Kindred Workplace

KINDRED AI INC.

Privacy Policy

Effective Date: June 17, 2026

Last Updated: June 17, 2026

Kindred AI Inc. ("Kindred," "we," "us," or "our") develops and operates Kindred Workplace, an emotional intelligence ("EQ") development platform for organizations. Kindred Workplace serves enterprise organizations ("Client Organizations") whose employees and team members ("End Users") engage with our assessments, AI coaching, and team analytics (the "Services").

Privacy is foundational to how we build and operate. EQ data — the emotional, behavioural, and developmental information individuals share through the platform — is inherently sensitive. We collect only what is necessary to deliver the Services, apply strict limits on how it is used, and design our systems so that individual data is never exposed in ways that could harm the people who trusted us with it.

This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with Kindred Workplace. Where a Client Organization has entered into a Data Processing Agreement ("DPA") or other negotiated data protection terms with Kindred, those terms govern and prevail over this Policy to the extent of any conflict.

1. Definitions

  • "Client Organization" (also "Subscriber") — the enterprise organization that contracts with Kindred to access the Services. The Client Organization acts as the data controller for its End Users' personal data.
  • "End User" — an individual within a Client Organization who engages with the platform (an employee or team member).
  • "Administrator" — a person authorized by the Client Organization to configure and manage its account.
  • "Paige" — Kindred's AI assistant, which operates within Kindred Workplace as an EQ coach.
  • "EQ Assessment Data" — an End User's responses to EQ assessments and reflective exercises, and the individual profiles, patterns, and developmental insights generated from them.
  • "Coaching Interaction Data" — the content of an End User's coaching conversations and reflections with Paige.
  • "Aggregate / Team Data" — group-level patterns and insights derived from individual inputs but presented and stored at the team or organizational level.
  • "Subprocessor" — a third-party service provider engaged by Kindred to support delivery of the Services.
  • "DPA" — a Data Processing Agreement between Kindred and a Client Organization governing the processing of personal data.

2. Platform and Data Boundaries

Kindred Workplace operates as a self-contained data environment. Understanding how data is organized within it matters for understanding where data flows — and where it does not.

Our platform combines two kinds of intelligence: an emotional-intelligence capability that understands human patterns, behaviours, and relationships, and an analytical capability that supports pattern recognition, assessment logic, and data synthesis. These capabilities operate at two levels: the individual level (assessments, personal insights, and development guidance for an individual End User) and the team level (aggregate patterns, group dynamics, and organizational analytics).

Your organization's data stays within your environment.

Data collected from your organization's employees is siloed to your organization's own environment within Kindred Workplace. It is not accessible to any other Client Organization, and it is not pooled with other organizations' data.

Kindred does not repurpose your organization's data for any use outside of delivering Kindred Workplace to you, except for the limited de-identified and aggregated platform-improvement signals described in Section 5.

3. Roles and Responsibilities

Kindred AI Inc. (Data Processor)

Kindred processes personal data on behalf of Client Organizations to provide the Services. We act as a data processor with respect to End User personal data, processing it in accordance with the instructions of the Client Organization and as described in this Policy and any applicable DPA.

Client Organization (Data Controller / Subscriber)

The Client Organization acts as the data controller for its End Users' personal data and is responsible for:

  • Establishing an appropriate legal basis for processing End User data in its jurisdiction;
  • Informing its employees that Kindred Workplace is being used and the purposes for which it is used;
  • Configuring access controls and Administrator permissions;
  • Complying with applicable employment and privacy laws in its own use of platform outputs; and
  • Entering into a DPA with Kindred where required by applicable law.

End Users (Employees / Team Members)

End Users have rights in relation to their personal data as described in Section 11. These rights exist independently of the Client Organization's role as subscriber.

4. Information We Collect

We collect only information reasonably necessary to provide and improve the Services.

Account and Organizational Information

  • Organization name, industry, and account details;
  • Administrator name, email address, and account credentials;
  • Billing and subscription details (payment processing is handled by third-party providers).

End User Profile Information

  • Name and email address;
  • Job title, department, and organizational role (where provided);
  • Platform account credentials.

EQ Assessment and Interaction Data

This is the core data generated through use of the platform, and we treat it as sensitive personal information. It includes:

  • Responses to EQ assessments and reflective exercises;
  • Individual EQ profiles, patterns, and developmental insights generated by the platform;
  • Coaching Interaction Data — reflections and conversations with Paige, and self-reported development notes;
  • AI-generated outputs such as summaries, recommendations, and development pathways;
  • Check-in data and ongoing engagement signals.

Team and Aggregate Data

  • Team survey responses and group-level EQ signals;
  • Aggregate team profiles and collective patterns;
  • Organizational-level insights and dashboards generated for Administrator and HR use.

Aggregate / Team Data is always derived from individual inputs but presented and stored at the group level, subject to the minimum group threshold described in Section 6.

Voice Data (Where Voice-Based Features Are Enabled)

Certain features may process audio or voice input — for example, transcription of a session or meeting. Where these features are enabled, we process audio and any resulting transcripts solely to provide the requested functionality. The availability and configuration of voice-based features vary by jurisdiction, as described in Section 8.

Usage and Technical Data

  • Log and device information; feature usage and interaction patterns; performance, reliability, and security signals.

Cookies

We use cookies and similar technologies to operate and improve the Services. You may control cookies through your browser settings.

5. How We Use Information

Providing the Services (Primary Uses)

  • Delivering EQ assessments, scoring, and individual profile generation;
  • Generating personal insights, development recommendations, and coaching outputs through Paige;
  • Supporting team-level analytics and aggregate organizational dashboards;
  • Maintaining platform security, integrity, and reliability; and
  • Providing technical support requested by the Client Organization or End User.

System Improvement and Platform Development (Secondary Uses)

Any secondary use is restricted to data that is de-identified (no direct or indirect identifiers), non-reconstructible (cannot recreate an individual's session, profile, or narrative), and aggregated (combined across many users such that no individual is identifiable).

Acceptable signals for platform improvement include counts and usage rates, generalized feature categories, error rates, and statistical trends across many users. This does not include individual assessment responses, AI-generated individual profiles, coaching content, or any person-level data.

Improving Our Models

Kindred works to improve the quality of its emotional intelligence models over time. Any data used for this purpose is limited to the de-identified, non-reconstructible, and aggregated data described above — data from which no individual End User, and no single Client Organization, can reasonably be identified. Kindred does not use individual EQ Assessment Data or Coaching Interaction Data to train, fine-tune, or develop any model — Kindred's own or a third party's — except where a Client Organization and, where applicable, the individual End User has agreed under a separate, explicit, opt-in arrangement.

Kindred does not sell End User data. Kindred does not use End User data for advertising.

6. How EQ Data Is and Is Not Used

Because emotional intelligence data is sensitive, we make explicit commitments about how it is and is not used. These commitments are foundational to how we design our products.

Individual Data Is Confidential From the Employer

Individual EQ Assessment Data, personal profiles, and AI-generated insights are confidential from the Client Organization and are not made available to it in identifiable form. Managers, HR teams, and Administrators do not have access to individual End User results through the platform.

Coaching Interaction Data is private in all cases. An End User's conversations with Paige are never accessible to the Client Organization, regardless of configuration.

Kindred will not fulfill a request from a Client Organization for an individual employee's EQ data without that employee's explicit consent — even where the Client Organization is the subscriber and holds administrative access.

Employee-Initiated Sharing

An End User may choose to share their own individual results with their employer — for example, to support a development conversation with a manager. Any such sharing is strictly:

  • Employee-initiated — it can only be started by the End User, never by the Client Organization, an Administrator, or Kindred;
  • Opt-in and specific — the End User chooses what to share and with whom; and
  • Revocable — the End User may withdraw sharing at any time.

The Client Organization cannot request, compel, or configure access to individual results, and cannot make participation or sharing a condition of employment.

What Employers Can Access

  • Aggregate team and organizational-level insights, presented at the group level;
  • Anonymized trend data and collective development themes;
  • Platform usage and engagement metrics at the organizational level.

Aggregate data shared with Client Organizations meets a minimum group threshold designed to prevent re-identification of individuals. Kindred sets and maintains this threshold as a platform standard.

Explicit Guardrails — What EQ Data Cannot Be Used For

The following uses are prohibited by design and policy:

Not for performance management. EQ data does not feed into performance reviews, ratings, rankings, or compensation decisions.

Not for disciplinary action. Individual EQ results cannot and will not be used as a basis for discipline, warnings, corrective action, or termination.

Not for surveillance. EQ assessments are not monitoring tools and do not track ongoing behaviour, communications, or activities.

Not for automated individual decision-making. Kindred's outputs are development tools; they do not constitute or substitute for human decisions about an individual's employment, role, or performance.

The integrity of the platform depends on individuals being able to engage honestly — which is only possible when they trust that their responses cannot be used against them.

7. Paige — AI Coaching, Safety, and Boundaries

Paige is an AI assistant, not a person and not a therapist. The following principles govern how Paige operates within Kindred Workplace and are reflected in our internal safety framework:

  • Discloses its AI nature. Paige does not claim to be human when sincerely asked.
  • Is not therapy or crisis support. Paige supports EQ development. Where a conversation moves beyond coaching — including signs of crisis or distress that goes beyond what coaching can support — Paige steps back, acknowledges what was shared with warmth, and directs the End User to appropriate human and crisis resources (such as an Employee Assistance Program or publicly available support lines).
  • Does not disclose covertly. Paige does not route an End User's conversation content to their employer or to any named individual at Kindred without that End User's prior informed consent. Any escalation pathway is user-initiated and opt-in by design.
  • Logs for safety, not surveillance. Safety-related interactions are logged on an anonymized, aggregated basis for platform quality assurance only. No individual's distress disclosure is routed to a named human without that person's explicit consent.
  • Maintains absolute child-safety limits. Paige never generates content that sexualizes or endangers minors. The platform is intended for adults (see Section 14).

AI-generated outputs are assistive and developmental. They do not replace human judgment and are never employment decisions about an individual.

8. Voice-Based and Biometric Features; Jurisdictional Limits

Where Kindred Workplace offers voice-based features, their availability and configuration vary by jurisdiction. We distinguish two categories:

  • Transcription and content features — such as transcribing a session or meeting, generating summaries, and capturing decisions or action items. These features process the content of what is said and do not infer emotion from biometric characteristics. They are made available subject to notice and any consent required in the relevant jurisdiction.
  • Biometric emotion-inference features — features that would infer an individual's emotional state from biometric data, including voice characteristics such as tone or stress.

Our commitment on biometric emotion inference. Kindred does not make available, and Client Organizations and their End Users must not enable or use, any feature that infers the emotions of an End User from biometric data (including voice characteristics) in any jurisdiction where such use is prohibited. This expressly includes workplace settings in the European Union and European Economic Area, where the inference of emotions in the workplace from biometric data is prohibited under Article 5(1)(f) of the EU AI Act (Regulation (EU) 2024/1689).

Where biometric emotion-inference features are lawful in a jurisdiction, Kindred makes them available only with clear, jurisdiction-specific notice and the explicit consent of the End User. We apply jurisdictional controls so that prohibited features are not enabled for End Users located where they are not permitted.

9. Storage, Encryption, and Security

Kindred uses industry-standard security measures to protect personal data, including:

  • Encryption of EQ data, profiles, and interaction data at rest, and encryption of all data in transit;
  • Secure access controls and multi-factor authentication;
  • Role-based access restrictions limiting personnel access to data;
  • Monitoring and logging of system access; and
  • Regular security assessments and vulnerability management.

Data is stored in secure cloud infrastructure operated by trusted providers. End User data is stored in regional data centres consistent with the Client Organization's location — Canadian organizations in Canada, United States organizations in the United States, and European organizations within the European Economic Area. Certain features (such as AI processing or transcription) may require temporary cross-border processing to function; where this occurs, it is subject to appropriate safeguards, including standard contractual clauses or an equivalent mechanism.

Specific security measures, breach-notification timelines, and audit rights applicable to a particular Client Organization are set out in that organization's DPA. Where a DPA is in place, its terms govern.

10. Data Retention and Deletion

Kindred retains personal data only as long as necessary to provide the Services and to meet applicable legal requirements. Default retention periods apply absent a specific agreement; Client Organizations may negotiate retention and deletion timelines through a DPA, and where a DPA is in place, its terms govern.

Upon termination of a Client Organization's subscription, End User personal data is retained for a limited wind-down period and then deleted or anonymized from active and backup systems, unless legal obligations require longer retention. Where an End User requests deletion directly, we process the request in coordination with the Client Organization and in accordance with applicable law and any relevant DPA.

11. End User Rights

Depending on your location, you may have the right to:

  • Access — know what personal data we hold about you and how it is used;
  • Correction — request correction of inaccurate or incomplete data;
  • Deletion — request erasure of your personal data, subject to legal retention obligations;
  • Portability — receive your personal data in a structured, commonly used format;
  • Restriction — request that processing of your data be limited in certain circumstances;
  • Object — object to certain processing, including processing based on legitimate interests;
  • Information about legal basis — know the legal basis on which your data is processed; and
  • No solely automated decisions — not be subject to solely automated decision-making that produces legal or similarly significant effects.

To exercise your rights, contact us at privacy@kindredeq.com. Where your organization has a DPA with Kindred, fulfillment may be coordinated with your organization in accordance with that agreement and applicable law.

Employer access limitation. Kindred will not provide individual End User EQ data to a Client Organization without that End User's explicit consent, regardless of the Client Organization's subscriber status. Your personal EQ data belongs to you.

12. Legal Basis (GDPR / UK GDPR)

For organizations subject to the GDPR or UK GDPR, Kindred acts as a data processor and will enter into a DPA that includes the required provisions for cross-border transfers, processor obligations, and data subject rights fulfillment.

In employment contexts, employee consent under the GDPR is generally not considered freely given due to the power imbalance inherent in the employment relationship. Where applicable, we rely on legitimate interests or contract performance as the legal basis for processing End User data, and we document that basis. Client Organizations are responsible for establishing their own lawful basis for processing in accordance with applicable employment law in their jurisdiction. Kindred does not make automated decisions about individuals that produce legal or similarly significant effects.

13. Sharing and Disclosure

Kindred does not sell, rent, or trade personal data. We may disclose personal information only as follows:

  • To Subprocessors and service providers (including cloud hosting, AI processing, transcription, payment processing, and communications providers) to the extent necessary to operate the Services. These providers are contractually bound to protect personal data and may use it only for the purposes for which it is disclosed;
  • To a Client Organization, in the form of aggregate and anonymized insights only, as described in Section 6 — individual End User data is never disclosed to a Client Organization without that End User's consent;
  • To comply with applicable law, court orders, or lawful government requests;
  • To a buyer or successor entity in connection with a merger, acquisition, or sale of all or substantially all of our assets, subject to confidentiality safeguards and notice to affected Client Organizations; and
  • With your explicit consent.

A list of Kindred's current Subprocessors is available to Client Organizations upon request. We notify Client Organizations of material changes to our Subprocessor list in accordance with applicable DPAs.

14. Regulatory Compliance and Other Matters

Kindred operates across multiple jurisdictions and is committed to compliance with applicable privacy and data protection laws, including the GDPR (EEA), UK GDPR, PIPEDA and applicable provincial legislation including Quebec's Law 25, and the CCPA/CPRA (California). We also design the Services to remain consistent with applicable restrictions on emotion inference in the workplace, including Article 5(1)(f) of the EU AI Act, as described in Section 8.

Google API Services

Where you connect a Google account through OAuth to enable optional features such as Google Calendar, we access only the limited information necessary to provide the requested functionality, in accordance with the Google API Services User Data Policy, including its Limited Use requirements. Google user data is not used for advertising and is not used to train generalized or shared AI or machine-learning models. You may disconnect your Google account at any time, after which associated credentials and synced metadata are deleted or deactivated.

SMS and Communications

We may offer optional SMS for account security and service notices (such as two-factor authentication and service alerts). We use mobile numbers solely for these communications and do not sell or share them for third-party marketing. You may opt out at any time by replying STOP or by adjusting your notification settings. Standard message and data rates may apply.

Not Directed at Minors

Kindred Workplace is designed for organizational and professional contexts. It is not directed at or intended for individuals under the age of 18, and we do not knowingly collect personal data from minors. If we become aware that we have done so, we will take steps to delete that data promptly.

15. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will provide advance notice to Client Organization Administrators through the Services or by email. The effective date at the top reflects the most recent update.

16. Governing Law and Contact

This Policy is governed by the laws of the Province of Nova Scotia and the federal laws of Canada applicable therein, without regard to conflict-of-law provisions. Nothing in this section limits the mandatory rights of individuals under applicable privacy legislation in their jurisdiction of residence, including GDPR rights for EEA residents or CCPA rights for California residents.

Kindred AI Inc.

27 Devonshire Drive, Timberlea, NS B3T 1C4, Canada

Privacy inquiries and data subject rights requests: privacy@kindredeq.com · General: info@kindredeq.com

This Privacy Policy reflects Kindred's commitment to privacy as a design principle, not a compliance exercise. Trust is the foundation of EQ work — individuals can only engage honestly when they are confident their data is handled with integrity.

← Back home