Privacy Policy
Last updated: 6 June 2026
In short
Kinton Green is a safe, private place for your family to keep passwords and important documents together. Your privacy is the whole point of it, so we have tried to write this plainly.
The most important thing to know: the things you store in your vault are encrypted on your own device before they ever reach us, using a key that only you hold. We cannot open your vault, and neither can anyone else. Your master password stays on your device and is never sent to us.
We do hold some information to run the service, such as your email address and the names you give your household and its members. This policy explains what we hold, why, who helps us process it, and the rights you have. The short version is above; the detail is below.
Who we are
Kinton Green is a service provided by Anthony Green, a sole trader trading as Kinton Green ("Kinton Green", "we", "us"). We are the data controller for the personal information described in this policy.
- Contact: support@kintongreen.co.uk
- Postal address: TODO: add before launch
- ICO registration: we are registering with the Information Commissioner's Office, and our registration number will be shown here once it is issued.
If you have any question about your privacy or this policy, please email us first. We would always rather help you directly.
What we mean by "your vault" and "your account"
It helps to separate two kinds of information:
- Your vault contents. The passwords, documents, notes and other items you choose to store. These are encrypted on your device and we only ever hold them in scrambled (encrypted) form.
- Your account information. The details needed to run the service and let your family find one another, such as your email address and the display names you choose. At this stage these are held in ordinary, readable form.
The next two sections explain exactly what falls into each.
What we can and cannot see
We have built Kinton Green so that we see as little as possible. To be honest with you about where the line currently sits:
We cannot see:
- The contents of your vault (your passwords, documents and notes). They are encrypted on your device with a key derived from your master password before they reach us. We store only the encrypted version and have no way to unscramble it.
- Your master password. It never leaves your device and is never sent to us. We could not recover it for you even if you asked, which is why your recovery key matters.
We can see (and so can the providers who host the service for us):
- Your email address.
- The display names you choose for yourself and for family members.
- Your household's name.
At this stage, that account information is stored in ordinary readable form, not encrypted. We are telling you this plainly rather than implying that everything is hidden from us. We keep this information to the minimum needed to run the service.
Documents you keep in your vault are encrypted on your device before they are uploaded. We store only the encrypted file. We cannot open it, read it, or see its name. We can see how much encrypted storage your household uses and which household and vault each file belongs to.
The information we collect, and why
Information you give us when you set up and use Kinton Green:
- Your email address (to create your account, sign you in, and send service messages such as invitations).
- A display name for yourself, and the names you give your household and any family members you invite.
- The encrypted contents of your vault (held only in encrypted form, as above).
- Your recovery key is created on your device. We store only a one-way check value derived from it, so we can confirm a recovery is genuine without ever holding the key itself.
Information we receive about invited family members. When someone invites a family member, they give us that person's email address and a display name so we can send the invitation. If you have received an invitation, this means your details were provided to us by the person who runs your household. You have the same rights over that information as everyone else, set out below.
Information we collect automatically when you use the service:
- Basic technical information such as your IP address, browser and device type, needed to deliver the service securely and to keep it working.
- The internet address (IP address) that repeated attempts to sign in or get back into an account come from, used briefly to slow those attempts down and never to track you.
- Limited usage information to understand how the service is performing and to improve it.
- Error and diagnostic information if something goes wrong, so we can fix it. We work to keep personal information out of these records.
Kinton Green is currently free to use, so we do not collect or process any payment information. If we introduce paid plans in future, we will update this policy to explain how payments are handled before any payment is taken.
You do not have to give us your information, but we need the basics, such as your email address, to create your account and provide the service. Without them, we cannot offer you Kinton Green.
Our legal bases for using your information
Under UK data protection law we must have a lawful basis for using your personal information. Ours are:
- To perform our contract with you. Most of what we do, such as storing your encrypted vault, managing your account and sending invitations, is necessary to provide the service you have asked for.
- Our legitimate interests. We use limited information to keep the service secure, prevent abuse, and understand and improve how it works. We balance this against your rights and keep it proportionate.
- Your consent. Where we rely on consent (for example, for any non-essential analytics or optional messages), you can withdraw it at any time.
- To meet a legal obligation. For example, keeping certain records that the law requires us to keep.
Who we share your information with
We do not sell your information, and we never will. We do use a small number of trusted providers to run the service. They may only process your information on our instructions. As at the date of this policy, they are:
- Supabase: secure database, sign-in and file storage. Your data is held in a data centre in London, United Kingdom.
- Resend: sending service emails such as invitations.
- Vercel: hosting and delivering the website and app.
- Cloudflare: domain name (DNS) services.
- Sentry: error and reliability monitoring.
We may also share information if the law requires it, or to protect the rights, safety or security of our family members and the service.
Where your information is stored, and transfers outside the UK
Your vault data and account information are held in the United Kingdom (London). Some of the providers above are based outside the UK (for example, in the United States). Where information is transferred outside the UK, we rely on appropriate safeguards recognised by UK law, such as UK "adequacy" rules or the Information Commissioner's standard data transfer terms, so that your information stays protected.
How long we keep your information
- Account information (such as your email and display names): for as long as your account is open, and then deleted within 7 days of your account being closed.
- Your encrypted vault contents: for as long as your account is open, and deleted when you close your account.
- Technical, usage and error information: kept for 6 months and then deleted or anonymised.
Where we no longer need information, we delete it or make it anonymous.
Children and young members
Kinton Green is made for families, and a family may include people under 18 ("young members"). We take this seriously and aim to follow the ICO's Children's code. In practice that means we keep privacy settings high by default, collect the least information we can, and do not use a child's information for marketing or profiling. An adult ("Head of House") sets up and looks after the household.
If you believe a child's information has been given to us in a way you are not comfortable with, please contact us and we will put it right.
Your rights
Under UK data protection law you have the right to:
- be informed about how we use your information (this policy);
- access the personal information we hold about you;
- ask us to correct information that is wrong or incomplete;
- ask us to delete your information ("the right to be forgotten");
- ask us to restrict or object to how we use it;
- ask for a copy of certain information in a portable format (data portability); and
- withdraw consent at any time, where we relied on it.
We do not make any decisions about you by automated means alone, and we do not use your information for profiling.
To exercise any of these rights, email support@kintongreen.co.uk. We will respond within one month, and it is normally free of charge.
How to make a complaint
If you are unhappy with how we have handled your information, please tell us first at support@kintongreen.co.uk. We will acknowledge your complaint within 30 days and do our best to put things right as quickly as we can.
You also have the right to complain to the Information Commissioner's Office (ICO), the UK's data protection regulator, at ico.org.uk or by calling 0303 123 1113. We would appreciate the chance to help before you do, but it is your right either way.
Cookies and analytics
We use a small number of strictly necessary cookies to keep you signed in and the service working. Because these are essential to provide the service you have asked for, they do not need your consent. Our analytics are privacy-friendly and do not use cookies, and our error monitoring does not use cookies to track you. As we do not use advertising or other non-essential tracking cookies, Kinton Green does not show a cookie banner. If this ever changes, we will ask for your consent first.
How we keep your information safe
Keeping your information safe is the foundation of Kinton Green. Among other measures:
- the contents of your vault are encrypted on your device before they reach us, and we cannot decrypt them;
- your master password is never sent to us;
- information is encrypted in transit between your device and our service; and
- access to our systems is limited and protected.
If someone keeps trying to sign in or get back into an account, we slow them down. That way nobody can guess their way into your vault. To spot repeated attempts, we briefly note the internet address each one comes from (the IP address), yours included. Once the check is done it's forgotten, and we never use it to track you.
No service can promise perfect security, but privacy and security are the reason Kinton Green exists, and we design for them first.
Changes to this policy
If we change this policy, we will update the date at the top and, where the change is significant, let you know before it takes effect.
Contact us
For anything about your privacy or this policy, email support@kintongreen.co.uk or write to us at TODO: add before launch.