Kinnly
Book a Demo

Privacy Policy

Last updated: May 31, 2026

This Privacy Policy explains how Kinnly, Inc. ("Kinnly," "we," "us," or "our") collects, uses, shares, and protects personal information when schools and their communities use our platform.

We've written this policy to be as clear as possible. If you have questions, write to us at kin@kinnly.ai. We respond personally.

1. Introduction

Kinnly is a school community platform. We provide software that schools use to manage their operations, communicate with parents and students, and run their academic programs. Our customers are private schools, public schools, colleges, universities, and training academies.

This policy applies to:

  • Visitors to our website at kinnly.ai
  • Schools that subscribe to Kinnly as customers
  • School staff, teachers, parents, students, and other end users who access Kinnly through their school
  • Anyone who contacts us, books a demo, or applies to be a founding partner

Two important roles to understand: when a school subscribes to Kinnly, the school is the data controller for the personal information of its students, parents, staff, and other community members. We act as the data processor on behalf of the school. This means the school decides what data is collected through Kinnly and how it is used. We process that data according to the school's instructions and the terms of our agreement with the school. When you visit our website, request a demo, or apply to be a founding partner, we act as the data controller for your personal information.

2. Information We Collect

We collect different types of information depending on how you interact with Kinnly.

2.1 Information schools provide to us as their processor — When a school uses Kinnly, the school may upload or generate personal information including: student information (names, dates of birth, grade levels, attendance records, academic performance, behavioral records, health-related information that the school chooses to track), parent and guardian information (names, contact details, payment information, communication history), staff information (names, roles, contact details, employment records, payroll information), and school operational data (schedules, finances, expenses, vendor information). The specific data each school provides depends on how the school configures Kinnly.

2.2 Information we collect when you visit our website or contact us directly — When you interact with us as a website visitor, demo requester, or applicant: contact information (name, email, phone, school name, country, role), communication content (messages, demo preferences, founding partner application responses), technical information (IP address, browser type, device type, referring URL, pages visited), cookie and usage data.

2.3 Information collected automatically when end users use the platform — When schools deploy Kinnly: login and session information (timestamps, IP addresses, device types), geo-location data when geo-attendance features are enabled by the school, in-app activity (features used, messages sent, files uploaded, attendance recorded, payments processed), performance data (error logs and platform usage data we use to maintain and improve the service).

2.4 Sensitive personal information — Kinnly may process sensitive personal information when schools choose to record it: health information about students (allergies, medications, medical conditions) when schools enable the optional Health Records feature, behavioral and disciplinary records when schools track these, financial information when schools process payments through Kinnly. We process sensitive personal information only when the school has a lawful basis under applicable law and only as the school instructs us. Sensitive data receives heightened protection: stricter access controls, encryption at rest and in transit, and additional safeguards.

2.5 Children's data — Kinnly is designed for use in educational institutions. Most data we process relates to children under the age of 18. We treat this data with extra care: we do not sell children's data, we do not use it for advertising or any commercial purpose unrelated to the educational service we provide, we do not enable third-party advertising networks to track children through our platform, we process children's data only for the purposes the school has specified in its agreement with us, we require schools (as the data controller) to obtain appropriate parental consent or use other lawful bases under applicable law, and we retain children's data only for as long as the school instructs and as required by applicable law.

3. How We Use Information

We use information for the following purposes:

3.1 To provide the service to schools and their communities — This includes hosting school data, enabling features like attendance tracking, exam generation, grading, payments, communication, and bus tracking. We process data only as the school has authorized and only for the purposes the school has specified.

3.2 To communicate with schools and direct customers — We use contact information to respond to inquiries, schedule demos, send service updates, manage founding partner applications, and provide customer support.

3.3 To improve and secure the platform — We analyze aggregated and anonymized usage data to identify bugs, improve features, and detect security threats.

3.4 To comply with legal obligations — We use data when required to comply with applicable laws, respond to lawful requests from authorities, or protect our legal rights.

3.5 What we do and don't do with personal information for AI— We use artificial intelligence in some Kinnly features, including our exam generation engine. To be specific: we do not currently use identifiable student data to train artificial intelligence models. The AI features available today rely on general educational content and curriculum data, not your school's specific records. We may, in the future, improve our AI features using anonymized and aggregated data drawn from platform usage. Anonymized means the data cannot be linked back to any individual student, parent, or staff member. We will not use identifiable student data for AI training without explicit consent from the school and, where required by applicable law, from parents or guardians. If we ever introduce a feature that uses identifiable data with consent, we will notify schools in advance, explain what the feature does, and offer a clear way to opt out. We will not sell access to AI models trained on your school's data. Any AI capability we build using platform data is used only to improve Kinnly for our customers.

3.6 What we do not do with personal information — We do not sell personal information. Ever. We do not use student personal data for targeted advertising. We do not share student personal data with advertising networks. We do not access school data for our own purposes beyond providing and supporting the service.

5. How We Share Information

We share information only in limited circumstances:

5.1 With service providers we depend on — We use trusted third-party service providers including cloud hosting providers, payment processors, email and communication service providers, analytics providers, and customer support tools. Each service provider is bound by a data processing agreement that requires them to protect personal information at a standard equivalent to ours.

5.2 With the school that controls the data — End-user data is shared with the school that subscribes to Kinnly, because the school is the data controller. Staff designated by the school can access information based on the school's permission settings.

5.3 When required by law — We may share information when legally required, such as in response to a court order, lawful request from a government authority, or to comply with regulatory obligations. We document and where lawful, notify schools of any such request.

5.4 In the event of a business transfer — If Kinnly is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred to the acquiring entity. We will notify schools and direct customers in advance and ensure that personal information continues to be protected under terms equivalent to this policy.

5.5 With your consent — In any circumstance not covered above, we share personal information only with your explicit consent.

6. International Data Transfers

Kinnly operates globally. Personal information may be transferred to and processed in countries other than the country where it was collected.

Kinnly platform data is hosted on cloud infrastructure operated by major providers with data centers in multiple regions. We select hosting regions to balance performance, regulatory compliance, and operational stability. Schools may request information about the specific hosting region applicable to their data by contacting us at kin@kinnly.ai.

For cross-border data transfers, we apply appropriate safeguards aligned with applicable law, including Standard Contractual Clauses where required, risk assessments for sensitive or large-scale transfers, and confirmation that destination countries provide adequate data protection.

7. Data Retention

We retain personal information for as long as needed to provide the service and to comply with legal obligations.

School-controlled data: retained for the duration of the school's subscription, plus any retention period the school specifies. After a school ends its subscription, we provide the school with an opportunity to export its data. Following the export window, we delete or anonymize school data within a reasonable time, except where retention is required by law.

Direct customer and visitor data: retained for as long as needed to provide our services, manage relationships, or comply with legal obligations. Inactive demo and application records are deleted after a reasonable period.

Children's data: retained only as long as the school instructs and as required by applicable law. Schools can request deletion of children's data on behalf of parents at any time.

Aggregated and anonymized data: may be retained indefinitely for analytics and product improvement, as it no longer identifies individuals.

Specific retention schedules are detailed in our agreements with school customers. [TO BE CONFIRMED WITH LEGAL REVIEW]

8. Data Security

We protect personal information using industry-standard safeguards:

  • Encryption in transit: all data transmitted between Kinnly and your device is encrypted using TLS 1.2 or higher
  • Encryption at rest: all data stored on Kinnly servers is encrypted using AES-256
  • Access control: access to personal information is restricted to authorized personnel with a legitimate business need, governed by role-based permissions
  • Audit logs: all administrative actions are logged with timestamps and user attribution
  • Backup and recovery: data is backed up daily with secure, encrypted backups stored in geographically separate locations
  • Personnel training: our team receives regular training on data protection, security, and responsible handling of children's data
  • Incident response: we maintain a documented incident response plan and notify affected parties of any data breach in accordance with applicable law

While we work hard to protect personal information, no system can be completely secure. We continuously update our practices to address new threats.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Right of access: to know what personal information we hold about you
  • Right of correction: to ask us to correct inaccurate or incomplete information
  • Right of deletion: to ask us to delete your personal information, subject to legal limits
  • Right of restriction: to ask us to limit how we use your information
  • Right of portability: to receive your personal information in a structured, machine-readable format
  • Right to object: to object to our processing of your information for certain purposes
  • Right to withdraw consent: to withdraw consent you have previously given, without affecting prior lawful processing
  • Right to lodge a complaint: to file a complaint with your local data protection authority

How to exercise your rights: if you are a parent, student, or staff member of a school that uses Kinnly, please contact your school first. The school is the data controller and decides how to respond to most requests. We support the school in fulfilling these requests. If you are a direct customer or website visitor, contact us at kin@kinnly.ai. We respond within the timelines required by applicable law (typically within 30 days).

10. Cookies and Tracking

We use cookies and similar technologies on our website and in our platform.

Essential cookies: necessary for the website and platform to function. These cannot be disabled.

Analytics cookies: help us understand how visitors use our website. We use these only with your consent where required by law. Analytics data is aggregated and does not identify individual visitors.

Functional cookies: remember preferences such as language selection.

We do not use advertising cookies or third-party tracking pixels for marketing purposes. We do not enable behavioral advertising on our platform. You can manage cookie preferences through your browser settings or through the cookie banner on our website.

12. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices, our services, or applicable law. When we make material changes:

  • We update the 'Last updated' date at the top of this policy
  • We notify school customers in advance, typically by email
  • We may also display a notice on our website or platform

We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or our practices:

Email: kin@kinnly.ai

Postal address:

Kinnly, Inc.
Delaware, United States