KinsKins
Télécharger
Legal

Privacy Policy

Last updated : May 11, 2026

Français

Kins ("we", "our service") is a social genealogy platform built for African families. This policy explains what data we collect, why, who we share it with, and what your rights are.

1. Data Controller

Kins — contact: privacy@kins.africa.
For any data-related question: privacy@kins.africa.

2. Data We Collect

2.1. Account data

  • Email address and password (stored only as a bcrypt hash)
  • Display name you choose
  • Google identifier if you sign in with Google

2.2. Genealogy content

  • Data about the people you add to your trees: names, nicknames, birth/death dates, places, family relationships (parentage, unions, customary affiliations)
  • Photos you upload
  • Voice memos you record
  • Posts and reactions in the family feed
  • Invitations you send to others (emails)

2.3. Technical data

  • IP address, device type, OS version, app version (in our server logs)
  • Crash and error reports (via Sentry — anonymized as much as possible)
  • httpOnly cookies to keep you signed in

We do not track your browsing habits for advertising purposes. No Google Analytics, no Facebook Pixel, no third-party tracking.

3. Why We Collect This Data

  • Provide the service: create your account, store your tree, sync across your devices
  • Security: detect intrusions, prevent abuse, maintain the integrity of your account
  • Support: answer your questions
  • Product improvement: aggregate anonymous statistics to understand which features are used

4. Legal Basis (GDPR)

Processing your data is based on:

  • Performance of the contract between us (the Terms of Service) for data necessary to operate the service
  • Our legitimate interest for security and abuse prevention
  • Your consent for any optional processing (e.g., marketing emails — you can unsubscribe at any time)

5. Who We Share Your Data With

Kins never sells your data. We share it only with technical sub-processors necessary for the service:

  • Application hosting: Railway (USA, GDPR-compliant) and Vercel (USA, GDPR-compliant)
  • Database: Neon (USA/EU, GDPR-compliant)
  • File storage (photos, audio): Cloudflare R2 (international, GDPR-compliant)
  • Google authentication: Google Sign-In (if you choose this option)
  • Error tracking: Sentry (USA, GDPR-compliant)
  • Transactional email (invitations, password reset): Resend (USA, GDPR-compliant)

All sub-processors are bound by Data Processing Agreements (DPAs) requiring protection equivalent to our own.

6. International Transfers

Some sub-processors are based in the United States or outside the EU/UEMOA. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, or by adequacy decisions.

7. Data Retention

  • Account data: as long as your account is active. If you delete your account, we delete your data within 30 days (except for legal retention obligations).
  • Server logs: 90 days maximum
  • Crash reports (Sentry): 90 days
  • Photos and files: deleted together with the content they belong to

8. Your Rights

Under GDPR and equivalent legislation (including the French Data Protection Act and Senegal's Law 2008-12), you have the following rights:

  • Access: obtain a copy of your data
  • Rectification: correct inaccurate data
  • Erasure ("right to be forgotten"): request deletion of your account and data
  • Portability: export your family tree in GEDCOM format (universal standard)
  • Objection: object to certain processing
  • Restriction: request temporary suspension of processing
  • Withdrawal of consent: for processing based on your consent

To exercise these rights, email privacy@kins.africa. We respond within 30 days.

If you believe our practices are not compliant, you may file a complaint with the data protection authority of your country (CNIL in France, CDP in Senegal, etc.).

9. Security

We take the security of your data seriously:

  • Passwords hashed with bcrypt (cost 10)
  • Communications encrypted with TLS 1.2+
  • Session cookies set to httpOnly + Secure + SameSite=Lax
  • Photos and audio stored on R2 with signed access (presigned URLs with limited duration)
  • Least-privilege access on the Kins team side (few people have access to production databases)

10. Family Privacy

Genealogy involves data about third parties (family members). You are responsible for obtaining the necessary consent before adding a living person to your tree, especially for sensitive data (health, religion, orientations).

If a person added to a tree requests deletion or anonymization of their data, contact us at privacy@kins.africa.

11. Minors

Kins is not intended for children under 13. If you are under 13, do not create an account. For users between 13 and 16 in the EU, parental consent may be required depending on your jurisdiction.

12. Changes to This Policy

This policy may evolve. In case of substantial modification, we will notify you by email and/or via in-app notification at least 30 days before the changes take effect.

13. Contact

Questions, requests, complaints: