Privacy Policy
Effective Date: March 1, 2026
Foundry NX LLC d/b/a KinTuned ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you use the KinTuned platform, website (kintuned.com), and related services (the "Service").
By using the Service, you consent to the data practices described in this policy. If you do not agree, please do not use the Service. This Privacy Policy should be read in conjunction with our Terms of Service.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Name and email address
- Password (stored as a cryptographic hash, never in plain text)
- Google account information if you sign in with Google OAuth (name, email, profile photo)
1.2 Child Profile Data
You voluntarily provide detailed information about your child, which may include:
- First name or nickname, age, and grade level
- Diagnosis information (e.g., autism, ADHD, sensory processing disorder, anxiety, ODD, dyslexia, speech delays, Down syndrome, intellectual disabilities, and other developmental differences or co-occurring conditions)
- Communication level, sensory profile, and behavioral characteristics
- Medication status (general category only, not specific medications or dosages)
- Strengths, interests, challenges, and triggers
- Therapies, school setting, and educational supports
- Strategies that have worked and strategies that have not worked
1.3 Conversation Data
We store the content of your AI chat conversations, including:
- Messages you send to the AI
- AI-generated responses
- Crisis mode interactions and post-crisis logs
- Conversation metadata (timestamps, conversation titles)
1.4 Strategy and Usage Data
We collect:
- Strategies you save, including your ratings, tags, and notes
- Feature usage patterns (which features you use, how often, session duration)
- Device and browser information (device type, operating system, browser version)
- IP address (used for security and approximate geolocation only)
1.5 Payment Information
Payment processing is handled entirely by Stripe, Inc. We do NOT store your credit card number, bank account information, or full payment details. We receive from Stripe: a customer identifier, subscription status, and billing event notifications.
1.6 Communications
If you contact us via email or in-app feedback, we retain those communications.
2. How We Use Your Information
We use the information we collect for the following purposes:
2.1 Service Delivery
- Generating personalized AI responses based on your child's profile
- Maintaining your conversation history, strategy library, and child profiles
- Providing crisis mode de-escalation guidance
- Authenticating your account and managing your subscription
2.2 Product Improvement and AI Training
- Improving the accuracy and safety of AI responses through prompt refinement and quality review
- Training, fine-tuning, and evaluating AI models using anonymized and aggregated data
- Reinforcement learning and other machine learning optimization techniques
- Expanding and curating our evidence-based knowledge base
- Identifying common user needs and developing new features
2.3 Research and Analytics
- Conducting research on behavioral intervention effectiveness using anonymized, aggregated data
- Publishing findings in academic papers, reports, and industry publications
- Generating aggregated usage analytics and product metrics
- Sharing anonymized insights with research partners, healthcare organizations, and insurance companies
2.4 Communications and Marketing
- Sending transactional emails (welcome, trial reminders, billing confirmations)
- Sending product updates and feature announcements (you may opt out)
- Responding to support requests
2.5 Safety and Security
- Detecting, preventing, and addressing fraud, abuse, and security incidents
- Enforcing our Terms of Service
- Complying with legal obligations
3. How We Share Your Information
We do NOT sell your personal information.
We share information only in the following circumstances:
3.1 Service Providers
We use the following third-party service providers who process data on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database & Auth | Account data, child profiles, conversations, strategies |
| AI Service Provider | AI Response Generation | Chat messages and child profile context (sent per-request; provider contractually prohibited from training on your data) |
| Stripe | Payment Processing | Email, subscription details, payment method (handled by Stripe directly) |
| Vercel | Hosting | Server logs, IP addresses |
3.2 Research Partners
We may share anonymized, aggregated data with academic researchers, clinical organizations, healthcare entities, and insurance companies. This data cannot identify you or your child. See our Terms of Service Section 7.3 for details.
3.3 Legal Requirements
We may disclose your information if required by law, subpoena, court order, or government request. We may also disclose information if we believe in good faith that disclosure is necessary to: (a) protect our rights, property, or safety; (b) protect the safety of any person; (c) investigate fraud or respond to a government request; or (d) comply with applicable law.
3.4 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of the transaction. We will notify you via email or prominent notice on the Service of any change in ownership or uses of your personal information.
4. Anonymization and Aggregation
4.1 Anonymization Process
Before using data for product improvement, research, or publication, we apply the following anonymization measures:
- Removal of all names (parent, child, family members, therapists, teachers, schools)
- Removal or generalization of ages (e.g., age 7 becomes "elementary-aged")
- Removal of geographic identifiers
- Removal of email addresses, IP addresses, and account identifiers
- Aggregation with data from multiple users to prevent individual identification
- Review to ensure no combination of remaining data points could enable re-identification
4.2 Irreversibility
Our anonymization process is designed to be irreversible. Once anonymized, data cannot be linked back to your account or your child.
4.3 Ongoing Use
Anonymized and aggregated data may be retained and used indefinitely, including after account deletion, as it no longer constitutes personal information.
5. Data Security
We implement commercially reasonable security measures to protect your information:
- Encryption in transit (TLS/SSL for all data transmission)
- Encryption at rest (database-level encryption via Supabase)
- Row Level Security (RLS) ensuring users can only access their own data
- Secure password hashing (bcrypt)
- API key management and access controls
- Regular security reviews and updates
No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.
6. Data Breach Notification
6.1 In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we will notify affected users as promptly as reasonably possible and in accordance with applicable state and federal law.
6.2 Notification will be provided via email to the address associated with your account and, where appropriate, via prominent notice on the Service. Notification will include: (a) a description of the nature of the breach; (b) the types of information potentially affected; (c) steps we are taking in response; and (d) steps you can take to protect yourself.
6.3 We will cooperate with applicable law enforcement and regulatory authorities as required by law in the event of a breach.
7. Data Retention
7.1 Active Accounts. We retain your personal information for as long as your account is active and as needed to provide the Service.
7.2 After Cancellation. If you cancel your subscription but do not delete your account, we retain your data so you can reactivate and access your history.
7.3 Account Deletion. Upon request, we will delete your account and associated personal information within thirty (30) days. Certain data may be retained: (a) as required by law; (b) for legitimate business purposes such as fraud prevention; (c) in anonymized and aggregated form as permitted by our Terms of Service.
7.4 Backup Retention. Copies of your data may persist in encrypted backups for up to ninety (90) days after deletion before being purged.
8. Your Rights and Choices
8.1 Access and Export. You may access and export your data at any time by contacting hello@kintuned.com. We will provide your data in a commonly used electronic format within thirty (30) days.
8.2 Correction. You may update or correct your personal information and child profile data at any time through the Service interface.
8.3 Deletion. You may request deletion of your account and associated personal information by contacting hello@kintuned.com. Deletion is subject to the retention terms in Section 7.
8.4 Opt-Out of Research Use. You may opt out of having your data used for research and publication purposes by contacting hello@kintuned.com. This does not affect the use of your data for core service delivery or product improvement. See Terms of Service Section 7.8.
8.5 Marketing Opt-Out. You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or contacting hello@kintuned.com. Transactional emails (billing, security alerts) cannot be opted out of.
8.6 California Residents. If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact hello@kintuned.com.
9. Children's Privacy (COPPA)
9.1 The Service is designed exclusively for use by adults aged 18 and older. Children of any age may not create accounts, access the Service directly, or interact with the AI in any way.
9.2 All information about children is provided by the parent or legal guardian. By creating a child profile, the parent represents and warrants that they are the child's legal guardian and consents to the collection, use, and processing of the child's information as described in this Privacy Policy and our Terms of Service.
9.3 We comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information directly from children under 13. We do not contact children, allow children to use the Service, or create accounts for children. If we learn that personal information has been submitted by or collected from a child under 13 without verifiable parental consent, we will promptly delete that information.
9.4 Parents may review, update, or request deletion of their child's information at any time through the Service interface or by contacting hello@kintuned.com. Parents may also withdraw consent for future collection or use of their child's information by deleting the child profile or their account.
9.5 We treat data about minors with heightened care. Identifiable child data is used only for direct service delivery (generating personalized AI responses). Any use beyond service delivery uses only anonymized and aggregated data from which no individual child can be identified. We do not use identifiable child data for marketing, advertising, or any purpose unrelated to the Service.
10. Third-Party Services
The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party service you access through or in connection with our Service.
10.1 AI Service Provider. Chat messages and child profile context are sent to our third-party AI service provider's API for response generation. Under our commercial agreement with our AI provider: (a) the provider does NOT use your data to train their generative AI models; (b) the provider may retain API inputs and outputs for a limited period for trust, safety, and abuse monitoring purposes, after which they are automatically deleted. We select AI providers that maintain commercially reasonable data handling practices and contractual commitments not to train on customer data. We may change AI providers at any time without notice, provided the replacement provider meets equivalent or stronger data protection standards.
10.2 Stripe. Payment data is processed by Stripe, Inc. and governed by Stripe's privacy policy (stripe.com/privacy).
11. HIPAA Disclaimer
KinTuned is NOT a healthcare service and Foundry NX LLC is NOT a covered entity under HIPAA. The information you provide is not considered Protected Health Information (PHI). While we apply strong security measures, the Service does not comply with HIPAA's specific technical and administrative requirements. Do not submit information to the Service with the expectation of HIPAA-level protections.
12. International Users
The Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We do not currently target or market the Service to users in the European Economic Area (EEA) or the United Kingdom.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least thirty (30) days before taking effect. The "Effective Date" at the top of this policy indicates when it was last updated. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:
Foundry NX LLC d/b/a KinTuned
Email: hello@kintuned.com
Website: kintuned.com