ArbolKin
A private place to preserve family stories.
Privacy and cookies
Version 2026-07-02
Updated: 2026-07-02

Privacy Policy

This policy explains what data ArbolKin processes, how it is used to operate private family workspaces, and what choices users have.

01

1. Data we process

We process account data such as email address, display name, avatar, language, session, and authentication status.

We process family data users upload or edit: trees, profiles, relationships, dates, places, stories, notes, sources, comments, suggestions, invitations, roles, and activity.

02

2. Living people and sensitive data

Information about living people may include sensitive or private data. ArbolKin includes privacy controls to hide certain data from limited roles, but users and workspace administrators remain primarily responsible for uploading and sharing that information appropriately.

03

3. Media and metadata

Files may include photos, videos, PDFs, documents, filenames, sizes, MIME types, dates, descriptions, tags, and storage paths.

Some media may contain technical or EXIF metadata, such as dimensions, dates, device, or location. When the product processes that data, it is used to display, organize, protect, or administer family media.

04

4. Invitations and communication

We process invitee emails, optional names, roles, invitation links, expiration, acceptance, revocation, and minimal records needed to deliver invitations and control access.

We may send transactional emails such as magic links, invitations, and activity digests. Those emails avoid sensitive family details when they are not necessary.

05

5. Service use and security

We record operational activity such as sign-ins, invitation acceptance, role changes, content creation or updates, errors, audit events, and technical metadata needed for security and support.

We may process derived data such as IP hash, user agent, and timestamps for audit, abuse prevention, and incident resolution.

06

6. Cookies and local storage

We use cookies and local storage necessary for authentication, sessions, language preferences, interface state, and security. We do not use advertising cookies at this stage.

Supabase and Vercel may set cookies or process technical information needed to deliver the service.

07

7. Providers

We use infrastructure and operations providers such as Supabase for database, authentication, storage, and realtime; Vercel for hosting; Resend for email; Sentry for error monitoring when configured; and GitHub for development and deployment.

These providers process data only as needed to provide their services, under their own terms, security controls, and applicable policies.

08

8. Retention, deletion, and export

We retain data while the account, workspace, or operational need exists. Some records may be kept for security, audit, backup, compliance, or dispute resolution.

Owners and administrators can export certain workspace data when the feature is available. Deletions may remain temporarily in backups or technical logs before expiring.

09

9. Rights and requests

Depending on your location, you may have rights of access, correction, deletion, portability, objection, or restriction. For requests, contact the workspace administrator or ArbolKin operator.

In family workspaces, some requests may require coordination with workspace owners because information can involve multiple people.

10

10. Security

We apply technical controls such as authentication, roles, RLS, private storage, signed URLs, environment separation, and audit records. No system is perfect; you must protect your links, sessions, exports, and devices.

11

11. Changes to this policy

We may update this policy when the product, providers, legal requirements, or data practices change. If a change is material, we may request acceptance of a new version.