and Credits consumed.
9.7 How PawScan Uses Your Data. Document data processed by PawScan is used:
- Primarily: To extract, structure, and organize information from your documents for display in your Account;
- Secondarily: To store the extracted and organized data in your Account for your reference;
- For improvement: OCR and document processing accuracy may be improved using aggregated, anonymized processing data. Raw document content is not used for model training without your explicit consent;
- For safety: To detect and prevent uploading of malicious files or prohibited content.
9.8 Document Storage. Documents uploaded to PawScan are stored on secure cloud servers as described in Section 11. Documents are associated with your Account and retained per the schedule in Section 13. You can delete uploaded documents from your Account at any time.
9.9 AI Transparency — EU AI Act Compliance. In accordance with the EU AI Act (Regulation (EU) 2024/1689) and KinPet's AI transparency commitments:
- The Platform clearly discloses when you are interacting with an AI system (Kin);
- Kin does not impersonate a human or deny being an AI;
- KinPet maintains technical documentation about Kin's capabilities and limitations as required by applicable law;
- Kin is designed with safety filters to prevent generation of harmful, dangerous, or illegal content;
- KinPet does not deploy Kin as a high-risk AI system under Annex III of the EU AI Act and monitors regulatory developments regarding AI system classification.
9.10 Automated Decision-Making. KinPet does not use AI systems to make automated decisions that produce legal or similarly significant effects on users. Kin's outputs are informational only. No automated decisions are made based solely on Kin's outputs without human review or user decision. PawScan extractions are presented to users for their review and are not acted upon automatically.
9.11 Your Controls Over AI Processing. You have the following controls with respect to AI data processing:
- You can choose not to use Kin or PawScan;
- You can delete your Kin conversation history through Account settings (where this feature is available);
- You can delete documents uploaded to PawScan through Account settings;
- You can request deletion of your Account and all associated data, including AI-processed data, per Section 15.
SECTION 10 — HOW WE SHARE YOUR INFORMATION
10.1 Principle of Minimal Sharing. KinPet shares your Personal Data only where necessary to provide the Services, comply with applicable law, or protect our legitimate interests or the interests of our users. We do not sell your Personal Data to third parties for their own marketing or commercial purposes.
10.2 Sharing with Service Providers (Processors). We share your Personal Data with third-party service providers who process data on our behalf as Processors, solely to provide services to KinPet. These Processors are contractually prohibited from using your data for their own purposes and are required to process data only per our instructions. Categories of service providers include:
- Cloud hosting and infrastructure providers;
- Third-party AI model API providers;
- Payment processors;
- Analytics providers;
- Customer support platforms;
- Email delivery and communication providers;
- Fraud detection and security providers;
- Legal and professional services providers.
A list of our key service providers is maintained in Appendix C.
10.3 Business Transfers. In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy involving KinPet, your Personal Data may be transferred to the acquiring entity or successor as part of that transaction, subject to the acquirer's commitment to honor this Privacy Policy or provide you with advance notice and choice.
10.4 Legal Requirements and Protection of Rights. We may disclose your Personal Data where we believe in good faith that disclosure is necessary to:
- Comply with applicable law, regulation, or legal process;
- Respond to lawful requests from competent governmental authorities, courts, or regulators;
- Enforce our Terms of Service or investigate potential violations;
- Protect the rights, property, or safety of KinPet, our users, or the public;
- Detect, investigate, or prevent fraud, security incidents, or technical issues.
Where legally permitted, we will notify you before complying with such requests.
10.5 With Your Consent. We may share your Personal Data with third parties for purposes not described in this Policy where we have obtained your prior, informed, and express consent.
10.6 Aggregate and Anonymized Data. We may share Aggregate Data and Anonymized Data (which cannot reasonably be used to identify you) with third parties, including research institutions, industry publications, and business partners, for analytical, research, or informational purposes.
10.7 What We Do Not Share. KinPet expressly does not:
- Sell your Personal Data as defined under the CCPA/CPRA;
- Share your Pet Health Data with pet insurance companies, veterinary pharmaceutical companies, or other commercial pet health entities for their own purposes without your explicit consent;
- Share your Personal Data with data brokers for advertising purposes;
- Provide your Personal Data to governmental authorities except as required by law or legal process;
- Share your precise geolocation data with third parties for their own purposes.
SECTION 11 — THIRD-PARTY SERVICE PROVIDERS
11.1 Processor Relationships. All third-party service providers who process Personal Data on KinPet's behalf are engaged under written Data Processing Agreements (DPAs) that require them to: process data only per KinPet's instructions; implement appropriate Technical and Organizational Measures; comply with applicable Data Protection Laws; assist KinPet in fulfilling data subject rights requests; notify KinPet promptly of any Data Breaches; and delete or return Personal Data at the end of the service engagement.
11.2 Sub-processors. Our primary service providers (Processors) may engage their own Sub-processors to assist in providing services to KinPet. We require our Processors to impose obligations on their Sub-processors equivalent to those imposed on the Processors under our DPAs.
11.3 Key Service Provider Categories.
(a) Cloud Infrastructure. We use major cloud service providers to host Platform infrastructure, store user data and documents, and operate server-side AI processing. Our cloud providers maintain industry-leading security certifications.
(b) AI Model Providers. Kin's conversational AI and PawScan's document understanding capabilities may rely on third-party AI model APIs. These providers process query and document data solely to generate outputs returned to KinPet for delivery to you. They do not store your data for their own purposes beyond what is disclosed in this Policy.
(c) Payment Processing. Payment processing is handled by PCI-DSS compliant payment processors. We do not store full payment card details.
(d) Analytics. We use analytics providers to measure and improve Platform performance and user experience. Analytics data is processed under DPAs and configured to minimize personal data collection.
(e) Communications. We use email delivery services to send transactional and marketing emails. We use push notification services to send in-app and push notifications.
11.4 Current Provider List. The current list of key Processors and Sub-processors used by KinPet is maintained in Appendix C of this Policy. We update this list as we add, change, or remove service providers.
SECTION 12 — INTERNATIONAL DATA TRANSFERS
12.1 Overview. KinPet is a U.S.-incorporated company. Your Personal Data may be transferred to, stored in, and processed in the United States and other countries where KinPet or its service providers operate. These countries may have data protection laws that differ from those in your country of residence and may not offer the same level of protection as your home jurisdiction.
12.2 EEA to Third-Country Transfers. For transfers of Personal Data from the EEA to countries not recognized by the European Commission as providing an adequate level of protection (including the United States), we rely on one or more of the following transfer mechanisms:
- Standard Contractual Clauses (SCCs): We use the SCCs adopted by the European Commission (Decision C(2021) 3972) for relevant data transfers, including the controller-to-processor module for transfers to our Processors;
- EU-U.S. Data Privacy Framework (DPF): For transfers to U.S. service providers that have self-certified under the DPF, we may rely on the DPF as a transfer mechanism;
- Adequacy Decisions: For transfers to countries recognized by the European Commission as providing adequate data protection, we rely on the applicable adequacy decision.
12.3 UK to Third-Country Transfers. For transfers of Personal Data from the UK to countries not covered by UK adequacy regulations, we rely on:
- UK International Data Transfer Agreements (IDTAs): We use IDTAs as approved by the UK Information Commissioner's Office (ICO);
- UK Addenda to EU SCCs: Where applicable, we use the UK Addendum to EU SCCs, approved by the ICO;
- UK-U.S. Data Bridge: For transfers to U.S. service providers certified under the UK Extension to the DPF, we may rely on this mechanism.
12.4 Brazil to Third-Country Transfers. For transfers of Personal Data from Brazil to third countries, KinPet relies on legal mechanisms under LGPD Article 33, including standard contractual clauses and compliance with ANPD standards, as applicable.
12.5 Australia Cross-Border Disclosures. For disclosures of Personal Data from Australia to overseas recipients, KinPet complies with Australian Privacy Principle 8 (APP 8) under the Privacy Act 1988 (Cth). Where practicable, KinPet takes reasonable steps to ensure that overseas recipients handle the data consistently with the APPs.
12.6 Canada Cross-Border Transfers. For transfers of Personal Data of Canadian residents to third countries, KinPet complies with applicable obligations under PIPEDA and provincial privacy laws, including requirements to use comparable protection standards and to notify users of international transfers.
12.7 Transfer Impact Assessments. Where required by applicable law, KinPet conducts Transfer Impact Assessments (TIAs) to evaluate the adequacy of data protection in destination countries and to assess whether the legal transfer mechanisms used provide sufficient protection given the legal environment in the destination country.
12.8 Your Rights Regarding Transfers. EEA and UK users have the right to obtain information about the transfer mechanisms used to protect their Personal Data during international transfers and, in some cases, to request a copy of the relevant SCCs or IDTAs. You can exercise this right by contacting privacy@kinpet.com.
SECTION 13 — DATA RETENTION
13.1 Retention Principles. KinPet retains Personal Data only for as long as necessary to fulfill the purposes described in this Privacy Policy, to comply with applicable legal obligations, to resolve disputes, and to enforce our agreements. We apply a data minimization approach to retention and conduct periodic reviews of retained data.
13.2 Account and Profile Data. We retain Account Data (including your name, email address, Account settings, and Pet profiles) for as long as your Account is active and for a reasonable period thereafter to allow for Account reactivation. Upon Account deletion, Account Data is deleted or anonymized within 90 days, except where retention is required by applicable law.
13.3 Pet Health Records and Documents. Pet Health Data and documents uploaded to PawScan are retained for as long as your Account is active. You can delete individual records and documents at any time through Account settings. Upon Account deletion, all Pet Health Data and uploaded documents are deleted or anonymized within 90 days.
13.4 Kin Conversation Data. Conversation content from Kin sessions is retained for a period of 24 months from the date of the conversation for service improvement and safety purposes. After this period, conversation content is deleted or anonymized. Metadata about conversations may be retained for longer periods in anonymized form.
13.5 PawScan Processing Logs. Processing metadata from PawScan (such as upload events, processing outcomes, and error logs) is retained for 24 months. Raw uploaded document content is subject to the retention period described in Section 13.3.
13.6 Payment and Billing Records. Transaction records, invoices, and billing history are retained for a minimum of 7 years from the transaction date to comply with applicable tax and financial record-keeping laws.
13.7 Communications and Support Records. Communications you send to KinPet support are retained for 3 years from the date of the last interaction, or longer if required for legal proceedings.
13.8 Marketing Data. If you have opted into marketing communications, we retain your marketing preferences and associated data until you unsubscribe. Records of unsubscription are retained to ensure compliance with your preferences.
13.9 Legal Hold. Where KinPet is involved in legal proceedings, regulatory investigations, or has received a legal preservation demand, we may retain relevant Personal Data for longer than the periods described above.
13.10 Anonymized and Aggregated Data. Anonymized or Aggregated Data, from which individual users cannot be re-identified, may be retained indefinitely for analytical, research, and product improvement purposes.
13.11 Deletion vs. Anonymization. Upon expiration of applicable retention periods, KinPet will either securely delete your Personal Data or anonymize it so that it can no longer be associated with you. Where technical limitations make immediate deletion impractical (for example, in backup systems), data is isolated from active processing and deleted at the next practicable opportunity.
13.12 Retention Summary Table.
| Data Category | Standard Retention Period | Post-Account Deletion |
|---|---|---|
| Account Registration Data | Duration of Account | Deleted/anonymized within 90 days |
| Pet Profile Data | Duration of Account | Deleted/anonymized within 90 days |
| Pet Health Records (manual entry) | Duration of Account | Deleted/anonymized within 90 days |
| PawScan Uploaded Documents | Duration of Account | Deleted/anonymized within 90 days |
| Kin Conversation Content | 24 months from conversation | Deleted upon Account deletion + 90 days |
| Kin Conversation Metadata | 36 months (anonymized after 24 months) | Anonymized |
| PawScan Processing Metadata | 24 months | Anonymized |
| Payment and Billing Records | 7 years (legal requirement) | Retained for legal compliance |
| Support Communications | 3 years | Retained if required for legal proceedings |
| Server Logs | 12 months | Anonymized |
| Analytics Data | 24 months (aggregated/anonymized) | Anonymized |
| Marketing Preferences | Until unsubscription | Deleted upon Account deletion |
SECTION 14 — DATA SECURITY
14.1 Our Security Commitment. KinPet is committed to protecting your Personal Data and has implemented a comprehensive information security program consisting of technical, administrative, and physical safeguards designed to protect your data against unauthorized access, disclosure, alteration, loss, misuse, and destruction.
14.2 Technical Measures. Our technical security measures include:
- Encryption in transit: All data transmitted between your Device and KinPet's servers is encrypted using industry-standard TLS (Transport Layer Security) protocols;
- Encryption at rest: Sensitive data stored on KinPet's servers, including Pet Health Data, uploaded documents, and payment information, is encrypted at rest using AES-256 or equivalent encryption;
- Password security: User passwords are stored using one-way cryptographic hashing algorithms (such as bcrypt or Argon2) that make recovery of original passwords computationally infeasible;
- Access controls: Access to production systems containing Personal Data is restricted to authorized personnel on a need-to-know basis, enforced through role-based access controls (RBAC) and multi-factor authentication (MFA);
- Network security: Our infrastructure is protected by firewalls, intrusion detection and prevention systems, and network monitoring;
- Vulnerability management: We conduct regular vulnerability scanning and penetration testing of our systems;
- Secure development: Our software development process incorporates security reviews, code analysis, and security testing.
14.3 Organizational Measures. Our organizational security measures include:
- Information security policies and procedures;
- Regular employee security training and awareness programs;
- Background checks for employees with access to sensitive data;
- Data protection impact assessments (DPIAs) for high-risk processing activities;
- Vendor security assessments for service providers;
- Incident response and Data Breach notification procedures;
- Data classification and handling policies.
14.4 No Absolute Security. Despite our robust security measures, no security system is impenetrable, and we cannot guarantee the absolute security of your data. We encourage you to use strong, unique passwords, enable multi-factor authentication where available, and protect your Account credentials. You should notify us immediately at security@kinpet.com if you suspect unauthorized access to your Account.
14.5 Data Breach Response. In the event of a Data Breach affecting your Personal Data, KinPet will:
- Take immediate steps to contain and investigate the breach;
- Notify affected users as required by applicable law, which may include notification within 72 hours under GDPR and UK GDPR, within applicable statutory timeframes under LGPD, PIPEDA/CPPA, and the Australian Privacy Act;
- Notify applicable Data Protection Authorities as required by law;
- Document the breach and our response per applicable legal requirements;
- Take corrective and preventive measures to address the vulnerability.
14.6 Security Contact. To report a security vulnerability or suspected security incident, contact security@kinpet.com.
SECTION 15 — YOUR PRIVACY RIGHTS
15.1 General. Depending on your jurisdiction and the legal basis for our processing, you have certain rights with respect to your Personal Data. This Section provides an overview of common rights. Jurisdiction-specific rights are detailed in Sections 21 through 27 and Appendix A.
15.2 Right to Access. You have the right to request a copy of the Personal Data we hold about you. We will provide a structured response describing: what Personal Data we hold about you; where it came from; why we process it; who we share it with; and any automated processing that takes place.
15.3 Right to Rectification / Correction. You have the right to request correction of inaccurate or incomplete Personal Data. For most data within the Platform, you can correct information directly through your Account settings without contacting us.
15.4 Right to Erasure / Deletion. You have the right to request deletion of your Personal Data in certain circumstances, including: where the data is no longer necessary for the purpose for which it was collected; where you withdraw consent (where consent was the legal basis); where you object to processing and our legitimate interests do not override your rights; where we have processed data unlawfully; or where required by law. Note: deletion requests may not be fully fulfilled where retention is required by applicable law or for legitimate legal purposes.
15.5 Right to Object. You have the right to object to:
- Processing based on our legitimate interests — we will stop processing unless we demonstrate compelling legitimate grounds that override your rights; and
- Processing for direct marketing purposes — we will stop immediately upon your objection, without the need to justify your decision.
15.6 Right to Restriction of Processing. You have the right to request that we restrict processing of your Personal Data in certain circumstances, such as while we verify the accuracy of data you have disputed or while we consider your objection to processing.
15.7 Right to Data Portability. Where our processing is based on your consent or the performance of a contract, and is carried out by automated means, you have the right to receive your Personal Data in a structured, commonly used, machine-readable format, and to transmit that data to another controller.
15.8 Right to Withdraw Consent. Where we process your Personal Data based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
15.9 Right to Lodge a Complaint. You have the right to lodge a complaint with the relevant Data Protection Authority in your jurisdiction. Key DPA contacts are:
| Jurisdiction | Authority | Website |
|---|---|---|
| EU / EEA | European Data Protection Board (EDPB) / National DPAs | https://edpb.europa.eu |
| United Kingdom | Information Commissioner's Office (ICO) | https://ico.org.uk |
| Brazil | Autoridade Nacional de Proteção de Dados (ANPD) | https://www.gov.br/anpd |
| Canada (Federal) | Office of the Privacy Commissioner (OPC) | https://www.priv.gc.ca |
| Australia | Office of the Australian Information Commissioner (OAIC) | https://www.oaic.gov.au |
| California | California Privacy Protection Agency (CPPA) | https://cppa.ca.gov |
15.10 How to Exercise Your Rights. To exercise any of the rights described in this Section:
- In-App: Many rights, including access and deletion of specific data, can be exercised directly through your Account settings;
- By Email: Send a written request to privacy@kinpet.com with the subject line "Privacy Rights Request";
- By Mail: KinPet, Inc., Attn: Privacy, 8 The Green, Suite A, Dover, DE 19901, USA.
15.11 Identity Verification. To protect your privacy and security, we will verify your identity before processing rights requests. Verification may require you to confirm information associated with your Account or provide additional proof of identity.
15.12 Response Timeframes.
| Jurisdiction | Response Timeframe |
|---|---|
| EEA / EU | 30 days (extendable by 2 months for complex requests) |
| United Kingdom | 1 month (extendable by 2 months for complex requests) |
| Brazil | 15 days (under LGPD) |
| Canada | 30 days |
| Australia | 30 days |
| California (CCPA) | 45 days (extendable by 45 days) |
| All Other Jurisdictions | 30 days |
15.13 No Fees. We will not charge a fee for processing rights requests, unless the request is manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable administrative fee or refuse to act on the request, as permitted by applicable law.
15.14 Right Not to Be Discriminated Against. KinPet will not discriminate against you for exercising your privacy rights. We will not deny you access to the Platform, charge you different prices, or provide you with a lesser quality of service because you exercised your rights under applicable privacy law.
SECTION 16 — MARKETING AND COMMUNICATIONS
16.1 Types of Communications.
(a) Transactional/Service Communications. These are communications necessary for the provision of the Services, including: Account registration confirmations; password reset emails; purchase receipts; Subscription renewal notifications; changes to Terms or this Policy; security alerts and notifications; and responses to your support requests. These communications are sent regardless of your marketing preferences, as they are necessary for the performance of our contract with you.
(b) Marketing Communications. These are promotional communications about KinPet's products, features, promotions, and related services. Marketing communications are sent only: to existing users where permitted by applicable law; or to users who have explicitly opted in to receive them.
(c) Platform Notifications. In-app notifications and push notifications are sent per your Device and Account notification settings, including reminders, feature updates, and usage tips.
16.2 Opt-Out from Marketing. You can opt out of marketing communications at any time through:
- The "unsubscribe" link in any marketing email;
- Your Account notification settings in the Platform;
- Contacting us at privacy@kinpet.com.
Opt-out requests are processed within 10 Business Days. Note that opting out of marketing communications does not affect transactional/service communications.
16.3 Push Notification Management. Push notification permissions are managed through your Device's notification settings. You can disable push notifications for the KinPet Application at any time through your Device settings. Note that disabling push notifications may affect your receipt of medication and appointment reminders.
16.4 SMS / Text Messages. If we offer SMS messaging features and you provide your mobile number, we will only send SMS messages with your explicit prior consent. You can opt out of SMS messages by replying "STOP" to any message or by contacting us at privacy@kinpet.com.
16.5 Legal Basis for Marketing. Our legal basis for sending marketing communications is: (i) legitimate interests (for existing customers under applicable law, subject to your right to object); or (ii) consent (for all other users and where consent is required).
SECTION 17 — CHILDREN'S PRIVACY
17.1 Not Directed at Children. The Platform is not directed at, and is not intended for use by, children under 18 years of age (or the applicable age of majority in your jurisdiction). We do not knowingly collect, use, or disclose Personal Data from children under 18 without parental consent.
17.2 COPPA Compliance. Pursuant to the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501–6506), KinPet does not knowingly collect Personal Data from children under 13 years of age. If we discover that we have collected Personal Data from a child under 13 without verifiable parental consent, we will delete such data promptly.
17.3 Age Verification. We collect date of birth at registration for age verification purposes. We do not retain date of birth beyond what is necessary for verification.
17.4 Parental Rights. If you are a parent or guardian and believe that we may have inadvertently collected Personal Data from your child under 13, please contact us immediately at privacy@kinpet.com. We will investigate and, where appropriate, delete the data within a reasonable timeframe.
17.5 Age-Verified Jurisdictions. In jurisdictions where GDPR Article 8 or equivalent national law applies, KinPet requires verifiable parental or guardian consent for users under 18.
SECTION 18 — THIRD-PARTY LINKS AND SERVICES
18.1 Third-Party Links. The Platform may contain links to third-party websites, applications, and services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through links on the Platform.
18.2 App Store Operators. Your download and use of the Application through an App Store is subject to the App Store Operator's privacy policy.
18.3 Social Media. If the Platform includes social sharing features, use of those features may allow social media platforms to collect information about your use of the Platform.
18.4 Third-Party Authentication. If you use a third-party identity provider (such as "Sign in with Apple" or "Sign in with Google"), your authentication through those services is subject to their respective privacy policies.
SECTION 19 — CHANGES TO THIS POLICY
19.1 Right to Update. KinPet reserves the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors.
19.2 Notification of Material Changes. We will notify you of material changes to this Policy through one or more of the following mechanisms:
- Updating the "Last Updated" date at the top of this Policy;
- Sending an email notification to the email address associated with your Account;
- Displaying a prominent in-app notification;
- Requiring re-acceptance of this Policy upon next login (for significant changes).
19.3 Effective Date. Updated Policies take effect on the date indicated in the "Effective Date" field, unless applicable law requires a longer notice period.
19.4 Your Continued Use. Your continued use of the Platform after the Effective Date of an updated Policy constitutes your acceptance of the updated Policy. If you do not agree to the updated Policy, you should stop using the Platform and delete your Account.
19.5 Historical Versions. We will maintain an archive of prior versions of this Privacy Policy, accessible upon request by contacting privacy@kinpet.com.
SECTION 20 — CONTACT INFORMATION AND EXERCISING YOUR RIGHTS
| Contact Type | Details |
|---|---|
| General Privacy Inquiries | privacy@kinpet.com |
| Data Subject Rights Requests | privacy@kinpet.com (Subject: "Privacy Rights Request") |
| LGPD — Canal de Contato (Brazil) | privacy@kinpet.com |
| Security / Vulnerability Reporting | security@kinpet.com |
| Marketing Opt-Out | privacy@kinpet.com or unsubscribe link in emails |
| Legal / Regulatory | legal@kinpet.com |
| EU Representative | eurepresentative@kinpet.com |
| UK Representative | ukrepresentative@kinpet.com |
| Mailing Address | KinPet, Inc., Attn: Privacy, 8 The Green, Suite A, Dover, DE 19901, USA |
SECTION 21 — EU AND EEA SPECIFIC PROVISIONS
21.1 Applicability. This Section applies to users located in the European Economic Area (EEA), including EU member states, Norway, Iceland, and Liechtenstein.
21.2 Data Controller. KinPet, Inc. is the Controller of your Personal Data for EEA users, with contact details and EU Representative details provided in Section 1.
21.3 Legal Bases Summary. A full description of the legal bases we rely on for processing your Personal Data is set out in Section 5. You have the right to request information about the legal basis for any specific processing activity by contacting privacy@kinpet.com.
21.4 Data Subject Rights. EEA users have all the rights described in Section 15, under GDPR Articles 15 through 22. We will respond to rights requests within 30 days, extendable by 2 months for complex requests.
21.5 Profiling. KinPet does not engage in automated profiling of users that produces legal or similarly significant effects. Personalization of the Platform (such as contextualizing Kin's responses to your Pet) is not considered profiling within the meaning of GDPR Article 22.
21.6 DPO Assessment. KinPet has conducted a formal assessment of its obligation to appoint a Data Protection Officer under GDPR Article 37 and has determined that such appointment is not mandatory. This assessment is based on the finding that KinPet's core activities do not constitute: (i) processing carried out by a public authority or body; (ii) regular and systematic monitoring of data subjects on a large scale; or (iii) large-scale processing of special categories of data under GDPR Article 9 or criminal conviction data under Article 10. KinPet maintains documentation of this assessment, which is available to competent supervisory authorities upon request, consistent with the accountability principle under GDPR Article 5(2). All data protection inquiries should be directed to privacy@kinpet.com.
21.7 Data Protection Impact Assessments. KinPet conducts Data Protection Impact Assessments (DPIAs) for high-risk processing activities, including the deployment of AI systems and large-scale processing of sensitive data, as required by GDPR Article 35.
21.8 Right to Lodge a Complaint. EEA users have the right to lodge a complaint with their national DPA. A list of EEA DPAs is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
21.9 International Transfers. Transfers of EEA Personal Data to the United States and other third countries are conducted pursuant to the transfer mechanisms described in Section 12.
21.10 ePrivacy. Our use of cookies and similar technologies for EEA users is subject to the ePrivacy Directive (2002/58/EC) and applicable national implementing legislation. We obtain consent for non-essential cookies as required.
21.11 AI Act Transparency. As required by the EU AI Act and described in Section 9.9, KinPet ensures that users interacting with Kin are aware they are communicating with an AI system.
SECTION 22 — UNITED KINGDOM SPECIFIC PROVISIONS
22.1 Applicability. This Section applies to users located in the United Kingdom of Great Britain and Northern Ireland.
22.2 UK Data Protection Framework. KinPet processes Personal Data of UK users in compliance with the UK General Data Protection Regulation (UK GDPR) as incorporated into UK law by the Data Protection Act 2018 (DPA 2018).
22.3 Data Controller. KinPet, Inc. is the Controller of your Personal Data for UK users. Our UK Representative details are provided in Section 1.
22.3A DPO Assessment. KinPet has assessed its obligation to appoint a Data Protection Officer under UK GDPR Article 37 and has determined that such appointment is not required. KinPet's core activities do not involve: (i) processing by a public authority or body; (ii) regular and systematic monitoring of data subjects on a large scale; or (iii) large-scale processing of special categories of data as defined under UK GDPR Article 9. Documentation of this assessment is maintained internally and available to the ICO upon request. All data protection inquiries for UK users should be directed to privacy@kinpet.com.
22.4 Data Subject Rights. UK users have the same data subject rights as EEA users, described in Section 15, under the UK GDPR and DPA 2018. Response timeframes follow the UK GDPR (1 month, extendable by 2 months).
22.5 Right to Lodge a Complaint. UK users have the right to lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk or by calling 0303 123 1113.
22.6 International Transfers. Transfers of UK Personal Data are conducted pursuant to UK-approved transfer mechanisms as described in Section 12.3.
22.7 UK PECR. Our email marketing to UK users complies with the Privacy and Electronic Communications Regulations 2003 (PECR). We rely on the "soft opt-in" for existing customers and obtain explicit consent for new marketing contacts, as required by PECR.
22.8 Cookie Consent. For web-based Platform access by UK users, our cookie consent mechanism complies with UK PECR requirements for consent to non-essential cookies.
SECTION 23 — CALIFORNIA SPECIFIC PROVISIONS (CCPA/CPRA)
23.1 Applicability. This Section applies to California residents under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) and the regulations promulgated thereunder by the California Privacy Protection Agency (CPPA).
23.2 Categories of Personal Information Collected. In the preceding 12 months, KinPet has collected the following categories of Personal Information about California residents:
| CCPA Category | Examples | Collected? |
|---|---|---|
| Identifiers | Name, email address, IP address, Account ID | Yes |
| Personal information (Cal. Civ. Code § 1798.80(e)) | Name, address, email | Yes |
| Protected classification characteristics | Date of birth (age verification only) | Yes (limited) |
| Commercial information | Subscription and purchase records | Yes |
| Biometric information | Not collected | No |
| Internet or other electronic network activity | Usage Data, log data, Behavioral Data | Yes |
| Geolocation data | Approximate (IP-based); precise only with consent | Approximate: Yes; Precise: with consent only |
| Sensory data | Not collected | No |
| Professional or employment-related information | Not collected | No |
| Education information | Not collected | No |
| Inferences | Pet care preferences and usage patterns | Yes (limited) |
| Sensitive Personal Information (SPI) | Precise geolocation (with consent); Kin conversation contents | With consent / Yes |
23.3 Sources of Personal Information. KinPet collects Personal Information from: you directly; your Device automatically; and third parties (App Store Operators, payment processors, authentication providers) as described in Section 3.
23.4 Business and Commercial Purposes. KinPet uses Personal Information for the business and commercial purposes described in Section 6.
23.5 Categories of Third Parties. KinPet shares California residents' Personal Information with Service Providers (Processors), successors in interest (in a business transfer), and governmental authorities (as required by law) as described in Section 10.
23.6 Sale and Sharing of Personal Information. KinPet does not sell Personal Information as defined under the CCPA/CPRA. KinPet does not share Personal Information for cross-context behavioral advertising as defined under the CPRA.
23.7 Use of Sensitive Personal Information. KinPet uses Sensitive Personal Information only to provide the Services you request, to detect and prevent security incidents and fraud, and to ensure physical safety, as permitted under the CPRA. KinPet does not use or disclose Sensitive Personal Information to infer characteristics about you beyond what is permitted under applicable regulations.
23.8 Your California Privacy Rights. California residents have the following rights under the CCPA/CPRA:
- Right to Know: Categories and specific pieces of Personal Information collected, sources, business purposes, and categories of third parties;
- Right to Delete: Request deletion of your Personal Information, subject to certain exceptions;
- Right to Correct: Request correction of inaccurate Personal Information;
- Right to Opt-Out of Sale/Sharing: Opt out of sale or sharing of Personal Information (note: KinPet does not sell or share as defined under CCPA/CPRA);
- Right to Limit Use of SPI: Limit use and disclosure of Sensitive Personal Information to permitted purposes;
- Right to Non-Discrimination: KinPet will not discriminate against you for exercising your rights.
23.9 How to Submit a California Privacy Request. Submit a request to privacy@kinpet.com with subject line "California Privacy Request," or through Account settings where applicable. We will respond within 45 days, extendable by 45 days with notice.
23.10 Authorized Agent. You may designate an authorized agent to submit rights requests on your behalf by providing written authorization signed by you, along with the agent's identification.
23.11 Financial Incentives. KinPet does not offer financial incentives in exchange for the retention or sale of Personal Information.
SECTION 24 — BRAZIL SPECIFIC PROVISIONS (LGPD)
24.1 Applicability. This Section applies to users located in Brazil under the Lei Geral de Proteção de Dados (LGPD — Lei nº 13.709/2018) and regulations issued by the Autoridade Nacional de Proteção de Dados (ANPD).
24.2 Data Controller (Controlador). For Brazilian users, KinPet, Inc. is the Controlador (Controller) of your Personal Data.
24.3 Privacy Contact (Canal de Contato). Pursuant to LGPD Article 41 and Resolution CD/ANPD nº 2/2022, KinPet designates the following channel as its official data protection contact for Brazilian users, consistent with the simplified compliance framework available to qualifying Agents of Small Size (Agentes de Pequeno Porte):
Canal de Contato / Privacy Contact: privacy@kinpet.com Endereço postal: KinPet, Inc., 8 The Green, Suite A, Dover, DE 19901, EUA
This channel is publicly available for data subjects, the ANPD, and other authorities to submit inquiries, complaints, and data subject rights requests. KinPet will respond to requests from Brazilian users within 15 days as required by LGPD.
24.4 Legal Bases Under LGPD. KinPet processes Personal Data of Brazilian users based on the legal bases set forth in LGPD Article 7, as described in Section 5.8 of this Policy.
24.5 Your Rights Under LGPD. Brazilian users have the following rights under LGPD Article 18:
- Confirmação e acesso: Right to request confirmation of processing and access to your Personal Data;
- Correção: Right to request correction of incomplete, inaccurate, or outdated Personal Data;
- Anonimização, bloqueio ou eliminação: Right to request anonymization, blocking, or deletion of unnecessary or non-compliant data;
- Portabilidade: Right to request portability of your Personal Data to another provider;
- Eliminação: Right to request deletion of Personal Data processed with your consent;
- Informação sobre compartilhamento: Right to information about entities with which KinPet has shared your data;
- Informação sobre recusa: Right to information about the possibility of refusing consent and its consequences;
- Revogação do consentimento: Right to revoke consent at any time;
- Revisão de decisões automatizadas: Right to request review of automated decisions based solely on automated processing.
24.6 How to Exercise LGPD Rights. Brazilian users may exercise their rights by contacting privacy@kinpet.com with the subject line "Solicitação LGPD." We will respond within 15 days as provided under LGPD.
24.7 International Transfers. Transfers of Brazilian Personal Data to countries outside Brazil are conducted pursuant to LGPD Article 33, including standard contractual clauses and compliance with ANPD standards.
24.8 Right to Complain to ANPD. Brazilian users have the right to lodge a complaint with the ANPD at https://www.gov.br/anpd.
24.9 Consumer Protection. This Policy does not limit any rights you may have under the Código de Defesa do Consumidor (CDC — Lei nº 8.078/1990).
SECTION 25 — CANADA SPECIFIC PROVISIONS
25.1 Applicability. This Section applies to users located in Canada under PIPEDA, applicable provincial privacy laws (including PIPA in Alberta and British Columbia, and the Act respecting the protection of personal information in the private sector in Quebec), and the Consumer Privacy Protection Act (CPPA) upon its entry into force.
25.2 Privacy Officer. KinPet has designated a Privacy Officer responsible for Canadian privacy compliance, contactable at privacy@kinpet.com.
25.3 Purposes for Collection. KinPet collects Personal Information for the purposes described in Section 6. We identify the purposes before or at the time of collection.
25.4 Consent. KinPet generally relies on your express or implied consent for the collection, use, and disclosure of your Personal Information, except where not required by applicable law. You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice.
25.5 Access and Correction. Canadian users have the right to access their Personal Information held by KinPet and to request correction of inaccurate information. Requests can be made to privacy@kinpet.com. We will respond within 30 days.
25.6 Right to Lodge a Complaint. Canadian users may lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) at https://www.priv.gc.ca, or with the applicable provincial privacy commissioner.
25.7 Quebec Law 25. For Quebec residents, KinPet complies with the additional requirements of Quebec Law 25, including: Privacy Impact Assessments (PIAs) before undertaking projects involving Personal Information; rights to portability in a structured technological format; rights to be informed of automated decisions and to request human review; and anonymization standards consistent with applicable guidance.
25.8 CASL Compliance. Our email marketing to Canadian users complies with Canada's Anti-Spam Legislation (CASL). We rely on express or implied consent as required by CASL and include required identification and unsubscribe mechanisms in commercial electronic messages.
SECTION 26 — AUSTRALIA SPECIFIC PROVISIONS
26.1 Applicability. This Section applies to users located in Australia under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
26.2 Privacy Officer. KinPet has designated a Privacy Officer for Australian privacy compliance, contactable at privacy@kinpet.com.
26.3 Australian Privacy Principles Compliance. KinPet complies with the APPs under the Privacy Act 1988 (Cth), including: APP 1 (open and transparent management); APP 3 (collection of solicited Personal Information necessary for our functions); APP 5 (notification of collection at or before collection); APP 6 (use or disclosure for the primary purpose of collection or with consent); APP 7 (direct marketing with opt-out mechanisms); APP 8 (reasonable steps to ensure cross-border recipients handle data consistently with the APPs); APP 11 (reasonable steps to protect Personal Information from misuse, interference, loss, and unauthorized access); APP 12 (access to Personal Information upon request); and APP 13 (correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading Personal Information).
26.4 Your Rights Under the Privacy Act. Australian users have the right to: request access to Personal Information we hold about you; request correction of inaccurate or incomplete information; and complain to us about our privacy practices. Requests can be made by contacting privacy@kinpet.com. We will respond within 30 days.
26.5 Right to Lodge a Complaint with OAIC. If you are not satisfied with our response to a privacy complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au or by calling 1300 363 992.
26.6 Internal Complaint Resolution. Please contact us first at privacy@kinpet.com. We will investigate and respond within 30 days. If you are not satisfied with our response, you may escalate to the OAIC.
26.7 Notifiable Data Breaches. In the event of a Data Breach that is likely to result in serious harm to you, KinPet will notify you and the OAIC as required by the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth).
SECTION 27 — OTHER U.S. STATE SPECIFIC PROVISIONS
27.1 Applicability. This Section applies to residents of U.S. states with comprehensive consumer privacy laws, in addition to the California provisions in Section 23.
27.2 Virginia (VCDPA). Virginia residents have rights under the Virginia Consumer Data Protection Act, including the right to access, correct, delete, and port Personal Data, and to opt out of targeted advertising, sale of Personal Data, and profiling for decisions with significant effects. KinPet does not sell Personal Data or engage in targeted advertising. Appeals of rights request decisions may be submitted to privacy@kinpet.com within 30 days of our response.
27.3 Colorado (CPA). Colorado residents have rights under the Colorado Privacy Act, including rights to access, correction, deletion, portability, and opt-out of sale of Personal Data, targeted advertising, and profiling for significant decisions.
27.4 Connecticut (CTDPA). Connecticut residents have rights under the Connecticut Data Privacy Act, including rights to access, correction, deletion, portability, and opt-out of the sale of Personal Data, targeted advertising, and profiling for significant decisions.
27.5 Utah (UCPA). Utah residents have rights under the Utah Consumer Privacy Act, including rights to access, deletion, and portability of Personal Data, and the right to opt out of sale of Personal Data and targeted advertising.
27.6 Texas (TDPSA). Texas residents have rights under the Texas Data Privacy and Security Act, including rights to access, correct, delete, and port Personal Data, and to opt out of processing for targeted advertising, sale, or profiling.
27.7 Other States. KinPet monitors U.S. state privacy legislation on an ongoing basis and will update this Policy to reflect new obligations as they enter into force. Contact privacy@kinpet.com for more information about rights applicable in your state.
27.8 How to Exercise Rights. To exercise rights under any applicable U.S. state privacy law, contact privacy@kinpet.com with the subject line "U.S. State Privacy Request — [State Name]." We will respond within the timeframe required by applicable law and will not discriminate against you for exercising your rights.
APPENDIX A — SUMMARY OF PRIVACY RIGHTS BY JURISDICTION
| Jurisdiction | Governing Law | Key Rights | Complaint Authority |
|---|---|---|---|
| EU / EEA | GDPR | Access, rectification, erasure, portability, restriction, objection, no automated decisions | National DPA / EDPB |
| United Kingdom | UK GDPR / DPA 2018 | Same as GDPR | ICO |
| Brazil | LGPD | Confirmation, access, correction, anonymization/blocking/deletion, portability, deletion (consent-based), sharing info, revocation, automated decision review | ANPD |
| Canada (Federal) | PIPEDA / CPPA | Access, correction | OPC |
| Canada (Quebec) | Law 25 | Access, correction, portability, automated decision review | CAI |
| Australia | Privacy Act 1988 | Access, correction, complaint | OAIC |
| California | CCPA / CPRA | Know, delete, correct, opt-out of sale/sharing, limit SPI, non-discrimination | CPPA / AG |
| Virginia | VCDPA | Access, correct, delete, portability, opt-out, appeal | Virginia AG |
| Colorado | CPA | Access, correct, delete, portability, opt-out, appeal | Colorado AG |
| Connecticut | CTDPA | Access, correct, delete, portability, opt-out, appeal | Connecticut AG |
| Utah | UCPA | Access, delete, portability, opt-out | Utah AG |
| Texas | TDPSA | Access, correct, delete, portability, opt-out, appeal | Texas AG |
| All Other Jurisdictions | Applicable local law | Per local law | Per local law |
All rights requests: privacy@kinpet.com
APPENDIX B — DATA PROCESSING ACTIVITIES TABLE
| Processing Activity | Data Categories | Legal Basis (GDPR) | Legal Basis (LGPD) | Retention Period |
|---|---|---|---|---|
| Account Registration and Management | Identifiers, Account Data | Contract (Art. 6(1)(b)) | Contract (Art. 7(V)) | Duration of Account + 90 days |
| Pet Profile Creation and Management | Pet Data | Contract (Art. 6(1)(b)) | Contract (Art. 7(V)) | Duration of Account + 90 days |
| Kin AI Conversations | Conversation Content, Pet Data | Contract (Art. 6(1)(b)) | Contract (Art. 7(V)) | 24 months |
| PawScan Document Processing | Uploaded Documents, Pet Health Data | Contract (Art. 6(1)(b)) | Contract (Art. 7(V)) | Duration of Account + 90 days |
| Subscription and Payment Processing | Billing Data, Transaction Records | Contract (Art. 6(1)(b)); Legal Obligation (Art. 6(1)(c)) | Contract (Art. 7(V)); Legal Obligation (Art. 7(II)) | 7 years |
| Reminder and Notification Delivery | Pet Data, Event Data, Device Data | Contract (Art. 6(1)(b)) | Contract (Art. 7(V)) | Duration of Account + 90 days |
| Platform Analytics and Improvement | Usage Data, Behavioral Data (anonymized/aggregated) | Legitimate Interests (Art. 6(1)(f)) | Legitimate Interests (Art. 7(IX)) | 24 months |
| AI Model Improvement | Anonymized/Aggregated Conversation Data | Legitimate Interests (Art. 6(1)(f)) | Legitimate Interests (Art. 7(IX)) | Indefinite (anonymized) |
| Fraud Detection and Security | Identifiers, Usage Data, Transaction Data | Legitimate Interests (Art. 6(1)(f)) | Legitimate Interests (Art. 7(IX)) | 36 months |
| Marketing Communications | Email Address, Marketing Preferences | Legitimate Interests / Consent (Art. 6(1)(a)/(f)) | Consent (Art. 7(I)) / Legitimate Interests (Art. 7(IX)) | Until unsubscription |
| Customer Support | Communications Content, Account Data | Contract (Art. 6(1)(b)) | Contract (Art. 7(V)) | 3 years |
| Legal Compliance | Various | Legal Obligation (Art. 6(1)(c)) | Legal Obligation (Art. 7(II)) | Per applicable law |
APPENDIX C — KEY THIRD-PARTY SERVICE PROVIDERS
Notice: This list is updated periodically and reflects service provider relationships as of the Effective Date of this Policy. To request the complete current list of Processors processing your Personal Data, contact privacy@kinpet.com.
| Category | Provider Type | Processing Location | Transfer Mechanism (EEA/UK) |
|---|---|---|---|
| Cloud Infrastructure / Hosting | Major cloud provider (AWS/GCP/Azure) | USA (primary) | SCCs / DPF where applicable |
| AI Model API | Large language model API provider | USA | SCCs |
| Payment Processing | PCI-DSS compliant payment processor | USA / Global | SCCs / DPF where applicable |
| Mobile Analytics (iOS/Android) | Mobile analytics SDK provider | USA | SCCs / DPF where applicable |
| Email Delivery | Transactional email provider | USA | SCCs / DPF where applicable |
| Push Notifications | Push notification service provider | USA | SCCs / DPF where applicable |
| Customer Support Platform | Help desk / ticketing system provider | USA / EU | SCCs / DPF where applicable |
| Error Monitoring | Application error tracking provider | USA | SCCs / DPF where applicable |
| Authentication (optional) | Third-party identity provider (Apple/Google) | USA / Global | SCCs / DPF where applicable |
APPENDIX D — INTERNATIONAL DATA TRANSFER MECHANISMS NOTICE
For EEA Users. Personal Data transferred from the EEA to KinPet, Inc. in the United States and to our Processors in third countries is protected by one or more of the following mechanisms: European Commission Standard Contractual Clauses (SCCs) pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021, using the controller-to-processor module incorporated into our Data Processing Agreements; the EU-U.S. Data Privacy Framework (DPF) for certified U.S. service providers; and adequacy decisions for transfers to countries recognized by the European Commission as providing adequate protection. You have the right to request a copy of the applicable SCCs by contacting privacy@kinpet.com.
For UK Users. Personal Data transferred from the UK is protected by: UK International Data Transfer Agreements (IDTAs) as approved by the Information Commissioner's Office (ICO); the UK Addendum to EU SCCs approved by the ICO under Section 119A of the Data Protection Act 2018; and the UK-U.S. Data Bridge for eligible transfers to participating U.S. organizations. You have the right to request a copy of applicable transfer documentation by contacting privacy@kinpet.com.
APPENDIX E — COOKIE CLASSIFICATION TABLE
| Cookie Category | Type | Purpose | Consent Required? | Retention |
|---|---|---|---|---|
| Session authentication cookie | Strictly Necessary | Maintains your logged-in session | No | Session |
| CSRF protection token | Strictly Necessary | Prevents cross-site request forgery attacks | No | Session |
| Load balancing cookie | Strictly Necessary | Distributes server load for performance | No | Session |
| Language/locale preference | Functional | Stores your language and locale preference | Yes (EEA/UK) | 12 months |
| Notification preferences | Functional | Stores your in-app notification settings | Yes (EEA/UK) | 12 months |
| Platform analytics (first-party) | Analytics | Measures feature usage and performance | Yes (EEA/UK) | 24 months |
| Third-party analytics SDK | Analytics | Measures app usage and performance | Yes (EEA/UK) | Per provider |
| Conversion tracking pixel | Marketing | Measures effectiveness of KinPet advertising campaigns | Yes (EEA/UK) | 90 days |
| App Store referral | Analytics | Tracks which App Store drove installs | Yes (EEA/UK) | 30 days |
The in-app Cookie Consent Manager (for web-based Platform access) provides the current, complete list of cookies in use and is updated whenever cookies are added or changed.
KinPet Privacy Policy — Version 2.1 — International Production © 2026 KinPet, Inc. All Rights Reserved. Effective Date: May 25, 2026