Kinovia

Legal

Privacy Policy

Effective date: 19 May 2026 ย ยทย  Last updated: 19 May 2026

๐Ÿ”’

Your family's data belongs to your family

Kinovia does not sell your data, serve you advertisements, or share your information with third parties for any commercial purpose. This policy is written to be read and understood โ€” not hidden behind legal language.

๐Ÿ‡ช๐Ÿ‡บGDPR Compliant
๐Ÿ‡ณ๐Ÿ‡ฌNDPR Compliant
๐ŸšซNo Ads
โœ‹No Data Sales
๐Ÿ”Encrypted

Our commitment to your privacy

Kinovia is a private family management application. Your family's data belongs to your family โ€” we do not sell it, share it for advertising, or use it for any purpose other than operating the service you have signed up for. This policy explains in plain language exactly what we collect, why, who can see it, and what your rights are.

1. Data controller

The data controller responsible for your personal data is: Kinovia Block 5, Flat 40, Wuse, Abuja, Nigeria Email: support@kinovia.app Website: https://kinovia.app For all data protection enquiries, including requests to exercise your rights, contact us at support@kinovia.app.

2. What personal data we collect

โ—

Account data: Your name, email address and password. Passwords are never stored in plain text โ€” they are hashed and managed by Firebase Authentication (Google LLC).

โ—

Profile data: Information you voluntarily add to your profile: date of birth, gender, location, occupation, blood group and biography.

โ—

Profile photo: Photos you choose to upload to your profile, stored in Firebase Cloud Storage.

โ—

Family relationship data: Your connections within the family tree โ€” parents, children, spouses and other relationships โ€” as recorded by you or family admins.

โ—

Location data: Your approximate location (city or district level, not street level) is recorded each time you open the app. This is used only for the Member Safety feature described in Section 5.

โ—

Documents: Files you choose to upload to the Document Vault, such as certificates, deeds and identification documents.

โ—

Communications: Messages sent through Branch Chats within your family space.

โ—

Usage data: The timestamp of your last app activity (used for the safety feature), your app version (for support), and crash reports via Firebase Crashlytics.

โ—

Device data: Your device push notification token (FCM token) for delivering notifications. Device model and Android version are only collected when you submit a bug report.

3. Legal basis for processing (GDPR, Article 6)

We process your personal data on the following legal grounds: Contract performance (Article 6(1)(b)): The core processing required to provide you with the Kinovia service โ€” account creation, family tree management, document storage, notifications and safety features โ€” is necessary for the performance of the contract between you and us. Legitimate interests (Article 6(1)(f)): We process crash reports and performance data to maintain the security and reliability of the service. Our legitimate interest in providing a secure, functioning application overrides any minimal privacy impact. Legal obligation (Article 6(1)(c)): We may process data where required to comply with Nigerian law, EU law, or the laws of other applicable jurisdictions. Consent (Article 6(1)(a)): Where we send optional communications (such as feature announcements), we rely on your consent, which you may withdraw at any time.

4. How we use your data

  • โœ“To create and manage your Kinovia account
  • โœ“To build and display your family tree and member profiles
  • โœ“To enable family communication through Branch Chats
  • โœ“To store and retrieve your documents from the Document Vault
  • โœ“To send push notifications for events, birthdays, approvals and safety alerts
  • โœ“To operate the Member Safety feature (location and inactivity alerts)
  • โœ“To identify compatible blood donors in emergencies via Blood Finder
  • โœ“To improve the app through anonymised crash and performance data
  • โœ“To respond to support requests
  • โœ“We do not use your data for advertising. We do not sell your data to any third party.

5. Location data and the Member Safety feature

Location is collected at the city or district level (approximately 10โ€“15 km accuracy) each time you open the app. It is never collected in the background. Your location is only visible to your family admins when you have been inactive for longer than the threshold you personally set (between 1 and 7 days). This is a welfare tool โ€” it exists so family members can check on each other in genuine emergencies. You can disable location access at any time in your device settings under Apps โ†’ Kinovia โ†’ Permissions โ†’ Location. If you disable location, the Member Safety feature will be limited to inactivity alerts without location information.

6. Who can see your data

โ—

Other family members: Can see your public profile information (name, photo, relationships) within your shared family space.

โ—

Family admins: Can see everything visible to members, plus your last known approximate location if you are inactive beyond your chosen threshold.

โ—

Your private documents: Are visible only to you. Admins can access them only when you are inactive beyond your safety threshold and the emergency access condition applies.

โ—

Kinovia: We do not routinely access individual family content. We may access data to resolve a support issue at your explicit request, or where required by law.

โ—

Firebase / Google LLC: Our technology partner. Google processes data on our behalf under a Data Processing Agreement. Firebase infrastructure is located primarily in the United States and subject to Google's security standards. See Section 8 for international transfer details.

โ—

No one else: We do not share your data with advertisers, data brokers, social networks or any third party for commercial purposes.

7. Data storage and security

  • โœ“All data is stored on Google Firebase infrastructure (Firestore database and Cloud Storage) with encryption at rest and in transit using TLS.
  • โœ“Access to data is controlled by Firebase Security Rules that enforce role-based permissions โ€” you can only read data that matches your verified family membership and role.
  • โœ“Authentication is handled by Firebase Authentication. We never store plain-text passwords.
  • โœ“Firebase App Check is used to prevent unauthorised access from non-app clients.
  • โœ“We maintain audit logs of administrative actions within each family space.
  • โœ“In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay.

8. International data transfers

Your data is stored and processed on Google Firebase servers, which are operated by Google LLC in the United States and other regions. The transfer of personal data from the European Economic Area (EEA) to the United States is carried out under Standard Contractual Clauses (SCCs) approved by the European Commission, as set out in Google's Data Processing Addendum. For transfers from Nigeria, we comply with the provisions of the Nigeria Data Protection Regulation (NDPR) 2019 regarding cross-border data transfer, including ensuring adequate data protection standards at the destination.

9. Data retention

  • โœ“Account and profile data: retained for as long as your account exists. Deleted within 30 days of account deletion.
  • โœ“Family tree entries: remain as part of the shared family history after your account is deleted but are de-linked from your personal account.
  • โœ“Documents: retained until you or a family admin explicitly deletes them.
  • โœ“Location data: the most recent location only is stored. Previous locations are overwritten each time you open the app.
  • โœ“Crash reports and performance data: retained for 90 days by Firebase Crashlytics.
  • โœ“Communications (Branch Chats): retained for as long as the family space exists.

10. Your rights

Under the GDPR and the Nigeria Data Protection Regulation (NDPR), you have the following rights: Right of access: You may request a copy of the personal data we hold about you. Right to rectification: You may ask us to correct inaccurate or incomplete personal data. Right to erasure ("right to be forgotten"): You may ask us to delete your personal data. You can also delete your account directly from within the app. Right to restriction: You may ask us to restrict how we process your data in certain circumstances. Right to data portability: You may request your data in a machine-readable format. Right to object: You may object to processing based on legitimate interests. Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time. To exercise any right, contact us at support@kinovia.app. We will respond within 30 days. Identity verification may be required before we act on a request.

11. Cookies

The public Kinovia website (kinovia.app) does not use tracking, advertising or analytics cookies. The admin console uses one session cookie (named kinovia_2fa) which is an HttpOnly, Secure cookie used solely for authenticating admin sessions. It expires after 12 hours. This cookie is strictly necessary for the security of the admin service and does not require consent under the ePrivacy Directive. No third-party tracking scripts or analytics tools are loaded on the public website.

12. Children's privacy

Kinovia is not intended for independent use by children under 13. We do not knowingly collect personal accounts from children under 13. A parent or guardian may create a family tree entry for a child within the app, but children under 13 should not hold their own active Kinovia account. If you believe a child under 13 has created an account without parental consent, contact us at support@kinovia.app and we will delete the account.

13. Regulatory compliance

Nigeria Data Protection Regulation (NDPR) 2019: Kinovia complies with the NDPR issued by the National Information Technology Development Agency (NITDA). We maintain appropriate data processing agreements, conduct data audits as required, and have implemented technical and organisational measures to protect personal data. General Data Protection Regulation (GDPR): Where our users are located in the European Economic Area, we comply with the GDPR (EU) 2016/679 in respect of those users. Compliance with other local laws: We aim to comply with data protection laws in all jurisdictions where our users are located, including but not limited to the POPIA (South Africa), PDPA (various Asian jurisdictions) and applicable privacy laws in North America, Europe and Australia.

14. Supervisory authority

If you are located in Nigeria, you have the right to lodge a complaint with the National Information Technology Development Agency (NITDA) at nitda.gov.ng. If you are located in the European Union or European Economic Area, you have the right to lodge a complaint with your local data protection supervisory authority. We encourage you to contact us first at support@kinovia.app so we can resolve your concern directly.

15. Changes to this policy

We may update this Privacy Policy when the service changes or when required by law. We will notify users of material changes through the application at least 14 days before changes take effect. Your continued use of Kinovia after changes are posted constitutes acceptance of the updated policy.

16. Contact

For any question, concern or rights request relating to this Privacy Policy or how we handle your data: Email: support@kinovia.app WhatsApp: +1 (469) 638-2893 Post: Block 5, Flat 40, Wuse, Abuja, Nigeria We take all privacy concerns seriously and aim to respond within 5 business days.
Questions? Email support@kinovia.app or visit our contact page.

Also review the rules governing use of Kinovia:

Read the Terms of Use โ†’