top of page

Privacy Policy

Privacy Policy for Simone (by Kantara Limited)
Effective Date: 26 May 2025
Last Updated: 4 Nov 2025

​

Kantara Limited (“Kantara,” “we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and disclose personal data when you interact with Simone, our AI parenting guide on WhatsApp or other channels, in compliance with the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) of Hong Kong.

​

By using Simone or our related services, you consent to the practices described below.

​

1. Scope of this Privacy Policy

This Privacy Policy applies to all interactions with Simone across WhatsApp, our website (www.kantara.life), and other official channels operated by Kantara.
It covers personal data collected through text messages, images, and user interactions associated with Simone’s AI services.

​

2. Personal Data We Collect

We collect and process the following types of data:

​

2.1 Information You Provide

  • Messages, questions, or text you send to Simone.

  • Optional details such as your name, email address, or child’s age range (if shared).

  • Images you upload for informational analysis (e.g., photos of child-related matters).

  • Any feedback, ratings, or preferences you provide while using Simone.

2.2 Automatically Collected or Derived Information

  • An anonymized identifier based on your WhatsApp number (a salted SHA‑256 hash).

  • Message timestamps, frequency, and language patterns used to detect spam.

  • System telemetry or error logs necessary for service maintenance.

2.3 Technical or Device Information (for website users)

  • IP address, browser type, device identifiers, and cookies.

  • Log data that helps us maintain system reliability and prevent abuse.

We do not require or encourage submission of sensitive personal information (e.g., medical or government ID data). If you voluntarily provide such information, it will be handled with the same level of protection described here.

​

3. Purpose of Collecting Personal Data

We process personal data for the following purposes, which are directly related to Simone’s functions:

  1. To deliver, personalize, and improve AI-driven parenting guidance.

  2. To manage communication processes and respond to your inquiries.

  3. To detect and prevent misuse, spam, or security threats.

  4. To maintain and improve our technical systems.

  5. To comply with lawful requests or regulatory obligations.

  6. To conduct anonymized research or data analysis for service enhancement.

  7. (If applicable) To provide marketing information with your explicit consent.

Personal data will not be used for unrelated or unauthorized purposes.

​

4. Image Data and Processing

If you upload images to Simone (for example, photos related to parenting concerns), the following terms apply:

4.1 Consent and Purpose

  • By sending an image to Simone, you consent to its collection and processing solely for the purpose of generating automated, non‑medical informational responses.

  • We may also provide an additional consent prompt (e.g., via message or button) where required by law or platform policy. Images are not used for any other purpose without your further explicit consent.

  • Simone does not provide professional medical advice.

4.2 Processing and Transmission

  • Images may be temporarily transmitted to trusted third‑party processors (e.g., AI cloud services) for analysis but only for the stated purpose.

4.3 Retention and Deletion

  • We generally delete images as soon as processing is complete.

  • In no case will images be retained for longer than seven (7) days after upload unless you have expressly consented to longer retention for troubleshooting or service improvement.

  • While we strive to delete images promptly, technical constraints may occasionally delay deletion.

4.4 Security and Metadata Handling

  • Images are transmitted using secure protocols (e.g., HTTPS).

  • Metadata (such as EXIF data) is removed wherever technically feasible.

  • Images are not intentionally linked to your identity beyond what is minimally required for processing.

4.5 User Rights for Image Data
You may request deletion of any submitted image at any time. We will take all reasonable steps to comply, subject to technical or legal constraints.

 

5. Data Security

We adopt multiple layers of technical and organizational measures to safeguard user data:

  • Encryption: All messages stored by Simone are encrypted using the Fernet symmetric encryption algorithm (AES‑128 + HMAC).

  • Anonymization: User phone numbers are replaced with irreversible salted hashes to ensure they cannot be re‑identified.

  • Access Control: Human access to data is not part of normal operations. In rare, exceptional cases (such as investigating abuse, security incidents, or legal requests), limited authorized access may be granted under strict internal audits and confidentiality obligations.

  • Redis-Based Security Protections: Temporary message activity analysis is used solely for spam detection and expires automatically (usually within one minute).

  • Secure Transmission: All data exchanges occur over encrypted channels (e.g., HTTPS, TLS).

  • Internal Policies: Access to operational systems is limited to authorized personnel trained in data protection.

Despite these safeguards, no electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we take all practicable steps as required by the PDPO.

​

6. Data Retention

  • Encrypted message data is stored only as long as necessary for service delivery, troubleshooting, or system improvement.

  • Temporary Redis logs and message counters automatically expire (typically within 60 seconds).

  • Anonymized, aggregated, or statistical data that does not identify individuals may be retained for research or system optimization.

  • Image data retention follows the seven‑day policy noted above.

  • Once personal data is no longer required, it will be securely deleted or anonymized.

 

7. Disclosure of Personal Data

We do not sell, rent, or trade personal data.

Personal data may be shared only in the following circumstances:

  • Service Providers: Trusted partners who provide hosting, AI processing, message delivery, or analytics, under confidentiality agreements.

  • Legal Obligations: When required by law, regulation, or government authority.

  • Corporate Changes: In the event of a merger or acquisition, with data protections consistent with this Policy.

We take reasonable steps to ensure that any third parties we engage offer data protection equivalent to PDPO standards, though we cannot guarantee their compliance in all circumstances.

 

8. Cross‑Border Data Transfers

Although Section 33 of the PDPO (regulating cross‑border transfers) is not yet in force, we take reasonable steps to ensure that any transfer of personal data outside Hong Kong is protected by contractual or technical measures comparable to PDPO requirements.
Transfers may occur, for example, when encrypted data is processed on international cloud infrastructure.

 

9. Your Rights

Under the PDPO, you have the right to:

  • Access your personal data held by us.

  • Request Correction of inaccurate or outdated personal data.

  • Request Deletion of personal data or images, subject to technical or legal constraints.

  • Withdraw Consent to processing, understanding this may limit available services.

  • Opt‑Out of direct marketing, where applicable.

To exercise these rights, contact us in writing (see Section 11).
We will respond to valid requests within forty (40) days, in accordance with the PDPO.

 

10. Cookies and Tracking (Website Visitors Only)

Our website uses cookies to enhance browsing. Cookies help us understand usage patterns and improve content personalization.
You may disable cookies through your browser settings, but some functions may not work as intended.

 

11. Contact Us

For questions, concerns, or to exercise your privacy rights, please contact:

Data Protection Officer (DPO)
Kantara Limited
Email: info@kantara.life
Subject line: “Data Access / Privacy Request – Simone”

 

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in technology, law, or our practices.
The most current version will always be available through Simone or on our website.
Substantive updates will be communicated clearly to users.

 

13. Summary of Our Privacy Commitment

Your privacy and trust are core to Simone’s design. We implement end‑to‑end encryption, anonymized identifiers, strict access control, minimal data retention, and transparent consent procedures to ensure that your interactions remain private, secure, and compliant with Hong Kong’s PDPO.

By using Simone, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your data as described.

  • X
  • Facebook
  • Instagram
bottom of page