Privacy Policy

Last updated: 13 April 2026

1. About Kind Note

Kind Note is a mobile application that allows users to send pre-written anonymous messages of kindness via email or SMS. The app is operated from Australia and is subject to Australian law.

2. Information We Collect

When you use Kind Note, we collect:

•

Recipient contact information — the email address or mobile phone number you provide to deliver the message. This is stored for compliance purposes only.

•

Authentication data — if you sign in via Google or Apple, we receive your account identifier from Clerk (our authentication provider). We do not access your password.

•

Payment information — payments are processed entirely by Stripe. We do not store your card number or payment details. We retain the Stripe payment intent ID to prevent duplicate transactions.

•

IP address — collected for rate limiting and compliance with Australian telecommunications law.

•

Message type — which pre-written message you selected. Since messages are pre-written, the message type can be used to determine the content that was sent.

3. What We Do Not Collect

•

We do not store message content directly, however the message type identifier we log can be used to determine the pre-written content that was sent.

•

We do not share your identity with the message recipient. All messages are anonymous.

•

We do not use tracking cookies or third-party analytics.

4. How We Use Your Information

•

To deliver the anonymous message to the recipient.

•

To process your payment via Stripe.

•

To enforce rate limits and prevent abuse of the service.

•

To comply with Australian telecommunications legislation, including record-keeping obligations.

5. Data Retention

Message logs (excluding message content) are retained for 2 years in compliance with Australian law. After this period, records are automatically deleted. Rate limiting data is retained for a maximum of 24 hours, except lifetime recipient counters.

6. Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Neon, which provides AES-256 encryption at rest. All data in transit is encrypted via TLS. Payment processing is handled entirely by Stripe, a PCI DSS Level 1 certified provider.

7. Third-Party Services

We use the following third-party services:

•

Stripe — payment processing

•

Clerk — authentication (Google and Apple sign-in)

•

Mailgun — email delivery

•

Twilio — SMS delivery (Australian mobile numbers)

•

Neon — database hosting

Each of these services has their own privacy policy. We encourage you to review them.

8. Your Rights

Under the Australian Privacy Act 1988, you have the right to:

•

Request access to the personal information we hold about you.

•

Request correction of inaccurate personal information.

•

Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached.

9. Contact

If you have any questions about this privacy policy or your personal data, please contact us at info@kindnote.com.au.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date.