Kyndrify

DRAFT — PENDING LEGAL REVIEW. Last updated 2026-05-11.

Privacy Policy

This Privacy Policy explains how Kyndrify (operated by TTGC Inc.) collects, uses, and shares information about you.

Information We Collect

To provide the service, we collect:

  • Account information: email, password (bcrypt- hashed; we never store plaintext), first name, billing details (held by Stripe, not us).
  • Content you upload: photos, voice recordings, consent videos. Stored encrypted in Cloudflare R2.
  • Generated renders: the videos Kyndrify creates for you.
  • Usage data: render history, credit transactions, authentication events, IP addresses for security purposes, browser type. We do not sell this data.
  • Biometric data: facial geometry derived from your photos and consent videos, used solely to verify identity during the consent flow and to prevent abuse. This is sensitive biometric information subject to laws like Illinois BIPA. We retain it only while your twin exists, plus seven (7) years after deletion as a legal record.

How We Use Information

  • To generate the renders you request
  • To enforce identity and consent on every twin
  • To detect and prevent abuse (e.g., stolen-photo twins)
  • To process payments via Stripe
  • To send you transactional emails (render-ready, password reset)
  • To comply with legal obligations

Third Parties

We share data with the following service providers, each bound by their own data-processing terms:

  • Vercel — frontend hosting
  • Cloudflare R2 — file storage (photos, voice, consent videos, renders)
  • Neon — Postgres database hosting
  • Stripe — payment processing
  • AWS SES — transactional email
  • fal.ai — AI model inference (voice generation, video generation, face swap)
  • Google Cloud — worker compute for renders and (in v1.5) Vertex AI Gemini for avatar prep
  • Modal — compute for HIPAA-mode workspaces (when enabled)

We never sell or share your data with marketing or advertising third parties.

HIPAA Mode

Workspaces with HIPAA mode enabled are governed by a separate Business Associate Agreement (BAA). When HIPAA mode is on:

  • Workspaces are isolated in a HIPAA-walled storage bucket
  • All PHI access is logged in an immutable audit log (6-year retention)
  • Compute routes through Modal (BAA-eligible) rather than fal.ai
  • No analytics, ad pixels, or third-party JavaScript runs on HIPAA workspaces
  • Session timeout shortens to 15 minutes of inactivity
  • TOTP 2FA is mandatory

Your Rights

You have the right to:

  • Access: request a copy of your data
  • Correct: fix inaccurate information
  • Delete: remove your account and all twins. After a 30-day soft-delete grace period, your data is permanently purged from our systems (including face embeddings and consent videos). Backup copies in encrypted storage are purged within 60 days.
  • Restrict / object: ask us to stop certain processing
  • Portability: receive your data in a machine-readable format

Email privacy@kyndrify.com to exercise any of these rights.

Data Retention

  • Account data: while your account is active + 30 days after deletion
  • Consent recordings: life of twin + 7 years (legal record)
  • Render outputs: until you delete them
  • Authentication and security logs: 12 months
  • Audit logs (HIPAA workspaces): 6 years
  • Stripe billing records: subject to Stripe's policy and applicable tax law

Children

Kyndrify is not directed at children under 18. We do not knowingly collect data from children. If you believe a child has provided us information, contact privacy@kyndrify.com and we will delete it.

International Transfers

We process data in the United States. If you access Kyndrify from the European Union, the United Kingdom, or other regions with data protection laws, your data is transferred under appropriate safeguards (e.g., Standard Contractual Clauses).

Cookies

Kyndrify uses essential cookies for authentication and session management. We do not use advertising cookies. On non-HIPAA workspaces we may use privacy-friendly analytics (Plausible) that does not set cross-site tracking cookies.

Changes to This Policy

We may update this policy from time to time. Material changes are announced via email at least 30 days in advance.

Contact

Email: privacy@kyndrify.com
Mailing address: TBD (will be added before public launch)

Sign inBuild your twin