Government requests
Q1 2026 (build phase): Zero government requests received. Zero data shared. We have no production user data to share.
When CalmKin is in production, we will publish: total requests received, jurisdictions, type of request (subpoena, warrant, mutual legal assistance treaty), what we provided, what we refused, and how many requests were accompanied by a gag order we could not disclose.
Security incidents
Q1 2026 (build phase): Zero security incidents. Zero notifications sent.
When in production, any incident affecting user data will be disclosed within 72 hours of discovery via in-app notice, email to affected accounts, and an entry on this page that remains forever.
Subprocessors and infrastructure
The CalmKin product runs on Cloudflare (edge, hosting, R2 storage), one major LLM inference provider (rotating; current provider listed publicly when launched), and a single transactional email provider. No advertising network. No analytics tracker that profiles individuals. Subprocessor list is published in full and updated whenever it changes.
Editorial decisions
Where CalmKin makes a judgement call about what counts as a serious enough pattern to alert on, we publish the rule, who reviewed it, and how we test it. Our alert taxonomy is reviewed quarterly with an external panel of child psychologists and updated openly.
Things we do not collect
Browsing history outside connected apps. Photos in the camera roll. Banking, health, fertility, religious, or political app data. Voice or video call audio. Real-time location, except when an opted-in family safety feature is explicitly enabled.
What you can audit
From the app, your child can see exactly what we read, when we last read it, and what was shared with you. You can request a complete data export within 24 hours. You can request a complete deletion within 7 days. We do not consider any of this a feature — it is the minimum for a company that handles families this closely.