Skip to content

LEGAL

Privacy Policy

This is a convenience translation; the German version is authoritative.

Last updated: June 2026

KindChat — an end-to-end encrypted messenger with on-device AI protection. GDPR-compliant, no tracking, no ads, no profiling.

Controller: sonrisa ventures GmbH, Kleiststraße 35, 10787 Berlin, Germany · hi@kindchat.app

Data Protection Officer: José M. Díaz Delgado · hi@kindchat.app

1. General principles

Our processing follows these principles:

  • On-device-first: AI moderation runs primarily locally on your device. For normal moderation, no message content is transmitted to servers.
  • End-to-end encryption (E2EE): the provider has, in principle, no access to plaintext.
  • No ads, no tracking, no profiling.
  • Transparency & data minimization.
  • EU hosting.

This policy fulfills the information duties under Art. 13/14 GDPR as well as Art. 50 of the AI Act and the Digital Services Act (DSA).

2. What data we process and why

2.1 Registration and account (mandatory data)

  • Phone number (identification and Signal-protocol E2EE)
  • Device token for push notifications (APNs/FCM, standard DPA)
  • App version, operating system, device model

Purpose: provision, authentication, delivery. Legal basis: Art. 6(1)(b) GDPR. Retention: until account deletion plus statutory periods.

2.2 On-device AI moderation (core function)

Classification of text, image, video and audio happens exclusively locally. No message content is transmitted to the provider. The models reside locally; your data is not used for training. In rare doubtful cases there is a server-side escalation (see 2.3).

Purpose: protection from harmful content. Legal basis: Art. 6(1)(f) GDPR as well as Art. 6(1)(a) (consent for the Protection Circle). See AI Transparency.

2.3 Server-side escalation / Tier-2 check (exceptional case)

Short-term check on EU infrastructure; affected content is decrypted for the limited purpose, checked, and deleted without delay.

Purpose: protection from serious harm; reporting obligations for criminal offenses. Legal basis: Art. 6(1)(f) and, where applicable, (c). Deletion deadline: without delay, max. 30 days (except where a statutory retention obligation applies). No sharing other than with processors under a data-processing agreement, EU-only.

2.4 Voice messages / voice transcription

Primarily on-device; upon escalation, automated transcription for content classification. Pure content recognition, no emotion recognition (Art. 50(3) AI Act); no biometric data is stored. Legal basis as in 2.2/2.3.

2.5 Protection Circle function (optional)

  • Consent of the protected person
  • Settings and metadata of the protection relationship (not the content!)
  • Notifications about protective measures

Purpose: support in managing contacts and protective measures. Legal basis: Art. 6(1)(a) (consent, revocable). No one gains insight into message content.

2.6 Technical and security data

  • IP address (short-term, for security and abuse prevention)
  • Crash and error reports (anonymized or with consent)
  • aggregate usage statistics

Legal basis: Art. 6(1)(f).

2.7 No further data

No address book, no location data (except for explicit feature use with consent), no content for advertising or for training external models.

3. Recipients / processors

  • EU-based hosting under a data-processing agreement (e.g. Hetzner, STACKIT or comparable), no third-country transfer for content data
  • Push: Apple/Google (standard DPA, data minimization)
  • in the escalation case, only trained internal staff or specialized EU service providers under a data-processing agreement
  • no sharing with advertising networks, data brokers, or for training generative AI

Where there is a legal obligation (e.g. a court order), disclosure takes place only to the extent permitted.

4. Retention and deletion

  • Account/profile until deletion plus 30 days
  • Message content only encrypted on the devices; the provider does not store it permanently
  • Escalation data without delay, at the latest after 30 days
  • Technical logs max. 90 days

Account deletion is possible at any time in the app settings; deletion then takes place within 30 days, insofar as no statutory obligations stand in the way.

5. AI transparency under Art. 50 AI Act

AI is used exclusively for classification, not for generation; primarily on-device. We inform you during onboarding, at a moderation decision (notice “Automated check” plus a link to the complaint), and on the website and in the app. Since no synthetic content is created, there is no labeling obligation under Art. 50(2).

Details: AI Transparency page and Terms of Service, section 3.

6. Your rights (Art. 15–22 GDPR)

You have the right to access, rectification, erasure, restriction, data portability, objection and withdrawal. You also have the right to lodge a complaint with a supervisory authority, e.g. the Berlin Commissioner for Data Protection and Freedom of Information (https://www.datenschutz-berlin.de).

Contact: hi@kindchat.app; response within one month (potentially plus 2 months).

7. Security of processing

We apply technical and organizational measures according to the state of the art (E2EE via the Signal protocol, on-device AI, encryption of data at rest, access controls, regular audits). A residual risk cannot be fully excluded.

8. Changes to this Privacy Policy

We adapt this policy as needed. We inform you of material changes via in-app notification or email with reasonable notice. The current version is always available on this page (/en/privacy/).

9. Data processing on this website (kindchat.app)

Waitlist: If you sign up, we process the email address you provide solely to tell you about early access to KindChat. Legal basis: consent (Art. 6(1)(a) GDPR). You can withdraw at any time via the unsubscribe link in every email; the address is then deleted.

Website hosting: united-domains AG, region eu-central-1, Frankfurt am Main; a data-processing agreement including the EU Standard Contractual Clauses.

Analytics: We use Umami, self-hosted within the EU and privacy-friendly. It sets no cookies, stores nothing on your device, creates no personal profiles, and enables no cross-site tracking. Only aggregate, anonymous page-view counts are recorded. Google Analytics is not used. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

Supervisory authority: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstraße 219, 10969 Berlin.

10. Contact

sonrisa ventures GmbH – Data Protection, email hi@kindchat.app.

← Back to home