How we protect your conversations
Dot is a place many people share things they haven't said out loud yet. That only works if we take the safekeeping of those conversations seriously. Here's how we do it, in plain English.
Encryption in transit and at rest
All traffic between your device and Dot is protected by TLS 1.2+ (HTTPS). Your conversations, tracked symptoms, and account data are encrypted at rest with AES-256 in our managed database.
We never sell your data
Full stop. Your data is not sold to advertisers, data brokers, insurers, or third parties for marketing. You are not the product.
You can delete your data
You can delete your conversations, tracked symptoms, and your entire account from Settings → Account at any time. Deletion is permanent within a short retention window required for backups and abuse prevention. Details in the Privacy Policy.
Payments handled by Stripe
All billing runs through Stripe, a PCI-DSS Level 1 compliant payment processor. Dot never sees or stores your card number. Your card details go directly from your browser to Stripe.
Least-privilege access
Access to production systems and user data is tightly limited to a small number of engineers, logged and reviewed, and used only for support and maintenance — never for browsing conversations.
Reporting a security issue
If you believe you've found a security vulnerability, please email support@kindr.health with details. We take reports seriously and will respond promptly.
What we don't claim
Dot is an educational and supportive AI companion, not a covered healthcare provider. We do not claim HIPAA covered-entity status. Where regulatory protections do apply to your data, we follow them; where they don't, we still hold ourselves to the practices above.