Privacy Policy

Last updated: 2 June 2026

This Privacy Policy explains what personal data the Kimsin app ("Kimsin", "we", "us") collects, why we collect it, how it is shared, and what choices you have. By using the App you agree to this Policy.

1. Who is the data controller

The operator of Kimsin is the data controller for the personal data described below. Contact: kz.ripple@gmail.com.

2. Data we collect

2.1 Account data

When you sign in with Google we receive your Google account email, your display name, and an internal Firebase user ID. Your email is used as the stable key for usage data and subscription state, so those survive a sign-out/sign-in cycle.

2.2 Contacts you choose to upload

If you grant the contacts permission, Kimsin reads phone numbers and the names you have saved them under from your device address book, normalises the phone numbers, and uploads each (phone, name) pair to our shared lookup index. We do not upload email addresses, postal addresses, birthdays, notes, photos, or any other field from your contacts.

In the shared index we store: the normalised phone number, each distinct name the number has been saved under, a count of how many accounts have saved that number under that name, and a timestamp of the most recent contribution. The shared index does not record who contributed a given name.

2.3 Usage data

We store the number of lookups you have performed (to enforce the free-tier limit) and the timestamp of your last contacts upload (to throttle re-uploads).

2.4 Subscription data

If you subscribe to Premium, we store the active state of your subscription, the platform (Google Play or App Store), the product ID, and the expiry timestamp. Payment details are handled entirely by Google Play / Apple and are not visible to us.

2.5 Device and diagnostic data

Our advertising and authentication providers (see Section 5) may collect device identifiers, IP address, advertising ID, and crash diagnostics under their own privacy policies. Kimsin itself does not collect analytics beyond the data described above.

3. Why we use your data

• To operate the lookup service: uploaded (phone, name) pairs power the search feature for all users.
• To enforce account limits and prevent abuse: per-account usage counters and contribution markers.
• To process subscriptions: billing through Google Play / App Store and reflecting Premium state in the App.
• To show ads to non-Premium users.
• To comply with legal obligations where applicable.

4. Legal bases (GDPR)

• Performance of a contract (Art. 6(1)(b)) — to operate the App, your account, and your subscription.
• Consent (Art. 6(1)(a)) — for reading and uploading your contacts. You can withdraw it at any time by revoking the OS permission.
• Legitimate interests (Art. 6(1)(f)) — for fraud prevention, security, and abuse mitigation.
• Legal obligation (Art. 6(1)(c)) — where we are required to retain or disclose data.

5. Third parties we share data with

• Google Firebase (Authentication, Realtime Database, Cloud Functions) — hosts our backend.
• Google Sign-In — handles authentication.
• Google Mobile Ads (AdMob) — serves ads to non-Premium users; may use the device advertising ID.
• Google Play Billing / Apple App Store — processes subscription payments.

We do not sell your personal data and we do not share the contents of your address book with any third party.

6. International transfers

Our backend (Firebase) runs in Google Cloud data centres outside your country of residence. Where required, transfers rely on Google's Standard Contractual Clauses.

7. Retention and deletion

• Delete your account in-app: Settings → Delete account. This removes your account record and signs you out permanently.
• Subscription / usage record is intentionally retained after account deletion, so that re-creating an account with the same Google email cannot reset the free-search limit or revoke an active paid subscription. To have that record erased, email kz.ripple@gmail.com.
• Contributions to the shared index: the index does not record who contributed a given name; individual contributions cannot be reversed.

8. Your rights

Depending on where you live, you may have the right to: access the personal data we hold about you; have inaccurate data corrected; have your data erased (subject to Section 7); restrict or object to certain processing; receive your data in a portable format; withdraw consent for contact uploads at any time; and lodge a complaint with your local data-protection authority. To exercise any of these rights, email kz.ripple@gmail.com.

9. Security

Data is transmitted over HTTPS and stored in Firebase Realtime Database with security rules that enforce per-user access on account data and authentication-required access on the shared lookup index. No system is perfectly secure; please report suspected vulnerabilities to the contact address above.

10. Children

Kimsin is not directed at children under 16 (or the minimum age of digital consent where you live, whichever is greater).

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be reflected by updating the "Last updated" date and, where appropriate, by an in-app notice.

12. Contact

Privacy questions or rights requests: kz.ripple@gmail.com.

This document is also available in other languages via the bar above. In case of conflict, the English version controls.