top of page

Privacy Policy for Kantara

 

 

Effective Date: 26 May 2025
Last Updated: 11 February 2026

 

Our Privacy Commitments

Kantara Limited ("Kantara," "we," "our," or "us") respects your privacy and is committed to protecting your personal data. Here are our core commitments to you:

​

Commitment 1: Your conversations with Simone are private

The content of your conversations with Simone is not shared with third parties, except to provide our Services, improve our Services, or as required by law.

​

Commitment 2: We never sell your personal data

We do not sell, rent, or trade your personal data to advertisers or any third parties.

​

Commitment 3: You control your personal data

Request to access it, correct it, or delete it whenever you want. Share as much or as little as you like. See Section 11 for details.

​

Commitment 4: We collect personal data only for specific purposes

For example, we collect conversation metadata to provide personalized parenting guidance and improve Simone's responses. We are transparent about why we need each type of data. See Section 4 for full details.

 

Commitment 5: We are upfront about who can see your data and why

Some technical service providers process data to help make Simone work. We are always transparent about who sees what and why. See Section 13 for details.

 

Table of Contents

  1. Scope of this Privacy Policy

  2. Key Definitions

  3. Personal Data We Collect

  4. Purpose and Lawfulness of Collection (DPP1)

  5. Image Data and Processing

  6. Data Accuracy and Retention (DPP2)

  7. Use of Personal Data (DPP3)

  8. Direct Marketing (Part 6A of PDPO)

  9. Data Security (DPP4)

  10. Openness and Transparency (DPP5)

  11. Your Rights: Access and Correction (DPP6)

  12. Exemptions

  13. Disclosure of Personal Data

  14. Third-Party Services and Data Processors

  15. Cookies and Tracking (Website Visitors Only)

  16. Children's Privacy

  17. International Data Transfers

  18. Complaints and Enforcement

  19. Your Responsibilities

  20. Contact Us

  21. Updates to This Policy

  22. Summary of Our Privacy Commitment

 

This Privacy Policy explains how Kantara collects, uses, discloses, and protects your personal data when you use Simone, our AI parenting guide on WhatsApp or other channels, in compliance with the Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO") of Hong Kong.

By using Simone or our related services, you acknowledge that you have read and understand this Privacy Policy.

Questions, comments, or concerns? Please reach out: info@kantara.life

 

1. Scope of this Privacy Policy

This Privacy Policy applies to all interactions with Simone across WhatsApp, our website (www.kantara.life), and other official channels operated by Kantara Limited.

It covers personal data collected through text messages, images, and user interactions associated with Simone's AI services.

You decide how much or how little you are comfortable sharing. If you do not provide us with certain personal data, some of the Services may not work as intended. 

 

2. Key Definitions

Personal Data means information relating to you as a living individual from which you can be identified.

Data Subject means you, the individual whose personal data we collect and process.

Data User means Kantara Limited, which controls the collection, holding, processing, and use of your personal data.

Data Processor means third-party service providers who process personal data on our behalf (such as cloud service providers and AI processing services).

Scope of this privacy policy
Key definitions
3. Personal Data We Collect

3.1 Account Data

What We Collect:

  • WhatsApp number (stored as an anonymized salted SHA-256 hash only)

  • Optional details such as your name, email address, or child's age range (if you choose to share)

  • Time zone (from iOS and Android apps, if applicable)

  • What you'd like Simone to call you

  • Any personal identifiers you voluntarily provide

How It Is Used:

  • To provide our Services, including creating and maintaining your conversation context

  • To improve our Services

  • For identification and authentication purposes

  • To address issues like malicious use of the Services

  • To maintain and uphold your preferences

 

3.2 Conversational Data

What We Collect:

  • Your conversational interactions with Simone, including what you write or options you select during conversations

  • Message timestamps and frequency

  • Language patterns (used only for spam detection)

Technical Data: 

  • Message content cached temporarily in Redis (15 minutes) for performance 

  • Spam detection logs (60 seconds) 

  • Message processing queues (5 minutes)

How It Is Used:

  • To provide our Services and deliver personalized parenting guidance

  • To improve our Services

  • To maintain conversation context and continuity

 

Medical Information (Optional):

If you voluntarily choose to share medical information with Simone (such as allergies, medications, special needs, or disabilities), we will:

  • Store this information in encrypted form in your profile for user personalization purposes

  • Include it in conversations sent to our AI processing services (DeepSeek API)

  • Use it to provide more personalized and medically-aware responses

Important: Sharing medical information is entirely optional. However, if you do share it, please be aware it will be processed by our AI service providers. By sharing medical information with Simone, you explicitly consent to this processing.

 

3.3 Images You Upload

What We Collect:

  • Photos you send to Simone for informational suggestions (e.g., photos related to parenting concerns)

  • Basic technical metadata required for processing

How It Is Used:

  • To provide automated, non-medical informational responses to your parenting questions

  • Metadata (such as EXIF data including location) is removed wherever technically feasible

See Section 5 for detailed information about image processing, retention, and your rights.

 

3.4 Communications with Us (Separate from Conversational Data)

What We Collect:

  • Email address (if you contact us via email)

  • Platform and operating system version

  • Any personal data you include in support requests or feedback

  • Attachments you share with us

How It Is Used:

  • To provide user support

  • To improve our Services

  • To respond to your inquiries

  • To invite you to participate in relevant user experience research (with your consent)

 

3.5 Hardware Diagnostic and System Information

What We Collect:

  • Operating system, hardware, and browser version (if applicable)

  • Crash reports and system error logs

  • Device identifiers required for service functionality

How It Is Used:

  • To provide our Services

  • To troubleshoot technical issues

  • To improve our Services

  • To maintain system reliability and security

 

3.6 Usage Data

What We Collect:

  • Internal analytics information about how you interact with Simone

  • Usage information, such as time of day or frequency of tool usage

  • Log files

  • Mobile device, browser type, browser language, and Internet Protocol address

  • Cookies, pixel tags, and web beacons (website only)

How It Is Used:

  • To provide our Services

  • To improve our Services and assess performance

  • To understand usage patterns and optimize user experience

  • To create de-identified and/or aggregated data for research and improvement

 

3.7 Feedback and Survey Data (Optional)

What We Collect:

  • Ratings or preferences you provide while using Simone

  • Survey responses about your experience with our Services (if you choose to participate)

How It Is Used:

  • To improve our Services

  • To understand user satisfaction and needs

  • To invite you to participate in relevant user experience research

 

We do not require or encourage submission of sensitive personal information (e.g., detailed medical records, government ID data, or financial information). If you voluntarily provide such information, it will be handled with the same level of protection described in this policy, but please note that Simone does not provide professional medical, legal, or financial advice.

3 Personal Data we collect
4. Purpose and Lawfulness of Collection (DPP1)
​

Personal data is collected only for lawful purposes directly related to Simone's functions and activities. We collect only what is necessary, adequate, but not excessive for these purposes:

  • Service Delivery: To deliver, personalize, and improve AI-driven parenting guidance

  • Communication Management: To manage communication processes and respond to your inquiries

  • Security and Abuse Prevention: To detect and prevent misuse, spam, or security threats

  • System Maintenance: To maintain and improve our technical systems and troubleshoot issues

  • Legal Compliance: To comply with lawful requests or regulatory obligations

  • Research and Improvement: To conduct anonymized research or data analysis for service enhancement (using only aggregated, non-identifiable data)

  • Direct Marketing: To provide marketing information about Simone or related services, only with your prior express and voluntary consent (see Section 8)

We will not use personal data for unrelated or unauthorized purposes.

 

4.1 How Collection Works

Simone conversations happen naturally: When you message Simone on WhatsApp, you're choosing to share information voluntarily, just like talking to a friend. There's no sign-up, no forms to fill out - you simply start chatting.

You control what you share: You can share as much or as little as you're comfortable with. Simone will never:

  • Pressure you to share information you don't want to share

  • Require you to provide personal details to use the service

  • Judge or penalize you for keeping certain things private

This Privacy Policy is your notice: By reading this Privacy Policy (which we encourage you to do before or shortly after starting to use Simone), you'll understand:

  • What information we collect when you chat with Simone

  • How that information is used and protected

  • Who may process your messages (AI service providers)

  • Your rights to access, correct, or delete your data

  • How to exercise these rights (see Section 11)

 

4.2 What We Collect Through Simone

When you message Simone, we collect:

  • Your messages, in encrypted format. We also temporarily store the images you send to Simone. These are stored for a maximum of 30 days to provide conversational context for Simone.

  • Your phone number (hashed): We convert your phone number into a secure, anonymized identifier so we can link your conversation history to you while protecting your identity

  • Technical data: Message timestamps, delivery status, and basic technical information needed to provide the service

We do NOT collect:

  • Your WhatsApp profile information (name, profile picture, status)

  • Your contact list or other WhatsApp data

  • Your location (unless you specifically mention it in your messages)

  • Any information beyond what you voluntarily share in your conversations

4 purpose and lawfulness of collection
5. Image Data and Processing

If you upload images to Simone (for example, photos related to parenting concerns), the following terms apply:

​

5.1 Consent and Purpose

By sending an image to Simone, you consent to its temporary collection and processing solely for the purpose of generating automated, non-medical informational responses to support your parenting questions.

We may also provide an additional consent prompt where required by law or platform policy.

Important: Simone does not provide professional medical advice. Images are analyzed only to provide general informational guidance.

​

5.2 Processing and Transmission

  • Images are temporarily transmitted to Google Gemini Vision API for analysis

  • Processing occurs only for the stated purpose and under contractual data protection obligations

  • Images are transmitted over secure, encrypted connections (HTTPS/TLS)

  • We receive only text-based analysis results, not copies of your images
     

5.3 How Long We Keep Images

Our Systems (Kantara):

  • In-Memory Processing: Images are held in server memory only during analysis (typically 1-5 minutes) and deleted immediately upon completion

  • Database References: We store metadata about images (upload timestamp, content type, Twilio media URL) but not the images themselves

  • URL Storage: Image URLs are automatically purged from our database after 7 days

  • Deletion Logging: All image deletions are logged with timestamps for compliance verification

Twilio's Servers (Message Delivery Provider):

  • Temporary Storage: Images are temporarily stored by Twilio (our messaging infrastructure provider) to enable delivery between you and Simone

  • Twilio's Retention: Twilio's default retention period is 7 days, after which images are automatically deleted by Twilio's systems

  • Important: We use Twilio as a communications platform - they act as a conduit for message delivery and do not access image content for their own purposes

Third-Party AI Processing (Google):

  • Gemini Vision API: Google processes images to generate analysis results

  • Google's Handling: According to Google's Cloud Data Processing Addendum, images submitted via API are:

    • Processed only to provide the requested service

    • Not used to improve Google's models without customer permission

    • Not retained longer than necessary for service delivery

    • Protected under Google's enterprise security measures

  • Retention Period: Google's specific retention period for API-processed images is governed by their Cloud services terms (typically deleted after processing, with logs retained for up to 30 days for debugging)


5.4 Maximum Retention Guarantee

In no case will images be accessible by or through Simone's systems after seven (7) days from upload.

We enforce this through:

  1. Automated cleanup: Daily deletion job runs at 3:00 AM UTC

  2. Compliance monitoring: Daily audit at 6:00 AM UTC verifies no images exceed 7 days

  3. Alerts: Automatic alerts if any images exceed the 7-day limit

  4. Manual deletion: Upon your request, we will delete images immediately (see Section 5.11)


5.5 What We Cannot Control

While we enforce the 7-day limit for images in our systems and Twilio's systems, please note:

  • Google's Processing: Google may retain images temporarily for service operations (typically <30 days for logs/debugging per their terms). We do not control Google's internal retention beyond our contractual agreements.

  • WhatsApp's Transmission: When you send an image through WhatsApp, WhatsApp (Meta) may temporarily process it according to their own privacy policy. We do not control WhatsApp's handling of images during transmission.

  • Your Device: Images remain on your device unless you delete them. We have no access to or control over images stored on your device.


5.6 Security and Metadata Handling

  • Images are transmitted using secure protocols (HTTPS/TLS encryption)

  • Metadata (such as EXIF data including location information) is removed wherever technically feasible

  • Images are processed using your anonymized identifier only (hashed phone number)

  • Access to image processing systems is restricted to authorized personnel for security and abuse prevention purposes only


5.7 Your Rights for Image Data

Immediate Deletion:

You may request deletion of any submitted image at any time by:

  • Messaging Simone: "Delete my images"

  • Emailing us: info@kantara.life with subject "Image Deletion Request"

We will:

  • Delete image URLs from our database immediately

  • Delete images from Twilio's servers within 24 hours

  • Confirm deletion via message or email

Important Limitations:

  • We cannot delete images that Google or WhatsApp may have processed according to their own terms

  • We cannot delete images from your device - you must do this yourself

  • Once deleted, images cannot be recovered

​

5.8 Third-Party Service Disclosure

The following third parties process your images:


1. Twilio
Role: Message delivery infrastructure
Data Processed: Image files during transmission
Retention Policy: 7 days (auto-deleted)


2. Google (Gemini API)
Role: AI image analysis
Data Processed: Images for processing
Retention Policy: Deleted after processing; logs may be kept up to 30 days


3. WhatsApp (Meta)
Role: Messaging platform
Data Processed: Images during transmission
Retention Policy: Per WhatsApp's privacy policy
 

Review Their Policies:

 

5.9 Technical Constraints

While we strive to delete images promptly, certain technical factors may occasionally delay deletion:

  • Network delays: If Twilio's API is temporarily unavailable

  • Processing failures: If our deletion job encounters errors (we retry automatically)

  • Database replication lag: Brief delays in multi-region database systems

  • Third-party systems: We cannot control Google's or WhatsApp's internal processing timelines

We monitor for such delays and investigate any deletion failures within 24 hours.

 

5.10 Transparency Commitment

We commit to:

  • Maintaining accurate logs of all image deletions

  • Monitoring compliance with our 7-day retention policy

  • Alerting our team immediately if any images exceed the 7-day limit

  • Investigating and resolving any retention policy violations within 48 hours

  • Providing you with deletion confirmation upon request

 

5.11 User-Requested Deletion

You can request immediate deletion of images you've sent to Simone:

How to Request:

  • Via Message: Send "delete my images" or "delete images" to Simone

  • Via Email: Email info@kantara.life with subject "Delete My Images"

What We Cannot Delete:

  • Images on your own device (you must delete these manually)

  • Images that Google may have processed according to their Cloud services terms

  • Images transmitted through WhatsApp according to WhatsApp's policies

6. Data Accuracy and Retention (DPP2)

 

6.1 Accuracy

We take all practicable steps to ensure that personal data we hold is accurate and up-to-date.

If you believe any of your personal data is inaccurate or incomplete, you may request correction (see Section 11).

 

6.2 Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:


Encrypted message data
Retention Period: While you use our Services; up to 30 days after account deletion
Purpose: To maintain conversation context and personalize your experience


Temporary spam detection logs
Retention Period: 60 seconds (auto-expire)
Purpose: To detect and prevent abuse


Conversation context cache (Redis)
Retention Period: 15 minutes
Purpose: To provide fast context retrieval for continuous conversations


Message processing queues
Retention Period: 5 minutes
Purpose: To deliver messages reliably


Image files (in-memory)
Retention Period: 1-5 minutes (during processing)
Purpose: To analyze images and provide responses


Image files (Twilio storage)
Retention Period: Maximum 7 days (auto-deleted)
Purpose: To enable message delivery via WhatsApp


Image URLs (database)
Retention Period: Maximum 7 days (auto-deleted)
Purpose: To reference media for context


Account data
Retention Period: While you maintain an account
Purpose: To provide authentication and maintain preferences


Anonymized, aggregated data
Retention Period: May be retained indefinitely
Purpose: For research and service optimization (cannot identify individuals)


Legal/regulatory data
Retention Period: As required by applicable law
Purpose: To comply with legal obligations


6.3 Deletion Requirements

Once personal data is no longer required for the purpose for which it was collected, we will take all practicable steps to securely delete or anonymize it, unless:

  • Erasure is prohibited by law, or

  • Erasure is not in the public interest

This complies with Section 26 of the PDPO.

 

6.4 Data Processor Obligations

We ensure through contractual means that any data processors we engage comply with the same retention and accuracy requirements.

 

6.5 Your Deletion Rights

You may request deletion of your personal data at any time (see Section 11). We will comply unless retention is required by law or necessary to protect important interests.

7. Use of Personal Data (DPP3)
 

7.1 Permitted Uses

We use your personal data only for the purposes stated in Section 4, which are the purposes for which the data was originally collected or purposes directly related to those original purposes.
 

7.2 New or Unrelated Uses Prohibited

We will not use your personal data for any new purpose that is not or is unrelated to the original collection purpose unless we obtain your express and voluntary consent beforehand.
 

7.3 Withdrawal of Consent

If you have previously provided consent for a particular use of your personal data, you may withdraw that consent at any time by providing written notice to us (see Section 20).

We will cease the relevant use upon receiving your withdrawal, though this may affect our ability to provide certain services. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

8. Direct Marketing (Part 6A of PDPO)
 

8.1 No Marketing Without Consent

We will not use your personal data for direct marketing purposes unless we have obtained your prior express consent, meaning an explicit indication by you (such as ticking a box, clicking a button, or sending a clear affirmative message).
 

8.2 Information Provided Before Seeking Consent

Before seeking your consent for direct marketing, we will inform you of:

  • Our intention to use your personal data for direct marketing

  • The fact that we cannot use your data for direct marketing without your consent

  • The kinds of personal data to be used (e.g., name, email address)

  • The classes of products, services, or subjects to be marketed (e.g., Simone updates, parenting resources, new features)

  • Your right to opt out at any time without charge

  • How to exercise your opt-out right
     

8.3 Transfer to Third Parties for Direct Marketing

We do not provide personal data to third parties for their direct marketing purposes.

If we ever intend to do so in the future, we will:

  • Seek your separate, explicit consent for such transfer

  • Inform you of the classes of persons to whom the data may be provided

  • Inform you of the classes of products, services, or subjects to be marketed by those third parties

  • Inform you whether we will receive any gain from providing the data

  • Provide clear opt-out mechanisms


8.4 Your Opt-Out Rights

You have the right to opt out of direct marketing at any time, free of charge.

To opt out:

  • Email communications: Use the unsubscribe link at the bottom of any email

  • Text messages: Follow the instructions in the text message or contact us

  • Push notifications: Change the settings on your mobile device

  • General opt-out: Contact us at info@kantara.life

We will cease using your data for direct marketing within 10 working days of receiving your opt-out request.


8.5 Important Service Communications

You may continue to receive important transactional communications necessary for the Services, such as:

  • Updates to our terms or this Privacy Policy

  • Security alerts

  • Responses to your support requests

  • Service-related announcements

These are not considered "direct marketing" and are necessary for service delivery.

9. Data Security (DPP4)
 

We take all practicable steps to protect personal data against unauthorized or accidental access, processing, erasure, loss, or use. Our security measures include:
 

9.1 Technical Safeguards

Encryption:

  • All messages stored in Simone's database are encrypted using Fernet symmetric encryption (AES-128 + HMAC)

  • Messages temporarily cached in Redis for performance (15 minutes) are stored unencrypted for fast retrieval

  • Messages in transit are always encrypted (HTTPS/TLS)

  • Images are transmitted and processed using secure protocols

Anonymization:

  • User phone numbers are replaced with irreversible salted SHA-256 hashes to prevent re-identification

  • We never store your actual phone number in our systems

Secure Infrastructure:

  • Cloud-enabled infrastructure designed to reduce our data footprint

  • Sensitive personal data is segregated in dedicated environments with clear access control

  • Technical network controls including multi-factor authentication

Automated Security:

  • Redis-based spam detection with automatic expiration (within 60 seconds)

  • Automated vulnerability scanning and monitoring
     

9.2 Organizational Safeguards

Staff Training:

  • All personnel with potential access to systems are trained in data protection principles

Vendor Management:

  • Third-party data processors are selected based on their security capabilities

  • Regular vendor security assessments

Security Testing:

  • Regular penetration tests and vulnerability assessments

  • Code reviews for security issues

  • Internal compliance reviews

Incident Response:

  • Business continuity and disaster recovery plans

  • Incident response procedures

  • Breach notification protocols


9.3 Risk Assessment

We regularly assess security measures having regard to:

  • The nature of the personal data held (including sensitivity)

  • The potential harm from unauthorized access, loss, or misuse

  • The physical and digital location where data is stored

  • Security measures for ensuring integrity, prudence, and competence of persons with access

  • The latest security threats and vulnerabilities


9.4 Limitation of Liability

Despite these comprehensive safeguards, no electronic transmission or storage system is completely secure. While we take all practicable steps as required by the PDPO, we cannot guarantee absolute security.

To the fullest extent permitted by applicable law, we do not accept liability for unauthorized access, use, disclosure, or loss of personal data that occurs despite our reasonable security measures.


9.5 Your Role in Security

You also play an important role in protecting your data. Please see Section 19 for your responsibilities in safeguarding your personal data.

10. Openness and Transparency (DPP5)
 

10.1 Our Commitment

We are committed to being open and transparent about our data handling policies and practices. This Privacy Policy is our primary means of fulfilling this commitment.
 

10.2 Information We Provide

Through this Privacy Policy and other communications, we inform you of:

  • The kinds of personal data we collect and hold

  • The main purposes for which we collect and use personal data

  • Our policies and practices in relation to personal data

  • How to exercise your rights

  • Who to contact with questions or concerns
     

10.3 Access to This Policy

This Privacy Policy is:

  • Available on our website at https://www.kantara.life/privacy-policy

  • Provided to users upon request at any time

  • Available through Simone by asking Simone about privacy

  • Updated periodically to reflect changes in our practices
     

10.4 Accessible Language

We strive to explain our practices in clear, plain language that is understandable to individuals without legal or technical expertise.
 

10.5 Changes to Our Practices

If we make material changes to how we handle personal data:

  • We will update this Privacy Policy

  • We will update the "Last Updated" date

  • For significant changes affecting your rights, we may seek renewed consent where required by law

 

11. Your Rights: Access and Correction (DPP6)
 

You control your personal data. Under the PDPO, you have comprehensive rights regarding your personal data, and we honor these rights regardless of where you live or are physically located.


11.1 Right to Access

You have the right to:

  • Request confirmation of whether we hold personal data about you

  • Be provided with a copy of your personal data, including:

    • Your conversation transcripts with Simone (if still retained)

    • Images you've uploaded (if still retained)

    • Account information and preferences

    • Any other personal data we hold about you

  • Be informed of the kinds of personal data we hold, the purposes for which they are used, and the classes of persons to whom they may be disclosed


11.2 Right to Correction

You have the right to:

  • Request correction of personal data that is inaccurate

  • Request addition of information if your personal data is incomplete in a way that is misleading

  • Request that we update outdated information


11.3 Right to Deletion/Erasure

While not explicitly required by the PDPO, we honor your right to request deletion of your personal data. We will comply with such requests where:

  • The data is no longer necessary for the purposes for which it was collected

  • You withdraw consent (where consent was the basis for processing)

  • The data has been unlawfully processed

  • Deletion is not prohibited by law or contrary to public interest

To delete your complete chat history with Simone you can message her directly with the command: delete chat history

Warning: this will erase all personalization and information about you to Simone, and subsequent chats will start from blank. This action is irreversible.
 

11.4 How to Submit Requests

Easy Access Request (Conversation Transcripts):

  • Email info@kantara.life from the email address you used (if applicable)

  • After verifying your identity, you will be sent a file containing your conversations with Simone

Formal Data Access, Correction, or Deletion Requests:

Contact us in writing:

  • Data Protection Officer

  • Kantara Limited

  • Email: info@kantara.life

  • Subject line: "Data Access Request – Simone" or "Data Correction Request – Simone" or "Data Deletion Request – Simone"


11.5 Our Response Timeline

  • Acknowledgment: We will acknowledge your request within 10 working days

  • Full Response: We will respond to valid data access or correction requests within forty (40) days of receiving your request, in accordance with the PDPO

  • Complex Requests: For particularly complex or voluminous requests, we may extend the response time and will inform you of the extension and reasons


11.6 Information Required to Process Requests

To process your request efficiently and verify your identity, we may ask you to:

  • Provide sufficient information to locate your data (e.g., phone number used with Simone, approximate dates of interaction)

  • Specify the personal data you wish to access, correct, or delete

  • Provide proof of identity (to prevent unauthorized access to your data)


11.7 Fees

  • Data Access Requests: In certain cases, we may charge a reasonable fee for complying with a data access request to cover our administrative costs. We will inform you of the fee before processing your request and give you the option to withdraw your request.

  • Data Correction Requests: No fee will be charged for data correction requests

  • Data Deletion Requests: No fee will be charged for data deletion requests


11.8 Circumstances for Refusal

We may refuse a data access or correction request (in whole or in part) in certain circumstances permitted by the PDPO, such as:

  • The request is frivolous or vexatious

  • Complying would likely prejudice ongoing legal proceedings or criminal investigations

  • Complying would reveal confidential commercial information

  • The data is subject to legal professional privilege

  • Exemptions under the PDPO apply (see Section 12)

 

12. Exemptions
 

Under the PDPO, certain exemptions may apply to the disclosure, use, or retention of personal data. We will only rely on such exemptions where legally permitted and necessary.

13. Disclosure of Personal Data
 

13.1 No Sale or Trading

We do not sell, rent, or trade your personal data to third parties.
 

13.2 Permitted Disclosures

Personal data may be disclosed only in the following circumstances:

Service Providers (Data Processors)

We engage third-party service providers to perform functions on our behalf, such as:

  • Cloud hosting and infrastructure (e.g., Neon Postgres)

  • AI processing services (DeepSeek API, Google Gemini API - see Section 14)

  • Message delivery platforms (WhatsApp, Twilio)

  • Analytics and system monitoring services

Legal Obligations

We may access, preserve, and disclose personal data when required or authorized by law, including:

  • Compliance with legal processes: Court orders, subpoenas, or regulatory requests

  • Law enforcement requests: When required by law enforcement or national security authorities

  • Legal rights protection: To enforce our policies or contracts, or protect our rights, property, or safety

  • Protection of others: To protect the rights, property, or safety of our users or third parties

  • Prevention of illegal activity: To assist with investigation or prosecution of suspected or actual illegal activity

We will comply with such requests in good faith and in accordance with applicable law.

Corporate Transactions

In the event of a merger, acquisition, reorganization, bankruptcy, receivership, or sale of assets, personal data may be transferred to the successor entity, provided that:

  • The successor entity agrees to handle data consistently with this Privacy Policy

  • You are notified of any such transfer

  • Data protection standards remain equivalent

  • The transfer is permitted by law and/or contract

With Your Consent

Any other disclosure will be made only with your express consent.


13.3 De-identified and Aggregated Data

We may use your personal data to create de-identified and/or aggregated data, such as:

  • General usage statistics

  • Conversational trend analysis

  • Service performance metrics

  • User demographic summaries (non-identifiable)

De-identified and/or aggregated data is not personal data (it cannot identify you) and we may use and share this data as permitted by law, such as:

  • With academic partners for research

  • In presentations or publications about Simone's effectiveness

  • For marketing and business development purposes

Important: We will never share your conversation transcripts with third parties, even in de-identified form, without your explicit consent.


13.4 What We Do NOT Share

We do not share:

  • Your conversation transcripts with Simone (except as necessary for AI processing)

  • Your images (except as necessary for temporary processing)

  • Your identifiable personal data with advertisers

  • Your data with partner programs (we do not currently operate partner programs, but see Section 13.5 for how we would handle this if introduced)


13.5 Future Partner Programs (Not Currently Active)

We may in the future partner with organizations (such as healthcare providers, employers, or research institutions) to offer Simone through specialized programs.

If we introduce partner programs:

  • Your participation would be optional

  • We would require your separate agreement for any data sharing

  • We would be transparent about what data is shared and why

  • Any data sharing would be governed by additional terms beyond this Privacy Policy

  • We would never share conversation transcripts without your explicit consent

  • Partner programs would be subject to the partner's own terms and privacy policy

14. Third-Party Services and Data Processors

To provide Simone's AI capabilities, we engage certain third-party service providers as data processors. While we implement strong privacy and security measures, these third parties process your data according to their own operational practices.

​

14.1 DeepSeek API (Chat Processing)

We use DeepSeek API to process text-based chat interactions with Simone.

 

What They Process:

  • Your conversation messages with Simone (text only)

  • System prompts and instructions

 

Data Protection Measures We Implement:

  • We hash all user phone numbers using salted SHA-256 encryption so they cannot be linked to chat content

  • All chats are encrypted on our servers using Fernet symmetric encryption before and after transmission

  • Messages are transmitted over secure, encrypted connections

  • We have selected DeepSeek based on their representation that they do not use API data to train or improve their models

 

DeepSeek's Practices:

According to DeepSeek's policies, they do not use any data, content, or information you submit to or receive from their API to train or improve their models. However, DeepSeek may work with sub-processors that can access your chats.

 

Their Policies:

 

IMPORTANT: Medical Information Processing

If you choose to share medical information with Simone (such as allergies, medications, disabilities, or health concerns), this information will be:

  • Included in your user profile for personalization

  • Transmitted to DeepSeek API (located in China) with every conversation to provide context-aware responses

  • Processed by our AI models for analysis and personalization

  • Stored in encrypted form in our database

 

By sharing medical information with Simone, you explicitly consent to this processing. You can request deletion of your medical information at any time by contacting us.

Important Reminders:

  • Simone does not provide professional medical advice

  • Do not rely on Simone for medical diagnosis or treatment

  • Always consult qualified healthcare professionals for medical concerns

  • In medical emergencies, contact emergency services immediately


14.2 Google Gemini API (Image Processing)

We use Google Gemini API for processing and analyzing images you send to Simone.

 

What They Process:

  • Images you upload to Simone

  • Associated prompts for analysis

 

Data Protection Measures We Implement:

  • Images are transmitted over encrypted connections (HTTPS/TLS)

  • Images are deleted as soon as processing is complete (typically within minutes)

  • Metadata is stripped where technically feasible

  • We have selected Google based on their security capabilities and compliance certifications

 

Google's Practices:

Image processing is subject to Google's data handling practices as outlined in their service agreements. Google maintains comprehensive security and privacy programs.

 

Their Policies:

 

14.3 WhatsApp (Message Delivery Platform)

Messages are transmitted through WhatsApp's platform, which is owned by Meta Platforms, Inc.

 

Important:

  • WhatsApp messages are protected by end-to-end encryption when transmitted between you and our service

  • WhatsApp's own data collection and use practices are governed by their terms and privacy policy, which you should review separately

  • We do not control WhatsApp's practices regarding metadata or other information they may collect

 

Their Policies:

 

14.4 Twilio (WhatsApp Messaging Infrastructure)

We use Twilio to facilitate WhatsApp messaging between you and Simone.

 

What They Process:

  • Message content (text and images) transmitted between you and Simone

  • Your phone number (in hashed form where possible)

  • Message metadata (timestamps, delivery status, message IDs)

  • Technical information required for message delivery

 

What They Store:

  • Message Content: Twilio may temporarily store message content (including images) for up to 7 days to ensure reliable delivery, handle retry attempts, and maintain service operations

  • After 7 Days: Twilio automatically deletes stored messages and images

 

Data Protection Measures We Implement:

  • Messages are transmitted over encrypted connections (HTTPS/TLS)

  • We minimize the personal data transmitted to what is technically necessary for message delivery

  • We have contractually bound Twilio to data protection obligations consistent with the PDPO

  • We use Twilio's enterprise-grade infrastructure with appropriate security controls

 

Twilio's Role:

Twilio acts as a communications platform that connects our service to WhatsApp. Twilio:

  • Does not use your message content for their own purposes (e.g., advertising, analytics)

  • Maintains comprehensive security and compliance programs (SOC 2 Type II, ISO 27001)

  • May retain connection logs and technical metadata as required for service operations

  • Processes data in accordance with their Privacy Notice and Data Processing Addendum

 

Data Location:

  • Twilio's infrastructure spans multiple global regions

  • Message routing may involve data centers in the United States, Europe, and Asia-Pacific

  • Twilio maintains security controls across all regions

 

Their Policies:

 

Important: Twilio's processing of images during the 7-day window is subject to their Privacy Notice. We have selected Twilio based on their security capabilities and contractual commitments to data protection.

 

14.5 Neon Postgres (Database Hosting)

We use Neon for cloud-based PostgreSQL database hosting to store your encrypted conversation data.

 

What They Process:

  • Encrypted conversation data stored in our database

  • Hashed phone numbers

  • Message metadata (timestamps, message IDs)

  • System logs and technical information

 

Data Protection Measures We Implement:

  • All personal data is encrypted at rest using Fernet encryption before being stored in the Neon database

  • Database connections use encrypted SSL/TLS connections

  • Access to the database is restricted and authenticated

  • We use Neon's serverless Postgres platform which provides automatic scaling and high availability

 

Neon's Practices:

Neon provides serverless PostgreSQL hosting with built-in security features including encryption at rest, encrypted connections, and SOC 2 Type II compliance. Neon processes data as a database infrastructure provider but does not have access to the content of your conversations due to our encryption.

 

Data Location:

Neon databases can be hosted in various regions. Our database is hosted in Singapore to optimize performance and comply with data residency considerations.

 

Their Policies:

 

14.6 Your Acknowledgment and Control

By using Simone, you acknowledge that:

  • Your interactions may be processed by these third-party services

  • While we take all reasonable steps to protect your data through encryption, anonymization, and contractual obligations, we cannot control how third parties handle data once transmitted to their systems beyond our contractual requirements

  • You may review the privacy policies of these services if you have concerns about their data practices

  • You have the right to stop using Simone at any time if you are uncomfortable with these third-party processors

 
14.7 Limitation of Liability

We cannot guarantee the compliance of our third party services in all circumstances and are not liable for their independent actions that are outside the scope of our contractual relationship or that occur despite our reasonable oversight.

 
14.8 Changes to Third-Party Services

We may change or add third-party service providers from time to time to improve our Services. We will update this Privacy Policy to reflect any material changes to the third parties we use.

15. Cookies and Tracking (Website Visitors Only)

 

15.1 Use of Cookies

Our website (www.kantara.life) uses cookies and similar tracking technologies to enhance your browsing experience.

Note: We only use cookies on our website, not within the Simone WhatsApp service or mobile applications.

What are cookies? Cookies are small text files stored on your device that help websites remember your preferences and understand how you use the site.

 

15.2 Types of Cookies We Use

Essential Cookies:

  • Required for basic website functionality

  • Enable core features like page navigation and secure area access

  • Cannot be disabled without affecting website functionality

Analytics Cookies:

  • Help us understand how visitors use our website

  • Collect information about which pages are visited most often and any error messages

  • We may use Google Analytics for this purpose

  • All data collected is aggregated and anonymous

Preference Cookies:

  • Remember your settings and preferences

  • Enable personalization features

  • Remember language or region preferences

Marketing Cookies (Only with Your Consent):

  • Track your interests to show you relevant marketing content

  • Measure effectiveness of our marketing campaigns

  • We only use these with your explicit consent

 

15.3 Your Control Over Cookies

Browser Settings: You may control cookies through your browser settings:

  • Disable all cookies

  • Delete existing cookies

  • Receive notifications when cookies are set

  • Block third-party cookies

Popular browsers' cookie settings:

  • Chrome: Settings > Privacy and security > Cookies and other site data

  • Firefox: Settings > Privacy & Security > Cookies and Site Data

  • Safari: Preferences > Privacy > Cookies and website data

  • Edge: Settings > Privacy, search, and services > Cookies and site data

Important: Disabling certain cookies may affect website functionality. Some features may not work as intended if you block essential cookies.

 

15.4 Third-Party Cookies

Our website may include cookies from third-party services (such as Wix Analytics or embedded content from other sites). These third parties may collect information about your online activities across different websites.

We do not control these third-party cookies. Please review the privacy policies of these third parties for more information.

 

15.5 Cookie Policy Updates

We may update our use of cookies from time to time. Material changes will be reflected in this Privacy Policy and communicated through our cookie consent banner.

16. Children's Privacy

16.1 Age Restriction

Simone is designed to provide parenting guidance to adults. Our Services are not directed to children under the age of 18 (or another age as required by local law), and we do not knowingly collect personal data from children without parental consent.

 
16.2 Parental Awareness

If you are a parent or guardian:

  • Please supervise your child's device usage

  • Be aware of what applications and services your child accesses

  • Discuss online privacy and safety with your child

 
16.3 If We Learn of Child Data Collection

If you are a parent or guardian and believe your child has provided us with personal data without your consent:

  • Please contact us immediately (see Section 20)

  • Provide details about the account or interaction

  • Verify your relationship to the child

We will take steps to:

  • Verify the report

  • Delete the child's personal data promptly (unless we have a legal obligation to keep it)

  • Close any associated account

  • Implement measures to prevent future underage use if appropriate

 
16.4 No Knowing Collection

We do not knowingly collect or solicit personal data from children. If we learn that we have collected personal data from a child in violation of applicable law, we will take immediate action to delete such data.

17. International Data Transfers

 

17.1 Cross-Border Transfers

Your personal data may be transferred, stored, and processed in one or more countries outside of Hong Kong, including:

  • Countries where our cloud infrastructure is located (e.g., Neon data centers)

  • Countries where our AI service providers operate (e.g., U.S.A., China)

  • Other jurisdictions as necessary to provide our Services

These countries may have data protection laws that are different from Hong Kong law.

 

17.2 PDPO Section 33 (Not Yet in Force)

Note: Section 33 of the PDPO, which would regulate cross-border transfers of personal data, is not yet in force. However, we proactively take steps to ensure that international transfers are protected.

 

17.3 Safeguards We Implement

When transferring personal data outside Hong Kong, we implement safeguards including:

Technical Measures:

  • Encryption of data in transit and at rest

  • Anonymization of identifiers where possible

  • Secure transmission protocols (HTTPS, TLS)

Vendor Selection:

  • We select processors based on their security capabilities and certifications

  • We prefer processors with international privacy certifications (e.g., ISO 27001, SOC 2)

  • We verify that processors have appropriate data protection policies

18. Your Responsibilities

While we take extensive measures to protect your personal data, you also play an important role in safeguarding your information.

 

18.1 Safeguard Your Personal Data

 

Protect Your Device:

  • Use strong passwords or biometric locks on devices where you access Simone

  • Keep your device's operating system and apps up to date

  • Install reputable security software

  • Be cautious about where you leave your device unattended

  • Enable "Find My Device" features to locate or remotely wipe lost devices

 

Protect Your Account:

  • If you create an account with an email/password, use a strong, unique password

  • Do not share your login credentials with others

  • Log out of shared or public devices

  • Be wary of phishing attempts asking for your credentials

 

Secure Your Communications:

  • Be mindful of what personal information you share in conversations with Simone

  • Do not include sensitive information like government ID numbers, bank account details, or passwords in your messages unless specifically requested and necessary

  • Remember that while we protect your data, you control what you choose to share

​

18.2 Report Security Issues

If you discover a security vulnerability or suspect unauthorized access to your account:

  1. Contact us immediately (see Section 20)

  2. Change your passwords if applicable

  3. Document any suspicious activity

We take security reports seriously and will investigate promptly.

 

18.3 Review Privacy Practices Regularly

Read and Understand This Privacy Policy:

  • Review this Privacy Policy periodically to stay informed about our practices

  • Pay attention to updates (we'll notify you of material changes)

  • Contact us if you have questions about any aspect of this policy

Review Third-Party Privacy Policies:
The Services may contain links to third-party websites or applications not covered by this Privacy Policy. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications.

It is your responsibility to:

  • Review the privacy policies of third parties before sharing personal data with them

  • Understand what data they collect and how they use it

  • Make informed decisions about whether to use third-party services

Providing personal data to third-party websites or applications is at your own risk.

 

18.4 Protect Children's Information

If you are a parent or guardian:

  • Monitor your children's device usage

  • Educate your children about online privacy and safety

  • Be aware that Simone is designed for adults and is not intended for children under 18

  • If your child has used Simone, contact us immediately so we can delete their data (see Section 16)

 

18.5 Use Services Appropriately

Do Not:

  • Use Simone for illegal purposes

  • Attempt to hack, disrupt, or abuse our Services

  • Share content that violates others' privacy rights

  • Impersonate others or create fake accounts

  • Upload malicious code or files

Misuse of our Services may result in:

  • Suspension or termination of your access

  • Reporting to authorities if illegal activity is suspected

  • Legal action if you cause harm to us or others

 

18.6 Keep Your Information Current

If your personal information changes (e.g., email address, preferences):

  • Update your information promptly

  • Contact us if you need assistance updating your data (see Section 11)

  • Keeping your information current helps us serve you better and contact you if necessary

 

18.7 Understand Limitations

Simone Is Not a Substitute for Professional Advice:

  • Simone provides general informational guidance only

  • Do not rely on Simone for medical, legal, financial, or other professional advice

  • Always consult qualified professionals for serious concerns

  • In emergencies, contact emergency services immediately

We Are Not Responsible for:

  • Decisions you make based on information from Simone

  • Third-party content or services you access through links from Simone

  • Loss or damage resulting from your failure to safeguard your device or credentials

19. Contact Us

 

19.1 Questions, Comments, or Concerns

If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us:

Data Protection Officer
Kantara Limited

Email: info@kantara.life
Subject line: "Privacy Question – Simone" or "Data Request – Simone"

 

19.2 Response Timeline

  • Acknowledgment: We will acknowledge your inquiry within 10 working days

  • General Questions: We aim to respond to general privacy questions within 10-15 working days

  • Formal Data Requests: We will respond to data access, correction, or deletion requests within 40 days as required by the PDPO (see Section 11)


19.3 What to Include

To help us respond efficiently, please include:

  • Your name (or the name you use with Simone)

  • Your contact information

  • A clear description of your question or request

  • Any relevant details (e.g., approximate dates of interactions, specific data you're asking about)

  • If requesting data access/correction/deletion, information to help us verify your identity


19.4 Security Concerns

For urgent security matters (such as suspected data breaches or unauthorized access), please:

  • Mark your email as "URGENT – Security Issue"

  • Provide as much detail as possible about the issue

  • We will prioritize security reports and respond promptly


19.5 Feedback Welcome

We value your feedback on our privacy practices and this Privacy Policy. If you have suggestions for how we can improve transparency or better protect your privacy, please let us know.

 

20. Updates to This Policy


20.1 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices or Services

  • Changes in applicable laws or regulations

  • Changes in technology or security measures

  • Feedback from users or regulators

  • New features or functionality in Simone

  • Changes to third-party services we use


20.2 Notification of Changes

When we make material changes to this Privacy Policy:

We will:

  • Update the "Last Updated" date at the top of this policy

  • Notify you through appropriate channels, such as:

    • A message from Simone when you next interact with the service

    • Email to any email address you've provided (if applicable)

    • Prominent notice on our website

    • Push notification (if you've enabled notifications)

For significant changes affecting your rights:

  • We may seek renewed consent where required by law

  • We will provide clear information about what has changed and how it affects you

  • You will have the opportunity to review changes before they take effect


20.3 Effective Date of Changes

  • Changes will become effective on the date specified in the updated Privacy Policy

  • We will typically provide at least 14 days' notice before material changes take effect

  • For non-material changes (e.g., clarifications, formatting), changes may be effective immediately upon posting


20.4 Current Version

The most current version of this Privacy Policy will always be available:

  • On our website at https://www.kantara.life/privacy-policy

  • Through Simone by asking: "Can I see the privacy policy?"

  • By contacting us directly (see Section 20)

  • We recommend bookmarking the policy page for easy reference


20.5 Continued Use After Changes

Your continued use of Simone after changes to this Privacy Policy take effect constitutes your acceptance of the updated terms.

If you do not agree with the updated Privacy Policy:

  • You may stop using Simone

  • You may request deletion of your data (see Section 11)

  • We will honor your rights under the version of the Privacy Policy that was in effect when you provided your data


20.6 Archived Versions

For transparency, we may maintain archived versions of this Privacy Policy. You can request previous versions by contacting us.


20.7 Review Regularly

We encourage you to:

  • Review this Privacy Policy regularly to stay informed about our practices

  • Check the "Last Updated" date when you visit

  • Contact us if you have questions about any changes

 

21. Summary of Our Privacy Commitment

Your privacy and trust are fundamental to Simone's design and our business. We are committed to:


Core Principles

✓ Transparency

  • Clear explanation of what data we collect and why

  • Open communication about our practices

  • Easy-to-understand language in our policies

✓ Purpose Limitation

  • Using data only for stated, legitimate purposes

  • Never using your data for purposes you haven't been informed about

  • Seeking new consent if we want to use data for new purposes

✓ Data Minimization

  • Collecting only what is necessary to provide and improve Simone

  • Not collecting excessive or unnecessary personal data

  • Limiting retention to only what's needed

✓ Security

  • Strong encryption (AES-128 for stored data)

  • Anonymization of identifiers

  • Strict access controls

  • Regular security testing and updates

✓ Retention Limits

  • Keeping data only as long as necessary

  • Automatic deletion when data is no longer needed

  • Clear retention periods for different types of data

  • Secure deletion procedures

✓ Your Rights

  • Honoring your rights to access, correct, and delete data

  • No charge for most data requests

  • Clear processes for exercising your rights

✓ No Sale of Data

  • Not selling your personal data to third parties

  • Not sharing your data with advertisers

✓ Control and Consent

  • You decide what to share with Simone

  • Clear consent for direct marketing

  • Easy opt-out mechanisms

  • Respect for your withdrawal of consent

✓ Accountability

  • Investigating and addressing complaints

  • Continuous improvement of privacy practice

 

By using Simone, you acknowledge that you have read and understood this Privacy Policy.

If you have any questions or concerns about your privacy, please don't hesitate to contact us at info@kantara.life

  • X
  • Facebook
  • Instagram
bottom of page