Privacy and data practices

Private by default. Published by decision.

Genealogy data is relational: one person’s upload can describe many relatives who never agreed to be part of a service. Kin Resolve treats privacy as a publication decision, not a footer promise.

Product principle

The private archive and public story are different surfaces.

Imported records, research notes, DNA clues, cases, and unfinished hypotheses need a private place to develop. Public family history should contain only what an owner has reviewed and intentionally shared.

Current beta controls

What the software does today.

01

Private workspace access

Research pages and APIs require an authenticated archive membership in configured deployments.

02

Manual person publication

A profile is not public merely because it was imported. Current publication requires an explicit person-level decision.

03

Living-person gates

Living, private, sensitive, and unresolved life-status records are withheld from anonymous person views.

04

Optional external AI

The deterministic checks do not need an AI provider. Provider-backed analysis is enabled only by the archive operator.

05

An exit path

Full GEDCOM export helps keep the family archive portable rather than dependent on one hosted service.

06

Synthetic project data

The public repository and project demos use synthetic fixtures. Real genealogy and DNA files do not belong in source control.

External provider disclosure

Private context may leave the deployment when external AI is enabled.

When an operator configures an OpenAI-compatible provider, private workspace context may be sent to that provider to answer a research question. Provider choice, retention terms, and data handling remain the operator’s responsibility.

Do not configure provider-backed analysis for sensitive family or genetic information until you have evaluated that provider and your legal obligations.

Hosted-beta boundary

Important controls are still in development.

Multi-tenant isolation, invitations, hosted genetic-data consent, deletion workflows, breach operations, and counsel-approved compliance controls are not complete.

Kin Resolve does not currently claim GDPR compliance, production-grade hosted DNA handling, guaranteed backups, or complete fact-level publication control.

Before hosted access opens

The privacy work that cannot be waved away.

  1. Tenant isolationPropagate archive context everywhere and enforce database policies against cross-archive reads.
  2. Consent and retentionDefine what can be collected, why, for how long, and how a person can revoke or delete it.
  3. Operational controlsTest restore paths, safe errors, monitoring, incident response, and durable abuse limits.
  4. Legal reviewPublish counsel-approved privacy terms before accepting hosted family or genetic data.
This is a product-practices page—not a legal privacy policy.

Counsel-reviewed legal terms will be published before public hosted accounts accept family data. Beta applicants should submit only contact and workflow information.

Read the beta boundaries
Privacy-minded beta

Help test the boundary between private research and public history.

We’re looking for family historians willing to test realistic GEDCOM, source, case, publishing, and DNA-triage workflows.