Legal

Privacy Policy

Last updated: 2026-05-02 Hosted at: usekempt.com/privacy Contact: hello@usekempt.com

1. Who we are

Kempt is a home-maintenance app for first-time homeowners. It’s operated by Brian Garland as a sole proprietor (entity formation pending). “We,” “us,” and “Kempt” all refer to the same operator. Contact: hello@usekempt.com.

2. What this policy covers

This policy applies to the Kempt iOS app, the website at usekempt.com, and any data we hold about you that originated from either. It does not cover third-party services we link to. Once you leave Kempt for another site or app, that service’s privacy policy applies.

3. Data we collect

We collect only what we need to make the app work for you. Categories below map to Apple’s privacy nutrition labels.

3.1 — Contact info

Email address. Required for sign-in (Apple, Google, or email magic link). Used to authenticate you and to send transactional notices (security alerts, account-deletion confirmation). We do not send marketing email.

3.2 — User content

Your home’s address (street, ZIP). Required to fetch home attributes and a Street View image during onboarding. Stored at rest.
Appliances, tasks, notes, completion history, money-saved entries, weekly briefs. The product is a home-maintenance log. All of this is content you create.
Memory facts the agent extracts from your turns (“Your furnace is a Lennox SLP99V”) — visible and editable on the in-app Memory screen.
Photos of appliances you upload to identify make/model. The photo is processed by our AI inference provider to identify make, model, and serial number (see §4).

3.3 — Photos

See §3.2 — appliance photos. We do not access your camera roll without your explicit picker action.

3.4 — Coarse location

Derived from the ZIP you provide during onboarding. We map ZIP to climate zone to drive seasonal task generation. We do not collect GPS or precise location.

3.5 — Usage data

Anonymous, aggregated usage analytics. Used to understand how the app is used and to improve it.

3.6 — Diagnostics

Crash reports and exception traces, with personal identifiers stripped. Used to find and fix bugs.

3.7 — Push tokens

Your device’s push token, so we can send you weekly briefs and severe-weather alerts. You can revoke push permission in iOS Settings at any time.

3.8 — What we do not collect

Your phone number.
Your precise GPS location.
Your contacts.
Your social-graph data.
Your other apps’ data.
Advertising identifiers (IDFA). Kempt does not show ads and does not track you across other apps or websites.

4. Third-party processors

We use the following categories of service providers to operate the app. Each processes a slice of your data on our behalf under a Data Processing Agreement with us.

AI inference (Anthropic, PBC). Your turns with the agent, your home address, appliance metadata, and relevant memory facts are processed to generate task suggestions, weekly briefs, appliance identifications, and chat responses. Anthropic is named here per Apple’s 2025 AI third-party-disclosure requirement. Anthropic does not train on API traffic by default.
Database, storage, auth, and server infrastructure. All app data — your account, home, appliances, tasks, photos, memory, and briefs — is stored and processed by a US-based cloud infrastructure provider.
Sign-in and push-notification delivery. Your sign-in identifiers and push tokens are processed by the sign-in providers you choose (Apple or Google) and Apple’s push notification service.
Address enrichment. Your home address is used in a one-time lookup at onboarding to retrieve property attributes (year built, square footage, bedroom/bathroom count).
Anonymous usage analytics. Aggregated event data is processed by a US-based analytics service.
Error monitoring. Crash reports and exception traces (personal identifiers stripped) are processed by a US-based error monitoring service.
Subscription management (not active during the free beta). When paid subscriptions launch, transaction receipts and entitlement state will be processed by Apple and a US-based subscription management service.

No advertising networks. No data brokers. We do not sell, rent, or share your data with anyone outside these categories.

5. How we use your data

To run the app: store your home, generate tasks, compose briefs, deliver pushes, support your turns with the agent.
To debug and improve the app: anonymous usage analytics and crash reports.
To comply with the law: respond to valid legal requests (subpoena, court order). We will notify you if we receive a request targeting your data, unless legally barred from doing so.

We do not use your data for advertising. We do not profile you for purposes outside the app’s stated function.

6. Data retention

Active accounts: retained while your account exists.
Deleted accounts: see §7. Cascade-deleted within 7 days; backups age out within 30 days.
Anonymous analytics: retained 12 months, then aggregated and discarded.
Crash reports: retained 30 days, then aged out.
Auth logs: retained 90 days for security-incident investigation.

7. Your rights

You have the right to:

Access the data we hold about you. In-app: Settings → Data → Export. If you can’t sign in, email hello@usekempt.com with subject “Access request” — we’ll send an export within 30 days.
Delete your account and all associated data. In-app: Settings → Account → Delete account. All personal data associated with your account is cascade-deleted. Backups age out within 30 days.
Correct any data — directly in the app for everything you authored, or via email for account-level data.
Export your data — Settings → Data → Export provides a portable copy of your home, appliances, tasks, and memory.
Opt out of analytics — toggle in Settings → Privacy.
Withdraw consent at any time by deleting your account.

For California residents (CCPA/CPRA): you have the same rights above. We do not sell or share personal information.

8. Data security

All data in transit is TLS 1.2+ encrypted. All data at rest is encrypted at the disk level. Access controls ensure you can only read your own home’s data. Operator accounts are protected with hardware-key two-factor authentication.

We will notify affected users promptly after confirming a personal-data breach.

9. Children

Kempt is not directed at children under 13 and does not knowingly collect data from them. If you believe a child has created an account, email hello@usekempt.com and we will delete the account.

10. Changes to this policy

We will email you at the address on file before any material change takes effect. Non-material changes (typos, clarifications) will be noted in the change log below. The current version of this policy lives at usekempt.com/privacy.

11. Contact

Email: hello@usekempt.com
Mailing address: available on request.

12. Change log

2026-04-26 — v0.1 draft (Chunk 9.9.F). Beta-banner copy in place. Final version pending legal review (Phase 11, ~$500 one-time consult).
2026-04-30 — v0.1.1 (Chunk 9.95.D): contact emails consolidated to hello@usekempt.com. §8 Access bullet updated to lead with in-app export path.
2026-05-02 — v0.2: §4 sub-processor table replaced with category-based list (Anthropic named per Apple AI disclosure rule; other vendors described by function only). §3.5/3.6 trimmed — removed named event list and internal technical detail. §6 GDPR framing removed (US-only app). §7 (now §8) security section simplified — implementation details removed. §8 (now §7) Your rights — DB table names removed, export bullet simplified. Sections renumbered.
2026-05-04 — v0.3 (Chunk 11.F): §3.2 appliance-photo paragraph updated — removed on-device OCR claim (KemptVision native module retired Chunk 11.B; photos now processed by AI inference provider). Beta banner simplified — removed “legal language will be tightened by counsel.” RF-351 TODO comment added to §1.
2026-05-08 — v0.4: Beta-banner block removed from header. §1 reworded — leads with the brand, drops “Mailing address available on request” (the contact email handles it). §2 contractor-website example removed (feature not built); kept the third-party-services principle.