Kyndrify
Privacy Policy

Privacy policy.

Effective: 10 June 2026

This Privacy Policy explains how Kyndrify (operated by Through The Glass Creatives Global FZCO) collects, uses, and shares information about you.

Information We Collect

To provide the service, we collect:

  • Account information: email, password (stored only as a securely salted hash; we never store plaintext), first name, billing details (held by our payments provider, not us).
  • Content you upload: photos, voice recordings, consent videos. Stored encrypted in our managed object storage.
  • Generated renders: the videos Kyndrify creates for you.
  • Usage data: render history, credit transactions, authentication events, IP addresses for security purposes, browser type. We do not sell this data.
  • Biometric data: a face template (facial geometry) derived from your photos and consent recording, used solely to verify identity and prevent abuse. It is never used to train any model. We minimize what we keep: per-verification templates are discarded within minutes, and at most one encrypted reference template is retained while your twin exists (and no longer than the law allows). Your consent recording may be kept separately as a legal record of consent. Full details in our Biometric Information Privacy Notice.

How We Use Information

  • To generate the renders you request
  • To enforce identity and consent on every twin
  • To detect and prevent abuse (e.g., stolen-photo twins)
  • To screen uploaded media and generated output with automated content-safety systems for illegal or prohibited material (such as CSAM), and to meet mandatory-reporting obligations under applicable law
  • To process payments via our payments provider
  • To send you transactional emails (render-ready, password reset)
  • To send occasional product updates and educational or marketing emails (tips, new features, getting-started guidance). You can opt out at any time using the unsubscribe link in any such email or through your email preferences.
  • To comply with legal obligations

Sub-processors

We rely on a small set of vetted sub-processors to operate Kyndrify, covering:

  • Cloud hosting (application + worker compute, database, object storage)
  • AI inference for voice generation and video generation
  • Automated content-safety screening
  • Payment processing
  • Transactional email delivery
  • Error monitoring and product analytics (privacy-preserving)

Every sub-processor is bound by a written data-processing agreement that prohibits using your content to train any model and limits use to the service we contracted them for. The current named list is available on request at [email protected] and is embedded in the Data Processing Agreement available to enterprise customers under NDA. Sub-processor changes are announced 30 days in advance.

We never sell or share your data with marketing or advertising third parties.

Health Information (HIPAA)

Kyndrify is not HIPAA-eligible. The AI providers we rely on for voice cloning and talking-head video generation do not currently offer Business Associate Agreements covering those services. Do not upload Protected Health Information (PHI) and do not use Kyndrify to generate content that processes patient data. We will update this section if and when BAA-signed compute becomes available.

Your Rights

You have the right to:

  • Access: request a copy of your data
  • Correct: fix inaccurate information
  • Delete: remove your account and all twins. When you delete your account, your personal data (including face templates, uploaded photos and voice references, and renders) is erased promptly from our active systems; encrypted backups are overwritten as they age out of our backup-retention cycle. Your consent recording is retained separately as a legal record of consent (see Data Retention below); everything else is erased.
  • Restrict / object: ask us to stop certain processing
  • Portability: receive your data in a machine-readable format

Email [email protected] to exercise any of these rights.

Data Retention

  • Account data: while your account is active, then erased promptly on deletion
  • Consent recordings: life of twin + 7 years (legal record)
  • Render outputs: until you delete them
  • Authentication and security logs: 12 months
  • Billing records: subject to our payments provider's policy and applicable tax law

Children

Kyndrify is not directed at children under 18. We do not knowingly collect data from children. If you believe a child has provided us information, contact [email protected] and we will delete it.

International Transfers

Kyndrify is operated from the United Arab Emirates by Through The Glass Creatives Global FZCO. To deliver the service we process data in the United States (application and storage infrastructure) and in Singapore (voice synthesis), and we may use providers in other regions for specific processing tasks. If you access Kyndrify from the European Union, the United Kingdom, the UAE, or another region with data-protection laws, transfers of your data to countries without an adequacy decision are made under appropriate safeguards, such as Standard Contractual Clauses or an equivalent transfer mechanism.

Cookies

Kyndrify uses essential cookies for authentication and session management. We use a functional cookie to attribute referrals from our affiliate program (set for up to 30 days when you arrive through a referral link). We use privacy-preserving product analytics to understand how the service is used. We do not use advertising or cross-site tracking cookies, and we never sell your data. You can control non-essential cookies through your browser settings.

Security & Data Breach Notification

We protect your data with encryption in transit and at rest, strict access controls, and continuous monitoring, and we maintain an incident-response process. No system is perfectly secure. If a personal data breach occurs that is likely to affect your rights, we will notify the relevant supervisory authority without undue delay and, where the breach is likely to result in a high risk to you, we will notify you directly and explain what happened, the likely consequences, and the steps we are taking. Notifications follow the timelines required by applicable law (for example, within 72 hours of becoming aware of a qualifying breach under the EU and UK GDPR, and as required by the UAE Personal Data Protection Law).

Changes to This Policy

We may update this policy from time to time. Material changes are announced via email at least 30 days in advance.

Contact

The data controller is Through The Glass Creatives Global FZCO.
Email: [email protected]
Mailing address: Through The Glass Creatives Global FZCO, IFZA Business Park, Building A2, Nadd Hessa, Dubai Silicon Oasis, Dubai, United Arab Emirates.

Sign inBuild your twin

We use cookies for analytics to help improve Kyndrify. You can accept or decline. See our Privacy Policy.