Data Policy
Last updated: draft, not yet published.
1. Scope
This page describes, at a more technical level than our Privacy Policy, the categories of data Kintrusts processes, who processes it on our behalf, and how long it's retained.
2. Categories of Data
- Account data — email address, hashed password, role.
- Household data — invited members' email addresses and household linkage.
- Document content — names, addresses, relationships, asset descriptions, and other answers you enter to generate your documents.
- Payment records — order amount, status, and a reference ID from Stripe. We never receive or store your card number.
3. Who Processes It
- Supabase — our database, authentication, and file storage provider. Hosts all account and document data.
- Stripe — our payment processor. Handles your card details directly; we never see them.
We don't use any other sub-processors today.
4. Data Retention
Your data is retained for as long as your account is active. Deleting an individual plan removes that plan's documents. Deleting your account removes your data after a short grace period, intended to protect against accidental deletion.
5. Data Security
Data is encrypted in transit (HTTPS) and at rest, as part of our providers' infrastructure. Access to your documents is restricted to your own account through database-level access rules, not just application-level checks.
6. Your Rights
You can access, correct, export, or delete your data at any time through your account, or by contacting us using the details below.
7. Changes to This Policy
We'll post any changes to this page and update the “last updated” date above.
8. Contact Us
Questions about this policy can be sent to support@kintrusts.com or through our contact page.