KidGist

Privacy policy

Last updated: April 2026

KidGist ("we", "us", "our") is a tool that helps parents manage school and activity emails. This policy explains what data we collect, how we use it, and who we share it with. We've written it in plain language — please read it before using the service.

What data we collect

  • Account information: your email address and password (stored securely via Supabase Auth).
  • Children's profiles: names, grade levels, and a colour you assign. We do not collect children's personal contact details, photos, or any information directly from children.
  • Email content: when you forward an email to your KidGist address, we receive and store the subject, sender, body text, and HTML content of that email.
  • Calendar events: dates, times, titles, and action items extracted from emails.
  • Notification preferences: your reminder schedule and delivery method choices.
  • Device tokens: if you enable push notifications, we store a device token to deliver alerts to your device.
  • Calendar integration tokens: if you connect Google Calendar or Microsoft Outlook, we store OAuth access tokens to push events on your behalf.

How we use your data

  • To categorise emails, extract dates and action items, and create calendar events automatically.
  • To send you daily reminders and weekly summaries about upcoming events.
  • To push events to connected calendar services (Google Calendar, Microsoft Outlook).
  • To deliver push notifications to your devices.
  • We do not use your data for advertising, and we do not sell your data to any third party.

Third-party services we use

Running KidGist requires us to share certain data with the following services. By using KidGist you agree to their processing of your data as described.

Google Gemini AI

The subject line and body of each email you forward is sent to Google's Gemini API for analysis. Gemini extracts event dates, titles, and action items. Google's data processing terms apply. We send only the content of emails you choose to forward — we do not connect to your inbox directly.

Resend

Inbound emails are received via Resend's email routing service. Resend also delivers our outbound emails (reminders, summaries) to you. Email content passes through Resend's infrastructure in transit.

Supabase

All app data (accounts, children, emails, calendar events) is stored in a PostgreSQL database hosted by Supabase. Data is stored in the US (AWS us-east-1 region).

Firebase (Google)

If you enable push notifications, your device token is registered with Google Firebase Cloud Messaging to deliver alerts to your device.

Vercel

KidGist is hosted on Vercel. Web requests and server-side processing run on Vercel's infrastructure.

Email content and privacy

We understand that school emails can contain sensitive information about your children. Here is how we handle email content:

  • We only receive emails that you explicitly forward to your KidGist address. We never connect to your email inbox directly unless you choose to grant OAuth access in a future feature.
  • Email bodies are stored in our database to allow you to view them in the Emails tab.
  • Email content is sent to Google Gemini for analysis. Gemini is a third-party AI service operated by Google.
  • KidGist staff may access email content stored in the database for debugging or support purposes.

Data about children

KidGist is a service for parents and guardians. You may add your children's names and grade levels to help organise events. We do not knowingly collect personal data directly from children. If you believe we hold information about a child that should be removed, please contact us.

Family sharing

If you invite a family member to share your KidGist account, they will be able to see all children, calendar events, and emails associated with your family account. You can remove a family member at any time from Settings → Family.

Your rights

  • Access: you can view all data we hold about you in the KidGist dashboard.
  • Export: you can export your calendar events as an .ics file from Settings → Calendar.
  • Deletion: you can contact us to have your account and all associated data permanently deleted. We will action deletion requests within 30 days.
  • Correction: you can update your children's details and event information directly in the app.

Data retention

We retain your data for as long as your account is active. If you request account deletion, all personal data is removed from our systems within 30 days. Anonymised, aggregated usage statistics may be retained indefinitely.

Security

Passwords are hashed and never stored in plain text. Data in transit is encrypted via HTTPS. We use Supabase's built-in security features for database access control. No security system is perfect — if you discover a vulnerability, please contact us.

Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email. The date at the top of this page reflects the most recent update.

Contact

If you have questions about this policy or want to request data deletion, email us at hello@kidgist.com.

← Back to dashboard