Privacy Policy

1. Who we are

Kindred Care Technology Ltd ("Kindred", "we", "us") operates the Kindred platform at kindredcare.app. We act as a data processor on behalf of care homes (the data controllers) for resident and family data. For staff account data, we act as a data controller.

Contact: privacy@kindredcare.app

2. What data we collect

For family members:

• Name and email address (account creation)
• Messages sent to the care home
• Visit notes, concerns, and load sharing logs you create
• Wellbeing check-in responses

For care home staff:

• Name, email address, and role
• Clinical notes entered into review forms
• Approved review content and timestamps

Resident data (special category under UK GDPR):

• Name, room, care type
• Clinical assessment data entered by nursing staff
• AI-generated care summaries (derived from clinical notes)

3. Legal basis for processing

• Contract — processing necessary to deliver the Kindred service to care homes and families
• Legitimate interests — platform security, fraud prevention, service improvement
• Vital interests — resident safety communications
• Special category data — processed under Article 9(2)(h) UK GDPR (healthcare purposes) on behalf of the care home as data controller

4. How we use your data

• Delivering care updates and communications between care homes and families
• Generating plain-English summaries of clinical notes using AI (Anthropic Claude)
• Sending email notifications when reviews are shared
• Maintaining a secure audit log of review approvals

4a. Healthcare disclaimer

Kindred is a communication platform, not a clinical tool. Content generated by Kindred's AI (including care summaries and the AI Care Advisor) is for informational purposes only and does not constitute medical advice. Families should always consult the care team or a qualified healthcare professional for clinical decisions.

5. AI processing

Clinical notes entered by care home staff are sent to Anthropic's API to generate plain-English summaries. Anthropic processes this data as a sub-processor. Data is not used to train Anthropic's models under our API agreement. No data is stored by Anthropic beyond the duration of the API call.

6. Data storage and security

All data is stored in Supabase (PostgreSQL), hosted in the EU (Ireland). Data is encrypted at rest and in transit. Access is controlled by row-level security policies. We do not sell data to third parties.

7. Data retention

• Active account data: retained while your account is active
• Care review content: retained for 7 years (care home regulatory requirement)
• Messages and notes: retained for 3 years, then deleted
• Deleted accounts: anonymised within 30 days of deletion request

8. Your rights under UK GDPR

You have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate data
• Erasure — request deletion of your data (subject to legal retention requirements)
• Portability — receive your data in a machine-readable format
• Objection — object to processing based on legitimate interests
• Restriction — request we limit how we use your data

To exercise any right, email privacy@kindredcare.app. We will respond within 30 days.

9. Cookies

Kindred uses session cookies for authentication only. We do not use advertising or tracking cookies. No third-party analytics are currently active on the platform.

10. Data Processing Agreements

Care homes using Kindred must sign a Data Processing Agreement (DPA) before resident data is entered into the platform. This agreement sets out each party's responsibilities as controller and processor under UK GDPR. Contact us to request a DPA template.

11. Changes to this policy

We will notify care home administrators and registered family members by email of any material changes to this policy at least 14 days before they take effect.