Appearance
Privacy Policy
Effective date: 8 March 2026 Last updated: 8 March 2026
Kilnside Technologies Limited ("Kilnside", "we", "us") operates the Kernel mobile application and related cloud services (the "Service"). This policy explains how we collect, use, store, and protect your information when you use the Service.
1. Who We Are
Kilnside Technologies Limited is a company registered in England and Wales. For questions about this policy, contact us at privacy@kilnside.com.
2. Information We Collect
2.1 Account Information
When you sign up, we collect your name, email address, and the organisation you belong to.
2.2 Operational Data
Kernel records operational events for rural enterprises — including livestock, horticulture, food production, and land management. This data is entered by you (via text, voice, or NFC/RFID scanning) and belongs to your organisation. It may include:
- Asset records (identifiers, descriptions, status)
- Location and site data
- Treatment and input records
- Financial information (costs, valuations)
- Photographs attached to events
2.3 Voice Recordings
When you use voice input, your audio is processed in real-time to extract structured events. Audio is streamed to a third-party AI provider for transcription and is not stored by Kilnside after processing.
2.4 Device & Usage Data
We collect limited technical data to keep the Service running:
- Device type and operating system version
- App version
- Crash reports and error logs
- AI interaction logs (prompts and responses, stored to improve accuracy)
2.5 Location Data
With your permission, we record GPS coordinates on events for traceability and regulatory compliance. Location data is only captured when you actively create an event.
2.6 NFC & Bluetooth
With your permission, the app reads NFC tags and communicates with RFID hardware over Bluetooth. Tag identifiers are stored as part of your asset records.
3. How We Use Your Information
We use the data we collect to:
- Provide the Service — record, store, and query your operational events.
- AI-assisted data entry — our AI assistant processes your natural-language input (voice or text) to structure events. The AI does not invent data.
- Regulatory compliance — generate reports required by relevant authorities (e.g. DEFRA, APHA).
- Offline synchronisation — events recorded without signal are stored on your device and synced when connectivity resumes.
- Analytics — provide operational and financial insights to your organisation.
- Improve the Service — diagnose bugs, monitor performance, and improve AI accuracy.
4. Legal Basis for Processing (UK GDPR)
| Purpose | Legal basis |
|---|---|
| Providing the Service | Performance of a contract |
| Regulatory compliance | Legal obligation |
| AI accuracy improvement | Legitimate interest |
| Marketing communications | Consent (opt-in only) |
5. Data Sharing
We do not sell your data. We share data only in these limited circumstances:
| Recipient | Purpose | Data shared |
|---|---|---|
| AI provider (Google) | Voice transcription and AI processing | Prompts and voice audio streams (no raw PII) |
| Cloud infrastructure providers | Database hosting and storage | Service data (encrypted at rest) |
| Your organisation's other users | Multi-user collaboration | Operational data scoped to your organisation |
| Regulators / auditors | When you choose to export compliance reports | Only the specific report data you export |
We will also disclose data if required by law or to protect our legal rights.
6. Data Isolation
Your organisation's data is strictly isolated. Every query is scoped to your organisation's unique identifier using security controls enforced at the database level. Users in one organisation cannot see, query, or infer the existence of another organisation's data.
7. Data Storage & Security
- Encryption at rest: All data is encrypted at the storage layer.
- Encryption in transit: All connections use TLS 1.2+.
- Append-only event history: Operational records cannot be silently edited or deleted — corrections are made by appending a new event that references the original, preserving a complete audit trail.
- Access controls: Role-based permissions restrict what each user can see and do within their organisation.
Data is hosted in the EU region.
8. Data Retention
- Operational event data: Retained for the lifetime of your organisation's account, or as long as required by applicable regulations (whichever is longer).
- Voice audio: Not retained after real-time processing.
- AI interaction logs: Retained for 12 months, then automatically deleted.
- Account data: Retained until you request deletion.
9. Your Rights (UK GDPR)
You have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your personal data ("Right to be Forgotten" — see below)
- Restrict processing
- Data portability — export your data in a machine-readable format
- Object to processing based on legitimate interest
- Withdraw consent at any time for consent-based processing
To exercise these rights, email privacy@kilnside.com.
Right to be Forgotten
When you request deletion, we permanently remove or anonymise your personally identifiable information (name, email, contact details). Historical operational events remain intact — referenced only by an anonymous identifier — so your organisation's records and audit trail are not broken. This satisfies UK GDPR while preserving the integrity required by regulators.
Statutory exception: Where applicable law requires your identity to be retained on specific records (e.g. veterinary medicine logs under the Veterinary Medicines Regulations), we will inform you and retain only what is legally required.
10. Children's Privacy
The Service is not directed at children under 16. We do not knowingly collect personal data from children.
11. Cookies
The Kernel mobile app does not use cookies. The web dashboard uses essential session cookies only (no advertising or tracking cookies).
12. International Transfers
Your data is processed within the UK and EU. Where our sub-processors operate outside these regions, transfers are covered by Standard Contractual Clauses or an adequacy decision.
13. Changes to This Policy
We may update this policy from time to time. Material changes will be notified via the app or email. The "Last updated" date at the top reflects the most recent revision.
14. Contact Us
Kilnside Technologies Limited Email: privacy@kilnside.com
If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.