← Back

Privacy Policy

I'm Ayush, and I built Kinet as a solo indie project. I take your privacy seriously because the whole point of Kinet is to be the file sharing tool you can actually trust. Here's exactly what happens with your data. What I Collect • Your name, email, and profile picture from Google sign-in. • File metadata — name, size, upload date, expiry, status. I never open or look at your actual files. • Download stats — how many times a link was downloaded, and when. This is for your dashboard, not mine. • Session data — auth tokens, your IP address, and browser/device info (user agent) are stored with your session for security and rate limiting. Deleted when the session expires. • Payment status — whether you're subscribed or not. Your card details go straight to Dodo Payments. I never see them. What I Don't Collect • I don't scan your files. I don't read them. I don't analyze them. • I use Databuddy for privacy-first analytics (page views and referrers only — no cookies, no personal data). No ad trackers or pixels. • I don't sell or share your data with anyone. There's no business model here that involves your data. • I don't train AI on your files. That's the whole point. See /pledge. No AI Pledge Your files will never be used to train AI models. I don't scan, analyze, or access your file contents. Period. Read the full commitment at /pledge. Why I Process Your Data (Legal Bases Under GDPR) • Contract — to run the service you signed up for (uploading, sharing, dashboard, billing). • Legitimate interest — to stop abuse with rate limiting and to maintain security. • Consent — where applicable, such as optional communications. Your Rights Under GDPR If you're in the EU/EEA/UK, you have the right to: • Access — request a copy of the personal data I hold about you. • Rectification — ask me to correct anything that's wrong. • Erasure — delete your files or your whole account from the dashboard, or ask me to do it. • Data portability — ask me to export your data in a machine-readable format. • Object — object to processing based on legitimate interest. • Restrict processing — ask me to limit how I use your data. • Withdraw consent — where processing is based on consent, you can withdraw it anytime. To exercise any of these rights, email hello@usekinet.app. I'll respond within 30 days. If you're not satisfied with my response, you have the right to lodge a complaint with your local data protection authority. Third-Party Processors Here's every service that processes your data, what they do, and where they operate: • Cloudflare R2 (Cloudflare, Inc.) — File storage. Encrypts files at rest. US/Global. • Neon (Neon, Inc.) — Database hosting. Stores account info, file metadata, download stats. US. • Vercel (Vercel, Inc.) — App hosting and serverless functions. US/Global edge. • Google (Google LLC) — OAuth sign-in. Receives your auth request, returns name/email/avatar. US. • Dodo Payments (Dodo Payments) — Payment processing. Handles card details and billing. • Upstash (Upstash, Inc.) — Rate limiting via Redis. Processes IP addresses temporarily. US. • Resend (Resend, Inc.) — Transactional email delivery. Processes email addresses when forwarding inbound emails. US. • Databuddy (Databuddy) — Privacy-first website analytics. Tracks page views and referrers. No cookies, no personal data collection. Open source. That's the full list. No ad networks, no invasive trackers, nothing else. Data Retention Periods • Files — kept until they expire (per your chosen schedule: 7, 30, 60, 90 days, or never) or you delete them. Self-destruct files are permanently deleted after the first download. • Account data (name, email, profile picture) — retained while your account exists. Deleted within 30 days of account deletion. • Session data (auth tokens, IP address, user agent) — stored for the duration of your session. Deleted when the session expires. • Download stats — retained as long as the associated file exists. Deleted when the file is deleted or expires. • Payment records — retained by Dodo Payments as required by tax and financial regulations (typically 7 years). I only store your subscription status, not card details. Security • Files are encrypted at rest on Cloudflare R2 and always transferred over TLS. • Your files go directly from your browser to R2 via presigned URLs — they never pass through my server. • When a file expires or is deleted, it's gone. No backups, no copies. Cookies I use cookies for two things: • Login sessions — to keep you signed in. • Password-protected file access — a temporary cookie is set when you unlock a password-protected file, so you don't have to re-enter the password on refresh. No tracking cookies. No third-party cookies. Kids Kinet isn't for anyone under 13. If a child signed up somehow, let me know and I'll delete the account. Changes If I change this policy in a meaningful way, I'll let you know by email or a notice on the site. Last updated: February 2026