1. Who We Are
Kintsugi Protocol, LLC ("Kintsugi Protocol," "we," "us," or "our") operates the website kintsugiprotocol.ai and the Kintsugi Protocol coaching application (collectively, the "Service"). We are a limited liability company organized under the laws of the United States.
For privacy-related inquiries, contact us at: privacy@kintsugiprotocol.ai
2. What This Service Is (and Is Not)
IMPORTANT: Kintsugi Protocol is an AI-guided personal coaching tool. It is NOT therapy, psychiatry, psychology, or any form of licensed mental health treatment. Nothing in this Service constitutes medical or mental health advice. If you are experiencing a mental health crisis, please contact the 988 Suicide and Crisis Lifeline (call or text 988) or your local emergency services.
3. Information We Collect
3a. Information You Provide Directly
- Account registration: email address and authentication credentials (via Google Firebase Authentication)
- Coaching session content: text and voice inputs you submit during your 7-day coaching sessions
- Payment information: processed securely by Stripe, Inc. We do not store your payment card data
- Communications: emails or messages you send to our support team
3b. Information Collected Automatically
- Device and usage data: IP address, browser type, operating system, pages visited, session duration
- Cookies: essential authentication cookies only (to keep you logged in). We do not use advertising or tracking cookies
- Analytics: anonymized, aggregated data on which program days and features are used
3c. What We Do NOT Collect
- We do not collect biometric data
- We do not collect sensitive demographic data (race, religion, sexual orientation) unless you voluntarily share it in coaching sessions
- We do not build advertising profiles or sell your data to advertisers
4. How We Use Your Information
4a. To Deliver the Service
- Generating real-time AI coaching responses during your sessions
- Maintaining session continuity across your 7-day program
- Sending transactional emails (session recaps, between-session coaching prompts, program completion summaries)
- Processing payments via Stripe
- Providing customer support
4b. To Improve the Service
- Analyzing anonymized, aggregated usage patterns to improve coaching quality
- Monitoring system performance and security
4c. Legal Compliance
- Complying with applicable laws, regulations, and legal process
- Enforcing our Terms of Service
- Protecting the safety of users and the public
5. AI Processing & Third-Party Sub-Processors
Your session content is processed by the following third-party services to deliver the coaching experience:
- Google Cloud / Vertex AI (Gemini): powers the AI coaching engine. Google processes session content on our behalf under enterprise data processing agreements. Google does not use your specific session data to train its public AI models under our enterprise agreement.
- Google Firebase / Firestore: stores your account data, session history, and coaching artifacts (encrypted at rest)
- Google Workspace (Gmail): used to send transactional coaching emails from coach@kintsugiprotocol.ai
- Stripe, Inc.: processes all payment transactions. Stripe's privacy policy governs their handling of payment data.
We do not sell, rent, or share your personal session data with any third party for marketing, advertising, or any purpose other than delivering and improving the Service.
6. Data Security
- All data is encrypted in transit using TLS 1.2 or higher
- All data is encrypted at rest using AES-256 encryption via Google Cloud infrastructure
- Access to user data is restricted to authorized personnel only
- In the event of a data breach affecting your personal information, we will notify you in accordance with applicable law
7. Data Retention
- Account and session data: retained for the duration of your account, plus 12 months after account closure for legal and operational purposes
- Payment records: retained as required by applicable tax and financial regulations (typically 7 years)
- You may request deletion of your data at any time (see Section 9)
8. Cookies
We use essential cookies only — specifically, authentication tokens that keep you logged in during your session. We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking technologies.
You can disable cookies in your browser settings, but this will prevent you from logging in to the Service.
9. Your Rights & Data Deletion
You have the right to:
- Access: request a copy of the personal data we hold about you
- Correction: request correction of inaccurate data
- Deletion: request full deletion of your account and all associated personal data
- Portability: request your data in a portable format
- Objection: object to certain types of processing
To exercise any of these rights, contact privacy@kintsugiprotocol.ai or use the "Delete Account" option in your dashboard Settings. We will respond within 30 days.
10. California Residents — CCPA/CPRA
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights:
- Right to Know: You may request disclosure of the categories and specific pieces of personal information we collect, use, and disclose
- Right to Delete: You may request deletion of your personal information, subject to certain exceptions
- Right to Correct: You may request correction of inaccurate personal information
- Right to Opt-Out of Sale or Sharing: We do NOT sell or share your personal information for cross-context behavioral advertising
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
To submit a CCPA request, contact privacy@kintsugiprotocol.ai. We will respond within 45 days.
11. EEA, UK & International Users — GDPR
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) or UK GDPR applies to our processing of your personal data.
- Legal basis for processing: We process your personal data on the basis of (a) contract performance — to deliver the Service you purchased; (b) legitimate interests — for service improvement and security; and (c) legal obligation — to comply with applicable law
- Data transfers: Your data is processed in the United States. We rely on Standard Contractual Clauses (SCCs) for transfers of personal data from the EEA to the US
- Data Protection Officer: We do not currently have a designated DPO. For GDPR inquiries, contact privacy@kintsugiprotocol.ai
- Right to lodge a complaint: You have the right to lodge a complaint with your local supervisory authority
12. Children's Privacy
The Service is intended for users 18 years of age and older. We do not knowingly collect personal information from anyone under the age of 18. If you believe we have inadvertently collected information from a minor, please contact privacy@kintsugiprotocol.ai and we will promptly delete it.
13. Do Not Track
Our Service does not currently respond to "Do Not Track" browser signals, as there is no industry-standard interpretation of this signal. We do not use cross-site tracking for advertising purposes.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on the Service. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
