Kinship Privacy Policy (Invite-Phase Archive)

Effective date: Date of first publication of kinshiprm.app
Last updated: 2026-06-03
Version: v1.1 — pre-launch invite phase (archived 2026-06-05)


What this policy covers

This policy explains how we — S4 Solutions, LLC ("S4", "we", "us") — handle personal data on the public website at kinshiprm.app during the pre-launch invite-collection phase.

It covers what we collect when you visit the site, what happens when you request early access through the invite form, and how we treat the information you give us. It does not yet cover the Kinship application itself (which is invite-only and not yet generally available); a separate, longer Privacy Policy will accompany the product launch and will be linked from this page when ready.

If anything below is unclear, reach us through our contact form and we will explain it in plain English.


The short version

  • The only personal data we collect from you on kinshiprm.app is what you submit through the Request an Invite form: your name, email address, a short answer about what brought you to Kinship, a short description of your biggest relationship-management challenge, and whether you're open to giving us product feedback — plus an optional note on where you heard about us.
  • We use it to decide who to invite, to follow up with you personally about early access, and to learn what to build. Nothing else.
  • We store it on infrastructure we control (Supabase, US region). We do not pass it to advertising networks, data brokers, or any third party that is not directly required to operate the site.
  • We do not sell, rent, license, or share your information with employers, recruiters, or anyone else.
  • You can ask us to delete it at any time through our contact form. We will confirm deletion within 30 days.

The rest of this policy is the detail.


1. Who we are

The controller of your personal data is S4 Solutions, LLC, a Georgia limited liability company, operating the website at kinshiprm.app.

  • Privacy contact (and DSAR requests): /contact (we are not yet publishing public mailboxes during stealth-mode).
  • General contact: /contact.

We commit to responding to privacy questions within 48 hours, and to completing data-rights requests within 30 days.


2. What we collect

2.1 Information you give us through the invite form

When you submit the Request an Invite form, we collect the following fields and store them in our waitlist database.

Required:

  • Your name — so we can address you by name in any follow-up.
  • Your email address — so we can follow up about early access.
  • Which option best describes you — a single choice from a fixed list (e.g. "I recently changed jobs and lost my relationship history", "I want a private CRM I own — not my employer's"), used to prioritize and personalize follow-up.
  • Your biggest challenge managing professional relationships today — a short free-text answer that helps us understand your use case.
  • Whether you're comfortable giving us direct product feedback — a single choice from a fixed list (yes / occasionally / prefer not), so we know whether to ask you for input later.

Optional:

  • How you heard about Kinship — a short free-text answer that helps us understand which channels are working.

We do not collect your employer, phone number, IP-derived location, or any other field through the invite form. If you choose to include any other information in a free-text answer, we store only what you typed.

2.2 Information we observe automatically

When you visit kinshiprm.app, our hosting provider (Vercel) generates standard request data such as your IP address, user-agent string, request path, and timestamps in transient platform-side runtime logs. We use these logs only for security and reliability (e.g. blocking abuse, debugging errors). On our current Vercel plan, those platform-side runtime logs are retained by Vercel for approximately 1 hour and are then discarded. Our application separately emits structured error reports to Sentry (with PII — email, name, IP — stripped before transmission; see §4 subprocessors), which Sentry retains for 30 days. Neither stream is joined to your invite-form submission.

We do not use cookies, web beacons, or pixels for advertising or cross-site tracking on kinshiprm.app. We do not use ad networks. We do not build advertising profiles.

We use Google Analytics 4 (Google LLC) to measure aggregate site usage (page views, referrers, broad geography). GA4 is loaded with Google Consent Mode v2 defaulted to denied for all storage signals; the GA4 cookies (_ga, _ga_*) are only set if you accept the cookie banner. IP addresses are anonymized at collection. Advertising signals (ad_storage, ad_user_data, ad_personalization) are hard-coded to denied and Google Signals is disabled in the GA4 admin console, so GA4 data is not used for advertising, audience building, or cross-site tracking. Raw event data is retained for 2 months.

2.3 What we do not collect on this site

We do not collect: your contacts, your social-network connections, calendar data, email content, payment information, government identifiers, biometric data, precise geolocation, or any sensitive category of personal data described under GDPR Article 9 or CCPA Section 1798.140.

2.4 In-app feedback (Kinship application)

Feedback you submit through the in-app form is stored in our database with your account ID and the page/version you submitted from, so we can investigate and respond.


3. How we use it

We use your invite-form submission — your name, email, "what best describes you" answer, "biggest challenge" free-text answer, feedback-comfort preference, and "how you heard" answer — only to:

  1. Contact you personally about your invite request and early access to Kinship.
  2. Decide who to invite next, by reading your "what best describes you" and "biggest challenge" answers.
  3. Understand, in aggregate, who is asking for access and through which channels, so we can prioritize early invites and direct outreach toward audiences we can actually help.
  4. Decide whether it is appropriate to follow up with you for a short product-feedback conversation, based on the comfort level you selected.
  5. Inform what we build first — your "biggest challenge" answer is read by the small team designing the product, and may be quoted internally in anonymized or aggregated form (we will never publish or share your individual response externally without your explicit permission).
  6. Respond to your questions if you write to us directly.

We do not use your information to train AI models. We do not use it for advertising. We do not sell it. We do not pass it to recruiters, employers, outplacement firms, or data brokers.


4. Where it is stored, and who has access

Your invite-form submission is stored in a Supabase Postgres database hosted in the United States and operated under S4's account. The connection is encrypted in transit (TLS), the database is encrypted at rest, and access is restricted via row-level security and least-privilege service credentials.

Access to invite submissions is limited to the small set of S4 personnel responsible for processing invite requests. We log access internally. We do not grant access to your employer, to potential employers, to recruiters, to outplacement firms, or to anyone else.

Subprocessors used by kinshiprm.app (pre-launch invite phase)

SubprocessorWhat they do for usWhere data is processed
Supabase, Inc.Hosts the invite-submissions databaseUnited States
Vercel, Inc.Hosts the kinshiprm.app website and edge functionsUnited States (default)
Google LLCProvides Google Analytics 4 for aggregate site-usage measurement (consent-gated, no ads, 2-month retention)United States
Functional Software, Inc. (Sentry)Captures application error reports for reliability monitoring. PII (email, name, IP) is stripped from payloads before transmission; 30-day retention on the Sentry free tier.United States

We will keep this list current. The complete, canonical list of subprocessors used by Kinship — including the AI subprocessors used by paid-tier AI Features (Anthropic, PBC and MongoDB, Inc. / Voyage AI) and the legal-entity name, function, processing region, and DPA for each — is published at /legal/subprocessors. The four entries in the table above are the subset currently used by kinshiprm.app in the pre-launch invite phase.


5. How long we keep it

  • Invite submissions are retained until earliest of: (a) you ask us to delete them, (b) you create a Kinship account (at which point your account record supersedes the invite record), or (c) 24 months from submission with no further contact, after which we delete them automatically.
  • Server logs. Vercel platform-side runtime logs (IP, user-agent, request path, timestamps) are retained by our hosting provider for approximately 1 hour. PII-stripped application error reports sent to Sentry are retained for 30 days.
  • Email correspondence with us (e.g. privacy questions) is retained as long as needed to resolve your request, then deleted on request or per our internal retention schedule (no longer than 36 months).

If you delete your account from in-app settings, we wipe it from active systems in the same request. If you instead ask us by email or contact form (a statutory DSAR request), we will delete it from active systems within 30 days. Either way, routine encrypted backups age out within 7 days of the active-system deletion, except where a longer hold is required by law or to defend a legal claim.


6. Your rights

Regardless of where you live, you have the following rights with respect to data we hold about you. Use our contact form to exercise any of them and we will confirm action within 30 days.

  • Access — request a copy of the data we hold about you.
  • Delete — request that we delete your data. We honor deletion requests without conditions, fees, or hold periods.
  • Correct — ask us to correct any inaccurate data (most commonly, an email address).
  • Withdraw consent — withdraw your consent to be contacted at any time. Doing so does not affect prior lawful processing.

If you are in the EU/EEA, UK, or Switzerland, your legal basis under GDPR Art. 6 is consent (Art. 6(1)(a)) for adding you to the invite list and legitimate interest (Art. 6(1)(f)) for keeping minimal security logs. You additionally have the right to lodge a complaint with your local supervisory authority. If you are in California, you have the rights described in the CCPA/CPRA — including the right to know, the right to delete, and the right not to be discriminated against for exercising your rights. We do not sell or share personal information as defined by the CCPA.

Kinship — the product and the kinshiprm.app website — is offered only to residents of the United States and its territories. It is not directed at residents of the European Economic Area, the United Kingdom, Switzerland, Australia, or any other jurisdiction. We do not market Kinship in those regions, we restrict waitlist signups to U.S. addresses, and we do not knowingly collect or process the personal data of residents of those regions for any purpose beyond what is strictly required to operate the waitlist gate (i.e., to refuse the signup and show a notice). If you believe you submitted the waitlist form from outside the United States, contact us and we will delete your record. Region-specific notices (the Australian Privacy Principles, the GDPR/UK GDPR full text, the Swiss FADP supplement) will be added if and when Kinship is offered in those regions; until then they are not engaged.


7. Children

kinshiprm.app is intended for adults considering a personal relationship-management tool for their own professional life. We do not knowingly collect data from anyone under 18. If you believe a minor has submitted the form, contact us through our contact form and we will delete the record.


8. Security

We protect your data with industry-standard controls including TLS in transit, encryption at rest, least-privilege access, and audit logging. No system is perfectly secure; if we ever experience a security incident affecting your data, we will notify you in line with applicable law and our internal incident-response process.


9. International transfers

If you are outside the United States, your invite submission will be transferred to and stored on servers located in the United States. For transfers from the EU/EEA, UK, and Switzerland, we rely on the EU Standard Contractual Clauses (Module 2 — Controller to Processor) with our subprocessors, along with the UK International Data Transfer Addendum and the Swiss FDPIC adaptation. You may request a copy of the relevant transfer mechanism through our contact form.


10. Changes to this policy

We may update this policy as our pre-launch site evolves and again when the Kinship product launches. When we make a material change, we will update the Last updated date at the top of this page and, if you have submitted an invite request, email you a summary of what changed.

The full product-scope Privacy Policy applicable to the Kinship application (account, contacts, AI features, integrations, retention schedule by data category, DSAR procedure, subprocessor list, international transfers, US state-specific notices) is now published at /legal/privacy. This invite-phase policy remains here as the archived record of what we promised invite-form submitters.


11. Contact us

Privacy / data rights: /contact?topic=privacy
General questions: /contact?topic=support
Postal: S4 Solutions, LLC — postal address available on request through our contact form.

We aim to respond to all privacy requests within 48 hours.

Privacy Policy (Invite-Phase Archive) — Kinship