Privacy Policy

    How we collect, use, and protect your personal information.

    Last updated: May 2026

    1. Introduction and Scope

    Kinlyst Pty Ltd (“we”, “us”, “our”, or “the Company”) is committed to protecting your privacy and ensuring you have a positive experience when you interact with our products and services. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

    This Privacy Policy applies to all personal information we collect through:

    • Our website at kinlyst.com.au
    • Our mobile application (iOS and Android)
    • Email communications with us
    • Any related services we provide

    By accessing or using any of these, you consent to the terms of this Privacy Policy.

    Where it is lawful and practicable, you may interact with our website without identifying yourself or providing personal information. Browsing our website does not require an account or a mailing-list subscription. Features that depend on knowing who you are — such as the mailing list, account creation, and signed-in features in our mobile application — require the information described in Section 2.

    2. What Personal Information We Collect

    We aim to collect only the personal information we need to operate our services. The categories of information we may collect are:

    2.1 Mailing list information

    If you sign up to our mailing list through our website, we collect your email address.

    2.2 Account information

    If you create an account in our mobile application or, in the future, on our website, we collect:

    • Your email address, used to identify and sign you in to your account.
    • Your phone number, where you choose to sign in using a phone-based one-time code.
    • A display name you choose to associate with your account.
    • An opaque account identifier issued by our sign-in provider (see Section 6), used to link your information together within our systems.

    2.3 Information you provide

    We may invite you to provide additional information through forms, surveys, onboarding flows, free-text fields, or other inputs within our website or mobile application. This may include information about your family — for example, the names, ages, or birth dates of your children — or sensitive information such as health information, where you choose to provide it. Where this is the case, the purpose of the collection will be made clear at the point of collection, and providing the information is voluntary.

    Information you provide about a child is treated as your personal information for the purposes of this Privacy Policy. Our services are intended for use by adults, and we do not knowingly collect personal information directly from children.

    Where the information you provide is sensitive information (as defined in section 6 of the Privacy Act 1988), including health information, we will only collect it with your consent and where it is reasonably necessary for one or more of our functions or activities.

    2.4 Information from Patreon

    If you support Kinlyst on Patreon and your Patreon support is linked to your Kinlyst account, we receive a limited set of information about your support from Patreon. This consists of:

    • The display name associated with your Patreon account.
    • The email address associated with your Patreon account.
    • Your current support tier.
    • Your current pledge amount.
    • The duration of your support.
    • Your total lifetime support to Kinlyst.
    • Whether you are currently an active supporter.

    This collection only applies if you both maintain an account on Patreon and have chosen to support Kinlyst there. If you do not have a Patreon account, or you have a Patreon account but are not a supporter of Kinlyst, we do not receive any of this information about you from Patreon.

    Your relationship with Patreon, and any other information Patreon collects about you, is governed by Patreon’s own privacy policy and terms of use.

    2.5 Usage and analytics information

    When you use our website or mobile application, we collect limited information about how you interact with them. This includes:

    • Pages or screens you view, and events such as taps or form interactions.
    • Technical information about your device or browser, such as the user agent string, app version, and approximate screen size.
    • A session identifier that distinguishes one visit from another but is not retained across sessions.
    • A short-lived anonymous network identifier, derived by combining your IP address and browser/device information with a secret that we rotate every day. The result is a hashed value that allows us to count unique visitors within a day without retaining your IP address.
    • If you are signed in, the opaque account identifier described in Section 2.2, so that we can understand how the product is used by signed-in users.

    We do not collect:

    • Your raw IP address (it is used briefly to compute the anonymous network identifier described above and then discarded).
    • Advertising identifiers such as Apple’s Identifier for Advertisers (IDFA) or the Android Advertising ID (AAID).
    • Geolocation information from your IP address.
    • Sensitive information about your health, beliefs, or any similar matters, except where you have explicitly chosen to provide it to us at the point of collection.

    Information described in Section 2.4 (“Information from Patreon”) is not used as part of our analytics. Patreon support information is kept separate from the usage and analytics information described in this section.

    2.6 Information you send us by email

    When you contact us by email — for example, at the address given in Section 11 — we collect your email address and the contents of your message, along with any information you choose to include. We retain the correspondence for as long as is reasonably necessary to respond to your enquiry and to keep an internal record of our communications with you.

    3. How We Collect Information

    We collect information in the following ways:

    • Website mailing-list sign-up form. When you complete our mailing-list sign-up form, you voluntarily provide your email address.
    • Account creation and sign-in. When you create an account or sign in to our mobile application (and, in the future, our website), you provide your email address and, where applicable, your phone number, and choose a display name.
    • Information you choose to provide. When you complete a form, respond to a survey, or otherwise enter information into our website or mobile application, you voluntarily provide that information.
    • From Patreon. When you support Kinlyst on Patreon and link your Patreon support to your Kinlyst account, we receive the information described in Section 2.4 from Patreon. The link is made by matching the email address on your Patreon account against the email address on your Kinlyst account.
    • Automatic collection. When you use our website or mobile application, our own first-party analytics components automatically collect the usage and analytics information described in Section 2.5. We do not use third-party analytics services for this purpose.

    4. Why We Collect Information

    We collect personal information for the following purposes:

    • Mailing list distribution. To send you emails and newsletters containing updates and information about our services.
    • Authentication and account management. To verify your identity when you sign in, to provide you with access to your account, and to send you essential account-related communications (such as one-time sign-in codes).
    • Providing our services. To deliver the features of our website and mobile application to you, including any features that depend on information you provide.
    • Recognising and communicating with our Patreon supporters. To acknowledge your support, deliver any supporter benefits associated with your tier, and communicate with you about your support. We may contact Patreon supporters through Patreon’s own messaging features, through email (see Section 6), or both.
    • Understanding how our services are used. To measure aggregate usage of our website and mobile application, identify problems, improve our content and product, and detect abuse.
    • Legal and security purposes. To comply with our legal obligations, enforce our terms, and protect the security and integrity of our services.

    We will not use your personal information for any other purpose without your consent.

    5. How We Store and Protect Information

    5.1 Storage location

    All personal information we collect is stored on cloud infrastructure located in Australia. Analytics events are stored in a data warehouse in the same Australian region. Personal information collected through our services does not leave Australia for storage, except where it is shared with the overseas recipients identified in Section 6 for the limited purposes described there.

    5.2 Retention

    • Mailing list: we retain your email address for as long as you remain subscribed. When you unsubscribe, we will remove your email address from our mailing list within a reasonable timeframe.
    • Account information: we retain your account information for as long as your account remains active. If you ask us to delete your account, we will delete or de-identify your account information within a reasonable timeframe, subject to any legal obligations we have to retain it.
    • Usage and analytics information: event records are automatically deleted two years (730 days) after collection.

    5.3 Security measures

    We protect your information using appropriate technical and organisational measures, including:

    • Encryption in transit. Information you send to us is protected by industry-standard SSL/TLS encryption.
    • Access controls. Access to personal information is restricted to authorised personnel.
    • Hashed identifiers. The anonymous network identifier described in Section 2.5 is derived using a one-way hash with a daily-rotating secret, so that the same visitor on different days cannot be linked.

    While we implement reasonable security measures, no method of transmission or electronic storage is completely secure. We encourage you to take appropriate precautions to protect your personal information.

    5.4 Data breach notification

    If we become aware of a data breach involving personal information we hold, we will assess the breach in line with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988 (Cth), whether or not we are required to do so as a matter of law. Where our assessment concludes that the breach is likely to result in serious harm to one or more individuals, we will notify those individuals and the Office of the Australian Information Commissioner as required by the scheme, and take reasonable steps to contain and remediate the breach.

    6. Disclosure to Third Parties

    We do not sell, trade, or rent your personal information. We do not disclose your personal information to advertising networks, data brokers, or any other party for marketing or profiling purposes. We disclose your information to third parties only in the limited circumstances described below.

    6.1 Overseas disclosure of personal information (APP 8)

    We use a small number of overseas service providers to operate our services. Where we do, we disclose to them only the personal information that is necessary for the specific service they provide. The countries to which we disclose personal information are: the United States.

    • Auth0, operated by Okta, Inc. (United States). Auth0 provides our sign-in and identity verification service. We share with Auth0 only your email address and, where you choose to sign in by phone, your phone number. No other personal information about you is held by Auth0.
    • Resend (United States). Resend delivers transactional emails on our behalf, such as one-time sign-in codes, account-related notifications, and communications with Patreon supporters. We share with Resend only the email address required to deliver the relevant message and the content of the message itself.

    Where we disclose your personal information to overseas recipients, we take reasonable steps to ensure those recipients handle your information in a manner consistent with the Australian Privacy Principles.

    6.2 Patreon

    We use Patreon (operated by Patreon, Inc., United States) as a platform for accepting and managing supporter memberships. Patreon is not a service provider we disclose personal information to; rather, it is a third party from which we receive information about supporters, as described in Section 2.4.

    We may contact you through Patreon’s own messaging features in connection with your support. When we do, the message is delivered through Patreon’s platform and is subject to Patreon’s own privacy policy and terms of use, which govern your relationship with Patreon directly.

    Patreon is based in the United States. Information that originates with Patreon is transferred to Australia when we receive it, and is then stored on our Australian cloud infrastructure alongside your other account information.

    6.3 Other service providers

    We may engage other service providers (for example, our cloud hosting providers) to process information on our behalf under strict confidentiality arrangements. Where those providers are based in Australia, or store information in Australia on our behalf, your information remains within Australia.

    6.4 Legal and regulatory disclosures

    We may disclose your information where we are required or permitted to do so by law, including in response to a court order, subpoena, or lawful request from a government or regulatory body.

    6.5 Business transfers

    In the event of a merger, acquisition, restructure, or sale of assets, your information may be transferred as part of that transaction. Where this happens, we will take reasonable steps to ensure your information continues to be handled in accordance with this Privacy Policy.

    6.6 Third-party links

    Our website and mobile application may contain links to third-party websites or services — for example, to our Patreon page. When you follow such a link, you leave our services, and any information you provide to the third party is subject to that third party’s own privacy practices. We are not responsible for the content or privacy practices of third-party websites or services that are linked from our own.

    7. Your Rights: Access, Correction, and Deletion

    Under the Australian Privacy Principles (in particular APP 12 and APP 13), you have the right to:

    • Access the personal information we hold about you.
    • Request correction of any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading.
    • Request deletion of personal information we hold about you, subject to any legal obligations we have to retain it.

    To make a request, contact us using the details in Section 11. We will respond to your request within 30 days, and there is no charge for making a request.

    Before responding to your request, we may need to take reasonable steps to verify your identity. This is to ensure we do not disclose your personal information to someone who is not entitled to receive it.

    7.1 Deletion of analytics records

    When you ask us to delete your information, we will remove records that are linked to your account from our analytics data. Anonymous usage records collected before you signed in to your account cannot be linked back to you and therefore cannot be deleted on request. This is because the secret used to derive the anonymous network identifier described in Section 2.5 is rotated every day and is not retained, by design — which means that, after the day on which an anonymous event was collected, no one (including us) can connect that event to a specific person.

    8. Direct Marketing and Unsubscribing

    We send direct-marketing communications — such as newsletters and product updates — only to people who have signed up to our mailing list or otherwise opted in to receive them. We comply with the Spam Act 2003 (Cth) and the Australian Privacy Principles (in particular APP 7) when we send these communications.

    You may unsubscribe from our mailing list at any time by:

    • Email opt-out:clicking the “unsubscribe” link at the bottom of any email we send you.
    • Manual unsubscribe: contacting us directly using the details in Section 11 and asking to be removed.

    Upon receiving your unsubscribe request, we will remove your email address from our mailing list within a reasonable timeframe (typically within 5 business days) and stop sending you promotional emails. We may still contact you about your account or other important matters where this is necessary.

    9. Cookies, Tracking, and Analytics

    We have designed our analytics to keep our footprint on your device, and the amount of information we collect about you, as small as is practical.

    9.1 No tracking cookies

    We do not use tracking cookies. We do not set persistent identifiers on your device for the purpose of recognising you across different visits, and we do not share information with third-party advertising or analytics networks. Because we do not use tracking cookies, we do not display a cookie consent banner.

    Our website may use a small number of cookies or browser storage entries that are strictly necessary for the website to function (for example, to remember a preference you have set during your visit).

    9.2 First-party analytics

    Our analytics are operated entirely by us, on infrastructure we control and located in Australia.

    • On our website, a first-party analytics component records the events described in Section 2.5 and stores a short-lived session identifier in your browser’s local storage. This identifier is used only to group events within a single visit and is not persistent across sessions.
    • In our mobile application, a first-party analytics component records similar information. The mobile application does not use Apple’s Identifier for Advertisers (IDFA) or the Android Advertising ID (AAID), and does not display Apple’s App Tracking Transparency prompt, because we do not track your activity across other companies’ apps or websites.

    Analytics events are sent to a collector that we operate ourselves and are stored in a data warehouse in Australia. We do not send your analytics data to any third-party analytics provider.

    9.3 Identified events for signed-in users

    When you are signed in to your account, the analytics events generated by your activity are tagged with the opaque account identifier described in Section 2.2, so that we can understand how the product is used by signed-in users. We do notinclude your email address, phone number, display name, or any other directly identifying information in event data — only the opaque identifier.

    If you have not signed in, your events are not linked to any account identifier.

    9.4 App permissions

    Our mobile application may request permissions from your device — for example, to send you push notifications, to access your camera or photo library, or to use other device features — only when these are required for a specific feature you have chosen to use. You can review and revoke any of these permissions at any time in your device settings. Revoking a permission may limit the functionality of the relevant feature, but does not otherwise affect your use of the application.

    10. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time as our services evolve or as the law requires. The “Last Updated” date at the top of this policy indicates when it was last revised.

    Where a change materially affects how we handle your personal information, we will take reasonable steps to bring the change to your attention — for example, by posting a notice on our website or notifying you by email.

    Your continued use of our website, mobile application, or other services after the updated policy is published constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy from time to time.

    11. Contact Information

    If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

    Kinlyst Pty Ltd
    Email: hello@kinlyst.com.au
    Website: www.kinlyst.com.au

    We will respond to your enquiries within 5 business days.

    12. Complaints

    If you believe we have breached the Privacy Act 1988 or the Australian Privacy Principles, you have the right to lodge a complaint.

    12.1 Internal complaint

    Please first submit your complaint to us using the contact details in Section 11. We will investigate and respond within 30 days.

    12.2 External complaint to the OAIC

    If you are not satisfied with our response, or wish to lodge a complaint directly with the regulator, you can contact the Office of the Australian Information Commissioner (OAIC):

    Office of the Australian Information Commissioner
    Email: enquiries@oaic.gov.au
    Phone: 1300 363 992
    Website: www.oaic.gov.au
    Post: GPO Box 2999, Canberra ACT 2601

    The OAIC is the independent authority responsible for enforcing the Privacy Act 1988 and can investigate complaints about alleged breaches of the Australian Privacy Principles.

    This Privacy Policy is provided by Kinlyst Pty Ltd and is intended to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. For the most current version, please visit this page on our website.