Kyndrid Privacy Policy
Last Modified: 2026-01-23
Kyndrid, LLC (“Kyndrid”, “we”, “our”, or “us”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy (“Policy”). This Policy describes the types of information we may collect from you or that you may provide when you visit our website or use our products/services (collectively, the “Site” and “Services”), together with our practices for using, maintaining, protecting, and disclosing that information.
If you have a disability that limits your ability to access this Policy, please contact us at hello@kyndrid.io to receive information in an alternative format.
1. Scope, roles, and who controls the data
This Policy applies to information we collect through the Site and Services and online interactions, but not to information collected offline or through third parties we do not control.
- Website visitors / business contacts: Kyndrid is the controller/business for Site and Account Data described below.
- Client workflows (end users): When we provide intake, waiver, scheduling, or synchronization systems for a Client (e.g., gyms), the Client typically determines what data is collected and why. In those cases, Kyndrid generally acts as a processor/service provider for the Client with respect to end-user data.
If you are an end user completing forms for a Client (including waivers or a PAR-Q), you should review the Client’s privacy policy as well. We may be contractually required to direct certain requests to the Client.
2. Information we collect
A. Account Data (Client/account relationship)
We may collect personal information about Clients and their representatives, authorized users, administrators, and business contacts (“Account Data”), such as name, business email, phone number, title, company name, billing/contact details, and communications.
B. Customer / End-User Data (Client workflows)
Depending on Client configuration, the Services may collect and store end-user information such as contact details, booking metadata, signed waivers, audit trails, and documents. This may include sensitive data, such as health-related screening responses (e.g., PAR-Q) and information about minors/guardians.
C. Automatically collected data
- Device/log data (IP address, user agent, referrers, pages viewed, timestamps).
- Approximate location inferred from IP address (general region/city level).
- Cookies/identifiers for functionality, security, and analytics (where enabled).
3. How we use information
- Provide, operate, maintain, and secure the Site and Services.
- Provision accounts, authenticate users, and provide support.
- Generate documents, evidence artifacts, and audit trails; store and deliver records as configured.
- Sync data to Client-authorized third-party integrations (e.g., CRM/scheduling/document delivery).
- Monitor, prevent, and detect security incidents, abuse, and fraud.
- Improve our Services (reliability, debugging, analytics, performance).
- Comply with law and enforce agreements.
4. Marketing, remarketing, and advertising audiences
We may use Account Data (Client business contact information) to market our Services to Clients and prospective Clients, including by creating remarketing/advertising audiences (which may involve sharing hashed identifiers with advertising platforms).
We do not use Customer/End-User Data (e.g., waivers, PAR-Q, minors/guardian data, signatures, Client customers) to build advertising audiences or for cross-context behavioral advertising.
Where required by law, we provide opt-out mechanisms for activities that qualify as “sale” or “sharing” under applicable state privacy laws.
5. Cookies, analytics, and opt-out signals
We may use cookies or similar technologies for site functionality, security, and analytics. Third-party analytics providers (if enabled) may collect identifiers such as IP address and device information.
Do Not Track / Global Privacy Control: Some browsers offer “Do Not Track” signals and/or Global Privacy Control (GPC). We may not respond to all such signals uniformly. Where required by law, we will honor legally recognized opt-out signals.
You can control cookies through your browser settings. Disabling cookies may limit functionality.
6. Who we share information with
- Service providers: hosting, storage, CDN, email delivery, security/monitoring, analytics (if enabled), customer support tooling.
- Clients: for Customer/End-User Data collected through Client workflows (the Client controls access and use).
- Client-enabled integrations: CRMs, scheduling tools, document delivery providers, etc., as configured by the Client.
- Legal/safety: to comply with law, enforce agreements, and protect rights, safety, and security.
- Business transfers: merger, acquisition, restructuring, or sale of assets.
We do not sell personal information for money. If we engage in conduct that qualifies as a “sale” or “sharing” under certain state laws, we will provide required notices and opt-out mechanisms.
7. Data retention
We retain personal information for as long as reasonably necessary to fulfill the purposes described in this Policy, including providing Services, maintaining business records, complying with legal obligations, resolving disputes, enforcing agreements, and maintaining security. Retention periods may vary depending on Client configuration and legal requirements.
8. Security
We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information. No system is 100% secure; we cannot guarantee absolute security.
You are responsible for safeguarding credentials and using available security controls where applicable.
9. Children and minors
Our public website is not intended for children under 18. Client workflows may involve minors (e.g., guardian waivers). In those cases, the Client typically controls collection and consent processes.
10. California Notice at Collection (CCPA/CPRA)
This section supplements the Policy for California residents and describes categories of personal information we have collected in the past 12 months, the purposes for collection, sources, and the types of third parties with whom we may share personal information.
| Category | Examples | Business / commercial purposes | Sources | Shared with |
|---|---|---|---|---|
| Identifiers | Name, email address, phone number, postal address, online identifiers, IP address, account name, device identifiers. | Provide and secure the Site/Services; create/provision accounts; support; communications; fraud prevention; analytics; enforce agreements; comply with law; business transfers. | Directly from you; automatically from devices/browsers; from Clients (for end-user workflows); from integrations enabled by Clients. | Service providers (hosting, CDN, email, security/monitoring); Clients (for end-user records); integrations enabled by Clients; legal/safety disclosures; business transfer counterparties. |
| Customer records (Cal. Civ. Code § 1798.80(e)) | Name, signature, address, telephone number, employment title (business), payment/billing details (as applicable). | Account provisioning; billing and collections (if applicable); support; contract performance; communications; compliance and recordkeeping. | Directly from you; from Clients (their authorized users/admins); from payment processors (if enabled). | Service providers (billing/payment processors if used; support tooling); legal/safety disclosures; business transfers. |
| Commercial information | Services purchased/used, subscription tier, feature usage, support history, quotes/proposals, contract metadata. | Provide Services; support; product improvement; account management; internal reporting; fraud prevention; marketing to existing/prospective business customers. | Directly from you; automatically via Service usage; from Clients; from CRM/sales systems. | Service providers (CRM/support tooling); analytics providers (if enabled); legal/safety; business transfers. |
| Internet or network activity | Browsing interactions with the Site, page views, referrers, logs, feature usage events, error telemetry. | Operate and secure the Site/Services; performance monitoring; debugging; analytics; fraud prevention; improve UX. | Automatically from your device/browser; from hosting/CDN logs; from application telemetry (if enabled). | Service providers (hosting/CDN/monitoring); analytics providers (if enabled); legal/safety; business transfers. |
| Geolocation data (approximate) | General location inferred from IP address (city/region level). | Security, fraud prevention, and service operations; analytics and reporting. | Automatically from device/network. | Service providers (security/monitoring); analytics providers (if enabled); legal/safety. |
| Sensitive personal information / sensitive data (where applicable) | Health-related screening responses (e.g., PAR-Q), minors/guardian information, government IDs (if ever collected in a workflow), account credentials. | Provide the requested workflow (waivers/intake); safety screening as configured by Clients; compliance and evidentiary records; security and fraud prevention; maintain integrity of Services. | Directly from end users (submitted through Client workflows); from Clients; from integrations enabled by Clients. | Service providers strictly necessary for storage/delivery/operations; Clients (who control the workflow); integrations enabled by Clients; legal/safety disclosures. |
| Inferences (limited) | Operational inferences for deduplication, fraud prevention, reliability (e.g., matching records, workflow status). | Service integrity, fraud prevention, debugging, reliability, and workflow completion. | Derived from other collected information. | Service providers used for operations/security; Clients as part of workflow results when applicable. |
A. “Sale” or “sharing”
We do not sell personal information for money. We may use Account Data for marketing and remarketing as described above. If we engage in activities that qualify as “sale” or “sharing” under California law (for example, certain advertising cookies), California residents may have the right to opt out.
B. Sensitive personal information
We may process sensitive personal information (including health-related screening responses such as PAR-Q) when required to provide Services configured by Clients. Where applicable, California residents may have rights to limit the use and disclosure of sensitive personal information, subject to legal exceptions and our role as a service provider/processor.
C. Non-discrimination
We will not discriminate against you for exercising your CCPA/CPRA rights.
11. Colorado Privacy Act (CPA) disclosures
Colorado residents may have the right to access, correct, delete, and obtain a copy of personal information, and to opt out of targeted advertising, sale of personal data, and certain profiling.
Appeals: If we deny a Colorado request, you may have the right to appeal. We will provide appeal instructions in our response where applicable.
12. Exercising privacy rights; verification; timing
A. How to submit a request
To submit a privacy request, email hello@kyndrid.io with subject “Privacy Request”, or call +1 (503) 208-5281. If you are an authorized agent, include proof of authorization.
B. Verification
We may need to verify your identity (and authority, if applicable) before fulfilling a request. We may request additional information to complete verification. We will use information provided in a request only to verify the requester and respond to the request, unless otherwise permitted by law.
C. Timing and permitted exceptions
We will respond within the timeframes required by applicable law. We may deny or limit requests where permitted (e.g., to protect security, comply with legal obligations, or avoid disclosing another person’s information). If we process data on behalf of a Client, we may direct you to the Client to fulfill your request.
13. Changes to this Policy
We may update this Policy from time to time. The “Last Modified” date indicates when the Policy was last updated. Continued use of the Site or Services after changes are posted constitutes acceptance.
14. Contact
Email: hello@kyndrid.io•Phone: +1 (503) 208-5281