Kindling

Privacy Policy

Last updated: July 4, 2025


1. Introduction

Welcome to Kindling B.V. (“Kindling”, “we”, “us” or “our”).
We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (“GDPR”), the ePrivacy Directive, and all other applicable data-protection laws.

This Privacy Policy explains, in plain language, how we collect, use, disclose, store, and protect your personal data when you use our website, mobile applications, and any related services (collectively, the “Services”).


2. Who we are

  • Company name: ReStride B.V.
  • Registered address: Prinsengracht 123, 1015 DL Amsterdam, The Netherlands
  • Chamber of Commerce (KvK) number: 91234567
  • E-mail: privacy@getkindling.app

We act as the Data Controller for the personal data described in this Policy.


3. Definitions

TermMeaning
Personal dataAny information relating to an identified or identifiable natural person.
ProcessingAny operation performed on personal data, such as collection, storage, or deletion.
Data subjectYou, the individual using our Services whose personal data are processed.
Data controllerThe natural or legal person which determines the purposes and means of processing personal data.
Data processorA natural or legal person which processes personal data on behalf of the controller.

4. What data we collect

CategoryDetailsLegal basis
Account dataE-mail address, password hash, preferred language, profile information you optionally add.Contract
collection and activity datacollections you create or follow, steps completed, reflections, uploaded files or images, streak metrics.Contract
Support or survey dataInformation you provide when contacting support or responding to surveys.Legitimate interest / Consent
Technical dataIP address device type, operating system, browser, time zone, and app version.Legitimate interest
Usage analyticsPage views, button clicks, session duration—collected only after cookie consent via PostHog EU Cloud.Consent
Cookie dataSee dedicated Cookie Policy for details.Consent

“Contract” = necessary to provide the Services you request.
IP addresses are truncated and stored for no longer than 7 days for security purposes.


5. How and why we use your data

  1. To create and administer your account
    We need your e-mail and password to let you sign in, manage collections, and sync progress.
  2. To deliver the core functionality
    Your activity data are processed to show streaks, reminders, and statistics.
  3. To improve the Services
    Aggregated analytics help us understand feature adoption and performance bottlenecks.
  4. To communicate with you
    We send transactional e-mails (for example, password resets) and, if you opt in, product updates.
  5. To comply with legal obligations
    We retain certain records to demonstrate GDPR compliance and fulfil tax or accounting duties.

6. Cookies and PostHog analytics

  • Our website uses a cookie consent banner that appears to visitors from the European Economic Area.
  • Non-essential cookies, including PostHog analytics, are disabled by default and activated only after you click “Accept analytics cookies”.
  • When enabled, PostHog sets first-party cookies that store a random identifier and session timestamps.
  • PostHog events are processed exclusively in the European Union (https://eu.i.posthog.com).

You can withdraw consent at any time by opening “Cookie Settings” in the footer or calling posthog.opt_out_capturing() in your browser console.


7. Data sharing and processors

We never sell your personal data, and we share it only with the following categories of recipients:

ProcessorPurposeLocationSafeguard
Supabase EUManaged PostgreSQL database, file storage, authentication.Frankfurt, DEEU-only region
PostHog EU CloudProduct-analytics platform.Frankfurt, DEEU-only region
E-mail provider (Resend)Transactional e-mail delivery.EU data centerStandard Contractual Clauses

Each processor is bound by a Data Processing Agreement and processes data solely under our instructions.


8. Data security

  • Data in transit is protected using TLS 1.3.
  • Data at rest is encrypted with AES-256.
  • Strict row-level security in Supabase ensures users can access only their own records.
  • Access to production databases is limited to authorized personnel via fine-grained IAM roles and multi-factor authentication.
  • Regular backups are encrypted and retained for 30 days.

9. Data retention

Data typeRetention period
Account dataUntil you delete your account or remain inactive for 24 months.
collection and activity dataSame as account data; deleted upon account deletion.
Analytics events12 months, then aggregated and de-identified.
Support tickets24 months after resolution.

We may retain data longer if required by law (for example, tax records).


10. International transfers

All primary data are stored in the European Union. If limited transfers outside the EEA are necessary, we rely on:

  1. Adequacy Decisions of the European Commission, or
  2. Standard Contractual Clauses together with supplementary technical and organisational measures.

11. Your rights under GDPR

You may exercise the following rights at any time, free of charge:

  • Right of access – obtain a copy of personal data we hold about you.
  • Right to rectification – correct inaccurate or incomplete data.
  • Right to erasure – request deletion (“right to be forgotten”).
  • Right to restriction – limit how we process your data.
  • Right to data portability – receive data in a structured, machine-readable format.
  • Right to object – object to processing based on legitimate interest.
  • Right to withdraw consent – without affecting prior processing.

To exercise any right, contact us at privacy@getkindling.app. We will respond within one calendar month.

If you believe that our processing violates data-protection laws, you may lodge a complaint with your local supervisory authority. Our lead authority is the Autoriteit Persoonsgegevens (Netherlands).


12. Children’s privacy

Our Services are not directed to children under 13 years of age, and we do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will delete such data immediately.


13. Changes to this Policy

We may update this Privacy Policy from time to time. Significant changes will be announced via an in-app notification or e-mail. The “Last updated” date at the top of this page will always indicate the latest revision.


14. Contact us

If you have questions about this Privacy Policy or our data practices, please contact:

Data Protection Officer
Kindling B.V.
Prinsengracht 123, 1015 DL Amsterdam, The Netherlands
dpo@getkindling.app


Thank you for trusting Kindling with your personal data.