Privacy Policy

The Services are intended for users who are at least 13 years old. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us and we will take appropriate steps to delete it.

Account and profile. When you create an account (for example through our iOS app), we collect identifiers and profile details you provide or that are created for your account, such as your user ID, email address (for email sign-in), phone number (for phone sign-in), username, display name, first and last name (if you provide them), profile biography, profile photo, and account preferences (for example whether your profile is private).

Authentication. Depending on the sign-in method you choose, authentication data is processed by our backend authentication provider. Supported methods in the app today include email and password, email one-time codes, SMS one-time codes, Sign in with Apple, and Sign in with Google. Each provider receives the data necessary to complete that sign-in flow.

Social and community features. When you use features such as friends, follows, invites, in-app notifications, direct messages in groups (“parties”), sending or receiving “kandi,” and similar interactions, we store the content of those interactions, participant identifiers, and timestamps as needed to operate the feature.

Photos and other media you upload. If you add a profile photo, party cover image, or photos in a party album, we store those files and related metadata (such as captions and which party they belong to) so they can be shown to you and, where you choose, to other users according to product rules and your settings.

Schedules, events, and locations you interact with. We store events you link to parties, festival schedules you browse or save, and your selected city or region for discovering nearby events. The app lets you pick a location from a list we provide; we store that selection to personalize results.

Waitlist (website). If you join our email waitlist on the public website, we collect the email address you submit so we can contact you about kndi.

Device and technical data. Like most online services, our servers and providers automatically receive technical information when you use the Services, such as IP address, approximate region derived from IP, browser or app version, device type, dates and times of requests, and diagnostic logs needed to keep the Services secure and reliable.

Local data on your device. The iOS app may cache certain festival schedules and related selections on your device to improve performance. That cache stays on your device unless the product syncs specific choices to your account as part of normal app behavior.

Camera (optional). If you use QR code scanning to join a party, the app accesses the device camera only when you start that flow, to read the code. We do not use the camera for other purposes without your action.

Photo library (optional). If you choose images from your photo library (for example for a profile or party photo), the app accesses only the items you select, in line with iOS photo-picker behavior.

• Create and secure your account and sessions.
• Provide core product features: profiles, search, events, parties, schedules, messaging, photos, invites, notifications, and kandi.
• Send transactional messages needed for authentication (for example email or SMS codes) and important service notices.
• Maintain waitlist communications if you signed up on the website.
• Monitor for abuse, fraud, and security issues; debug and improve stability and performance.
• Comply with law and enforce our Terms of Service.

Where GDPR or similar laws apply, we rely on one or more of the following:

• Contract — processing necessary to provide the Services you request (for example hosting your profile and party content).
• Consent — where required, for example marketing emails beyond strictly transactional notices, or optional permissions such as camera or photo access when the operating system requires consent.
• Legitimate interests — for example securing the Services, understanding aggregate usage to improve the product, and preventing abuse, balanced against your rights.
• Legal obligation — where we must retain or disclose information to comply with the law.

We use service providers to operate kndi. The following categories and examples aligned with the current codebase include:

• Supabase — hosted database, authentication, file storage (for example avatars and party photos), application APIs, and realtime updates used for features such as notifications.
• Google — if you choose Sign in with Google, Google processes data as described in Google’s policies for that sign-in flow.
• Apple — if you use Sign in with Apple or install the app from the App Store, Apple processes data under its own policies. Opening maps or links from the app may use Apple or other platforms you choose.
• SMS and email delivery — phone and email one-time codes are delivered through infrastructure configured with our authentication provider (which may use telecommunications or email delivery vendors).
• Public event sources — we integrate and store metadata about concerts and festivals from third-party sources (including EDMTrain and Clashfinder-style data in our catalog) so you can search and attach events to parties. That information is aggregated catalog data, not your private messages.

We do not sell your personal information as “sale” is defined under the CCPA/CPRA. We do not use a dedicated third-party advertising analytics SDK in the product today. If we add analytics or advertising tools in the future, we will update this policy and any required disclosures (including platform data disclosures) before they go live.

We share information with service providers who process it on our instructions to host and operate the Services. We may disclose information if required by law, legal process, or to protect the rights, safety, and security of users, us, or others. If we are involved in a merger, acquisition, or asset sale, your information may transfer as part of that transaction, subject to standard protections.

Parts of the Services are social by design. Depending on your settings and the feature, profile details, messages, photos, and activity may be visible to other users you interact with (for example members of the same party).

We may process and store information in the United States and other countries where we or our providers operate. Those countries may have different data protection laws than your own. Where required, we use appropriate safeguards (such as contractual clauses) for international transfers.

We keep information for as long as your account is active and as needed to provide the Services. We may retain certain records after you close your account where required by law or for legitimate purposes such as security backups, dispute resolution, and enforcing our agreements. Technical logs are typically retained for a limited period.

We use administrative, technical, and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

Depending on where you live, you may have rights to access, correct, delete, or export personal information we hold about you, and to object to or restrict certain processing. You may also have the right to withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal.

California residents (CCPA/CPRA). You have the right to know categories and specific pieces of personal information we collect, the right to delete personal information subject to exceptions, and the right to correct inaccurate information. We do not sell or share personal information for cross-context behavioral advertising as defined by CPRA. You may designate an authorized agent where permitted by law.

To exercise rights, contact privacy@kndi.app. We may need to verify your request. You may also have the right to lodge a complaint with a supervisory authority in your country.

Apple requires a public Privacy Policy URL for apps distributed through the App Store. Information you provide in App Store privacy labels and product settings should match this Policy and how the app actually behaves.

We do not use App Tracking Transparency prompts for cross-app tracking in the current product because we do not integrate standalone third-party ad tracking SDKs for that purpose. If that changes, we will update the app and this Policy accordingly.

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. If changes are material, we will provide additional notice as appropriate (for example, an in-app notice or email where we have your address).