Privacy Policy

1. Who we are

Kin is a wellness events discovery platform operated as a personal project by Jeremy Bond, based in London, United Kingdom (“we”, “us”, “our”). You can contact us at hello@kin.events.

We are committed to protecting your personal data and acting transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What data we collect

• Account data: your email address and, if you sign in with Google, your name and Google account ID.
• Usage data: events you bookmark or save.
• Content you submit: event details (title, description, venue, date, etc.) if you list an event on the platform.
• Technical data: IP address, browser type, and access logs collected automatically by our hosting provider (Vercel) and authentication service (Supabase).

We do not collect payment information. We do not use advertising or ad-tracking technologies.

3. How we use your data

• To create and manage your account.
• To display events you've bookmarked.
• To review and moderate events you submit.
• To send transactional emails related to your account (e.g. password reset), via Supabase.
• To maintain security and prevent abuse.

4. Legal basis for processing

• Contract: processing your account data is necessary to provide the service you signed up for.
• Legitimate interests: security monitoring, abuse prevention, and improving the platform.
• Consent: if we ever send non-transactional communications, we will ask for your consent first.

5. Third-party services

We share data with the following sub-processors to run the platform:

• Supabase (auth and database) — your account data is stored in Supabase's EU infrastructure. Privacy policy.
• Vercel (hosting) — our application is deployed on Vercel, which processes request logs. Privacy policy.
• Google — if you choose to sign in with Google, your Google profile information is shared with us by Google. Privacy policy.

We do not sell your data to any third party.

6. How long we keep your data

We keep your account data for as long as your account is active. If you request deletion of your account, we will delete your personal data within 30 days, except where we are required to retain it by law.

7. Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Erase your data (“right to be forgotten”).
• Portability — receive your data in a structured, machine-readable format.
• Object to processing based on legitimate interests.
• Restrict processing in certain circumstances.

To exercise any of these rights, email hello@kin.events. We will respond within 30 days.

8. Cookies

We use cookies to maintain your login session. See our Cookie Policy for details.

9. Security

Passwords are never stored by us — authentication is handled by Supabase. All data is transmitted over HTTPS. Access to the database is controlled by Row Level Security policies.

10. Changes to this policy

We may update this policy from time to time. We will update the “Last updated” date at the top of this page. Continued use of Kin after changes are published constitutes acceptance of the updated policy.

11. Complaints

If you have concerns about how we handle your data, please contact us first. You also have the right to lodge a complaint with the UK's data protection regulator, the Information Commissioner's Office (ICO).