How we handle your data.

Partners sign in through managed authentication using email and password. Sessions live in the browser and expire automatically. Passwords are never stored in readable form.

Staff roles are separated from partner accounts. Admin access is assigned internally and cannot be self-granted by a customer.

For business owners and partners: business name, contact details, listing content, uploaded media, and the minimum account data needed to manage access and billing.

For visitors: standard traffic and usage data needed to serve the site, measure engagement, and reduce abuse.

Listings only show the fields intended for public discovery, such as business name, category, site, description, and relevant location details.

Internal account data, billing details, private notes, and most operational metrics stay private to the account owner and authorized staff.

Business and staff data is protected through row-level access controls so people can only access the records tied to their role and account scope.

Sensitive account changes are restricted to authorized internal workflows, not left to client-side state alone.

Account, listing, creative, and billing records are retained while the account is active and for a reasonable period after, primarily for support, accounting, and audit needs.

If you need a deletion or privacy request handled, use the contact path listed on the main Kin+ site.

If you believe you found a security issue, contact us privately instead of disclosing it publicly. Do not attempt to access other people's accounts or data while testing.