Privacy Policy.

1. Information We Collect and Security

• Account Data: Email address and profile name. If you use Apple Sign-In, we may receive and process a randomized, encrypted email address provided by Apple ("Hide My Email") to maintain your anonymity.
• User Content: Family tree structures, text inputs, and photos.
• Audio Data: Voice recordings submitted for Speech-to-Text.
• Sensitive Information: Through voice stories, you may voluntarily provide data regarding ethnic origin, religious beliefs, or health history of family members. By providing this information, you give explicit consent for its processing to fulfill the Service's purpose.

All personal data and audio recordings are encrypted in transit (using HTTPS/TLS) to ensure data security.

2. Tracking Technologies, Device Data, and Cookies (UK PECR & DUAA 2025)

In compliance with the Privacy and Electronic Communications Regulations (PECR) and the Data Use and Access Act 2025, we collect specific data necessary for the Service to function.

For Mobile Apps: This includes push notification tokens, crash reports via Google Firebase, and essential technical identifiers.

For Web Version: We use essential cookies and similar tracking technologies solely to maintain user sessions, authenticate accounts, and ensure website security. We do not use cross-site tracking or third-party cookies for behavioral advertising.

3. Legal Basis for Processing (UK GDPR)

We process your data based on:

(a) Contract: To provide the Service;

(b) Consent: For push notifications and processing of sensitive categories of data;

(c) Legitimate Interest: For app stability and fraud prevention.

4. Data Storage and Cross-Border Transfers

Data is stored on DigitalOcean servers in Frankfurt, Germany. Audio/text are temporarily transmitted to third-party AI providers (OpenAI, Google, Anthropic) in the US under Standard Contractual Clauses (SCCs).

5. Voice Data and Biometrics

We do not use voice data for biometric identification. Audio is processed strictly for transcription and is permanently deleted from our servers following the completion of the transcription and text processing sequence. We strictly prohibit the use of your data to train AI models.

6. Third-Party Data and Right to be Forgotten

Users may add information about living relatives. By submitting such info, you represent and warrant that you have obtained explicit consent from these individuals. If your data was added without consent, contact us at policy@tellkin.app.

7. Your Data Protection Rights (UK GDPR)

You have the right to access, rectify, or erase your data. We respond to all Data Subject Access Requests (DSARs) in accordance with the streamlined procedures introduced by the UK Data Use and Access Act 2025. Contact: policy@tellkin.app.

8. CCPA and US State Privacy Laws

We do not sell or share your personal information for direct marketing. US residents may request access to or deletion of their data.

9. Law Enforcement Disclosure

We disclose info only if required by law or to protect the safety of our users.

10. Data Breach Notification

In case of a high-risk breach, we notify you and the UK ICO within 72 hours.

11. Data Retention and Account Deletion

You may delete your account directly within the App settings.

If you transfer tree rights: Your profile and voice stories are deleted, but the tree remains for other members.

If you choose full deletion: Your profile and trees are deleted within 30 days. Inactive accounts are deleted after 2 years.

Apple Sign-In Notice: If you created your account using Apple Sign-In, deleting your account within the App will erase your data from our systems, but you should also revoke the app's access within your Apple ID settings on your iOS device.

12. Children's Privacy

TellKin is not directed to children under 13 (or 16 in the EEA). In compliance with the ICO Children's Code, we do not knowingly collect data from children. If we discover such data, we will delete it immediately.

13. Data of Deceased Persons

Information about deceased individuals is managed by the family tree administrator. Legal heirs may request removal of such data by providing proof of relationship and death.

14. AI Transparency and Accuracy (EU AI Act Compliance)

Biographical texts are generated using artificial intelligence. AI may occasionally produce incorrect information. Users have the right to review, edit, or delete AI-generated content. Final editorial control remains with the user (Human-in-the-loop).

15. App Store and Google Play Data Safety Declarations

In accordance with Apple App Store App Privacy requirements and the Google Play Data Safety Declaration:

Data Shared: Text and audio are shared with AI processors under strict privacy agreements. We do not sell data to third-party advertisers or data brokers.

Security: Data is encrypted in transit and can be deleted upon request via the in-app account deletion mechanism.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes via an in-app notification or by updating the "Effective Date" on this page.

17. Contact Us & Complaints

For privacy inquiries or to file a formal complaint:

Email: policy@tellkin.app

Physical Address: Moonlight Agents Ltd, 66 Paul Street, London EC2A 4NA, England.