Skip to content
Kinsora

Privacy Policy

Last updated: May 17, 2026

In two sentences

Kinsora collects the minimum needed for you to connect safely with other women. We never sell your data, never run ads, and you can request a copy or deletion of everything at any time.

Who controls the data

Kinsora is operated by Aurea Group, responsible for collecting and processing your personal data. For anything privacy-related, contact our Data Protection Officer at the email below.

What we collect

We only collect what the service needs to work safely. No aggressive tracking, no advertising profile.

To let you sign in

  • Your email (sending the OTP login code)
  • Hashed OTP code (we never store the code in plain text)
  • Session and refresh tokens (JWT) — stored encrypted at rest

To make matchmaking work

  • Display name, profile photo (optional), short bio
  • Life phase, approximate age range, city (no exact neighborhood)
  • Approximate device location (optional, with your permission) — rounded to a roughly 5 km area on your phone before it leaves the app. Your exact location never reaches our server; we only store the cell identifier.
  • Interests and support intents you're looking for
  • Circles you belong to

To let you exist on the network

  • Messages in your conversations (only between people who gave mutual yes)
  • Posts, comments, saved items, and swap-and-give listings
  • Photos you upload for swap-and-give listings
  • Your username handle (@) — optional and public inside the app when you turn on @-search. You can hide or change it at any time.
  • Invites for circles you created or received, including any email address you type in (used only to deliver the invite — we do not store your phone's contacts)

To send notifications

  • Your device push token (Expo / FCM)
  • App platform and version

To understand usage and prevent abuse

  • Hash of your IP on public forms (waitlist), never the raw IP
  • Usage events (screens viewed, actions taken) — always aggregated
  • Technical error logs when the app crashes (no message contents)

What we use it for

  • Authentication

    Verify your email and protect your account with rotated sessions.

  • Non-romantic matchmaking

    Suggest aligned connections based on phase, city, interests, and shared circles.

  • Community safety

    Detect abuse, inappropriate content, and attempts to bypass mutual opt-in.

  • Product improvement

    Understand what works and what needs to change — without individual ad profiling.

Who we share with

Kinsora does not sell your data. We use a small set of essential providers for the service to work:

Titan Mail (Aurea Group)

Sending OTP access codes by email.

Servers in the US and India

PostHog Cloud

Aggregate product analytics. No personally identifiable data beyond your internal user ID.

US — counts as international data transfer

Sentry

Technical error capture. PII is filtered before sending.

US — counts as international data transfer

Hostinger / self-hosted KVM (Postgres, Redis, MinIO)

Database, cache, and media storage (listing photos).

Servers in Lithuania (Hostinger). Encrypted off-site backups.

Expo Push Service

Routing push notifications to your Android/iOS device.

US — counts as international data transfer

For international transfers we apply the standard clauses required by LGPD (art. 33). No provider receives data beyond what's needed for its described function.

Your rights (LGPD)

Brazil's General Data Protection Law (Law 13.709/2018, art. 18) gives you the right to:

  • Confirm whether we process your data
  • Access a copy of everything we hold about you
  • Correct incomplete, inaccurate, or outdated data
  • Request anonymization, blocking, or deletion of unnecessary data or data processed against LGPD
  • Request portability of your data to another service
  • Delete data processed based on your consent
  • Know with whom we shared your data
  • Revoke your consent at any time
  • Object to processing you consider improper

To exercise any of these rights, write to our DPO at the email at the bottom of this page. We respond within 15 business days.

Children and teenagers

Kinsora is a platform exclusively for adults 18+. We do not allow minor accounts and do not process children's data. On the swap-and-give marketplace, any photo containing children's faces is removed by moderation — children's photos are never public on our platform.

How long we keep data

We keep your data while your account exists and for the minimum period legally required after deletion. When you request account deletion, we remove your profile within 30 days; database backups are purged within 90 days. Technical logs are kept for at most 30 days.

How we protect data

  • TLS 1.2+ on all traffic (Let's Encrypt via Traefik)
  • Passwords and OTP codes stored hashed (argon2 / SHA-256 with salt)
  • Sessions with refresh tokens rotated on every use
  • Nightly encrypted off-site backups (Backblaze B2)
  • Administrative access restricted by IP and strong authentication
  • Periodic internal audit (apps/api/src/observability + Sentry)

Changes to this policy

When we update this policy materially, we notify you by email and inside the app at least 7 days before the new version takes effect. The last-updated date is always visible at the top of this page.

Contact our Data Protection Officer

Questions, access requests, corrections, deletions, or any other privacy matter:

Email: privacidade@aureagroup.org

Response within 15 business days.

← Back to home