Privacy

The short version

We built Kinora to feel like a private place. Conversations are encrypted in our database, you can delete your account and your data at any time, and we don't sell your data to anyone. Below is the full picture.

What we collect

• Account: email, display name, date of birth (used to confirm 18+), age range, gender, timezone.
• Conversations: messages you exchange with personas, images and voice notes you send or receive, reactions, and persona configuration you create.
• Usage: credits balance, subscription status, the device platform you connect from, push notification subscription if you enable it.
• Anonymous product analytics: page views, feature usage, performance, via PostHog. No message content is sent to analytics.

How we use it

• To run conversations with the AI personas you create.
• To bill subscriptions and credits, and send you receipts.
• To send the push notifications you opt into.
• To improve the product (aggregate analytics, debugging).
• To prevent abuse and respond to reports of harmful content.

We do not sell your data. We don't use your conversations to train any model.

Where it goes

To make Kinora work, we share specific data with the following processors:

• Supabase — database, authentication, file storage. Messages and uploads are stored here.
• Anthropic — generates persona replies. Recent conversation context is sent at request time.
• OpenAI — generates persona avatars and conversation memory embeddings.
• FAL — generates in-chat images.
• ElevenLabs — generates persona voice and powers voice calls.
• Tavus — powers real-time video calls (only when you start one).
• Stripe — processes web subscription payments.
• RevenueCat / Apple / Google — process in-app subscription purchases on mobile.
• PostHog — anonymous product analytics.

Each of these only receives the data needed for the specific job. None of them are paid extra to use your data, and none have permission to use it to train their own models on our account.

Encryption

Message content and certain persona metadata are encrypted at rest using AES-256-GCM with a server-side key. We don't describe this as “end-to-end encrypted” because the server holds the key and decrypts messages to send them to model providers for replies. We hold ourselves to honest claims, not marketing ones.

Retention and deletion

You can delete your account at any time from settings. Deletion removes your messages, personas, uploaded files, push subscription, and account row. Backups are rotated within 30 days. Aggregate analytics that don't identify you may persist longer.

Your rights

Depending on where you live (EU/UK GDPR, California CCPA, others), you may have rights to access, correct, port, or delete your personal data. The delete-account flow handles most of this directly. For anything else, email us.

Children

Kinora is for adults only. You must be 18 or older to use it. If we learn that an account belongs to a minor, we delete it.

Changes

If we change this policy in a way that affects your rights, we'll notify you in the app or by email before it takes effect.

Contact

Questions, requests, or reports: privacy@kinora.so.