Privacy Policy

Last updated: June 10, 2025

Kestrel is built for families tracking seizures. Your health data is sensitive and personal. We collect only what is necessary to run the app, we never sell your data, and we never share it with advertisers.

Who We Are

Kestrel is developed and operated by Lockard Labs LLC ("we," "us," or "our"). You can reach us at support@kestrelst.com.

What Data We Collect

When you use Kestrel, we collect the following categories of information:

Account information: your email address and an optional display name, used to authenticate you and identify you to caregivers you invite.
Subject profiles: name and optional date of birth for the person whose seizures you are tracking.
Seizure events: timestamps, duration, seizure type, severity, associated conditions, and any notes you enter.
Medication records: medication names, dosages, frequency, and a history of changes you log.
Caregiver relationships: email addresses of caregivers you invite to share access to a subject profile.

We do not collect location data, contacts, device identifiers, or any other information beyond what is described above.

How We Use Your Data

We use your data solely to operate the app:

To store and display your seizure and medication history.
To enable shared access when you invite a caregiver.
To generate analytics and reports within the app.
To send transactional emails (e.g., caregiver invitation links).

We do not use your data for advertising, profiling, or any purpose other than operating Kestrel for you.

How We Store Your Data

Your data is stored in a secure cloud database provided by Supabase, which is hosted on Amazon Web Services in the United States. All data is encrypted in transit (TLS) and at rest. Access is enforced by row-level security policies: your data is only accessible by you and the caregivers you explicitly invite.

Data Sharing

We do not sell, rent, or trade your personal information. We share your data only in the following limited circumstances:

Caregivers you invite: When you invite another user as a caregiver, they gain access to the subject's event and medication history within the app.
Service providers: We use Supabase (database and authentication), Expo (app build infrastructure), and Resend (transactional email). These providers process data only as necessary to deliver their services to us and are bound by their own privacy policies.
Legal requirements: We may disclose data if required by law, court order, or governmental authority.

Data Retention and Deletion

Your data is retained as long as your account is active. You may request deletion of your account and all associated data at any time by emailing support@kestrelst.com. We will process deletion requests within 30 days.

Note: if you have shared access with other caregivers, deleting your account removes your own account record but does not delete the subject profile or its event history, which may still be accessible to the subject's owner.

Children's Privacy

Kestrel is designed to be used on behalf of children by their parent or guardian — not by children directly. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account without parental consent, please contact us at support@kestrelst.com and we will delete the account promptly.

Your Rights

Depending on where you live, you may have rights including the right to access, correct, or delete your personal data. To exercise any of these rights, contact us at support@kestrelst.com.

Changes to This Policy

If we make material changes to this policy, we will notify you by email or through a notice in the app before the changes take effect. The "Last updated" date at the top of this page always reflects the current version.

Contact

Questions or concerns about your privacy? Email us at support@kestrelst.com. We respond within 2 business days.