KimatAI

Privacy Policy

Last updated: 11 June 2026

KimatAI (“the Service”) is operated by MENTIUS LTD (“we”, “us”). This policy explains what personal data we collect when you use kimatai.com, why we collect it, and the choices you have. We keep it deliberately plain-language; if anything is unclear, email us at contact@kimatai.com.

What we collect

  • Account data — your email address and a password (stored and hashed by Google Firebase Authentication; we never see your password).
  • Trip content — the trips you create: itineraries, bookings you record, packing lists, expenses, chat messages with the trip companion, and people you invite or names you add for cost-splitting.
  • Usage counters — how many AI itineraries you have generated, used to enforce plan limits.
  • Payment data — if you subscribe, payments are handled entirely by Stripe. We store only your Stripe customer reference and subscription status, never card details.

We do not collect advertising identifiers, run third-party ad trackers, or sell personal data.

How your data is used

  • To provide the Service: storing and displaying your trips, syncing them across devices, and sharing them with people you invite.
  • AI processing — when you generate an itinerary, ask the companion a question, or use discovery, packing or walking-tour features, the relevant trip details and your message are sent to Google's Gemini API to produce the response. Google processes this data under its Gemini API terms.
  • Weather — day locations (coordinates only) are sent to OpenWeather to show forecasts.
  • To enforce plan limits and prevent abuse.

Where it lives

Data is stored in Google Cloud Firestore and served via Vercel. These providers act as our processors and may store data in data centres outside the UK/EEA with appropriate safeguards under their respective data processing terms.

Cookies

We use a single first-party session cookie (__session) to keep you signed in. It is essential to the Service and expires after 5 days. Your theme preference is stored locally on your device. We set no analytics or advertising cookies.

Sharing

Trips are private to you and anyone you explicitly invite as a member. If you create a share link, anyone with that link can view (not edit) the trip until you regenerate the link. We disclose data to third parties only as described above (Firebase, Gemini, OpenWeather, Stripe, Vercel) or where required by law.

Retention & deletion

Your data is retained while your account exists. Deleting a trip permanently removes its content, including companion conversations. To delete your account and all associated data, email contact@kimatai.com from your registered address and we will complete the deletion within 30 days.

Your rights

Under UK GDPR you can request access to, correction of, or deletion of your personal data, object to or restrict processing, and request portability. Contact contact@kimatai.com to exercise any of these. You also have the right to complain to the ICO (ico.org.uk).

Changes

We'll post any changes to this policy on this page and update the date above. Material changes will be flagged in the app.