Last updated: 18 April 2026
Kindred ("we", "us", "our") operates the Kindred mobile application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our app. We are committed to complying with the New Zealand Privacy Act 2020.
1. Information We Collect
Account Information
When you create an account, we collect your name, email address, phone number (optional), date of birth, and suburb. If you sign in with Google, we receive your name and email from your Google account.
Location Data
With your permission, we collect your device's GPS coordinates to show you nearby community members and items. You can set a home location for browsing when you are away from home. Location data is stored on our servers to enable proximity-based features.
Photos and Media
You may upload photos of items you are listing, a profile photo, identity documents for verification, and qualification certificates. These are stored securely in our cloud storage.
Messages
We store messages you send to other users through the in-app messaging system to facilitate exchanges and for safety purposes.
Usage Data
We collect information about your activity on the platform, including items listed, exchanges completed, points earned, and interactions with other users.
Emergency Contacts
You may optionally provide an emergency contact name and phone number for safety features. This information is only used in safety-related situations.
2. How We Use Your Information
We use your information to:
- Provide and maintain the Kindred service
- Connect you with nearby community members
- Facilitate item exchanges and messaging
- Operate the Kindred Points reward system
- Verify your identity when requested
- Ensure platform safety and prevent misuse
- Send you notifications about exchanges and messages
- Improve and develop new features
We do not sell your personal data to third parties.
3. Data Sharing
We share limited information with other Kindred users as part of the service (e.g. your name, suburb, profile photo, and listed items are visible to other users). Your email, phone number, date of birth, and ID verification documents are never shared with other users.
We may also share data if required by New Zealand law or to protect the safety of our users.
Third-party processors
We use the following third-party services to run Kindred. Each has been selected for its security practices and compliance posture:
- Supabase (supabase.com) — stores your account, items, messages, photos, and ID documents. Servers are located in the Asia-Pacific (Sydney) region. Supabase acts as a data processor under our instructions.
- Cloudflare Pages (cloudflare.com) — hosts the web version of the app. Cloudflare only sees requests for static files, not your data.
- Google (google.com) — if you choose to sign in with Google, we receive your name and email address from Google's OAuth service.
- Expo / EAS (expo.dev) — delivers app updates to your device.
- Brevo (brevo.com) — sends transactional emails such as account notifications. Only your email address is shared with Brevo.
- RevenueCat (revenuecat.com, United States) — if you subscribe to Kindred Supporter, RevenueCat processes subscription events between your payment provider and Kindred. Data shared: your Kindred user ID, subscription product ID, purchase/renewal/cancellation events. No payment card information is shared with RevenueCat or stored by Kindred. RevenueCat is SOC 2 certified and, under Information Privacy Principle 12 of the Privacy Act 2020, provides comparable protection to NZ standards via its Data Processing Addendum.
- Google Play Billing (play.google.com) — processes Supporter subscriptions bought through the Android app. Google handles your payment method entirely; Kindred never sees your card details. Google also collects and remits New Zealand GST on Supporter subscriptions on our behalf.
- Stripe (stripe.com, United States) — processes Supporter subscriptions bought through the Kindred web app. Stripe handles your payment method entirely; Kindred never sees your card details. Stripe is PCI-DSS Level 1 certified and, under Information Privacy Principle 12, provides comparable protection to NZ standards via its Data Processing Addendum.
We do not sell, rent, or license your personal data to any third party.
4. Data Storage and Security
Your data is stored securely using Supabase, with servers located in the Asia-Pacific (Sydney) region. All data is encrypted in transit using TLS and at rest using industry-standard encryption. Passwords are hashed using bcrypt. Authentication tokens are stored in secure, device-level storage (Keychain on iOS, Keystore on Android, localStorage on web).
ID verification documents are held in a private, access-restricted storage bucket. Only authorised Kindred administrators can view them, and only via time-limited signed URLs.
The app uses local storage on your device to maintain your session and preferences. This data remains on your device and is not transmitted to third parties.
However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
Cookies and analytics
Kindred does not use advertising cookies or third-party analytics tools (such as Google Analytics or Facebook Pixel). The web version uses only strictly-necessary browser storage to keep you signed in. We do not track your activity across other websites.
Data breach notification
In the unlikely event of a privacy breach that is reasonably likely to cause you serious harm, we will notify both you and the Office of the Privacy Commissioner as required by Part 6 of the New Zealand Privacy Act 2020. Notification will include what happened, what data was affected, and what steps we are taking.
5. Data Retention
We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law. Anonymised, aggregated data may be retained for analytics purposes.
6. Your Rights
Under the New Zealand Privacy Act 2020, you have the right to:
- Access your personal information
- Request correction of inaccurate data
- Request deletion of your data
- Withdraw consent for location tracking at any time
- Delete your account through the app
You can exercise these rights through your profile settings or by contacting us.
7. Children's Privacy
Kindred is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy in the app. Continued use of Kindred after changes constitutes acceptance of the updated policy.
9. Complaints
If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Office of the New Zealand Privacy Commissioner:
Website: privacy.org.nz
Phone: 0800 803 909
10. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:
Email: privacy@kindred.nz
Or through the in-app support channel.