We do not sell your data. We do not use your data to train AI models.
All data is encrypted with TLS 1.2+ in transit and AES-256 at rest. We host on SOC 2 Type II–certified infrastructure (Supabase, Netlify); YourKendra's own SOC 2 Type I audit is targeted for Q2 2026. Each business operates in a row-level-security-isolated tenant within our database.
We use the following subprocessors to deliver the platform. The full, current list is published on our security page:
We notify customers at least 30 days before adding a new subprocessor that materially expands the categories of personal data processed.
YourKendra records the calls Kendra answers on your behalf so you can review them in your dashboard, train Kendra, and verify what was said. By default Kendra plays a recording disclosure when the caller is dialing from a state that requires all-party consent for call recording (currently California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, New Hampshire, Pennsylvania, Washington, plus Oregon for telephone calls). You may also enable global recording disclosure from Settings → Phone, and you may disable call recording entirely.
You are the controller of the calls placed to your business number. You are responsible for any additional disclosures required by your jurisdiction or industry (HIPAA-covered calls, attorney-client calls, calls to minors, etc.). YourKendra acts as a processor for those recordings and will delete them on your written request.
Recordings are retained for 90 days by default and can be configured to 7, 30, 365 days, or "no recording" per Kendra agent.
You have the right to access, correct, port, or delete your personal data. You may opt out of marketing communications at any time. Contact us at privacy@yourkendra.com — we respond within 45 days.
If you are a California resident, you have the right to:
To exercise any of these rights, email privacy@yourkendra.com from the email address on your account, or use the "Your Privacy Choices" link in our footer. We verify requests by matching the requester's email and, for sensitive requests, requesting confirmation via a code sent to the verified address. We respond within 45 days. Authorized agents may submit requests on your behalf with written, signed authorization.
We do not sell or share personal information. We have not sold or shared personal information in the preceding 12 months.
The data controller is YOURKENDRA LLC. Our legal basis for processing is contractual necessity and legitimate interest. You have the right to data portability and erasure under GDPR.
We use essential cookies only for authentication and session management. We do not use advertising or tracking cookies.
Emails sent by YourKendra (welcome messages, transactional notifications, and outbound campaigns operated on behalf of our customers) include standard email-tracking technologies provided by our delivery providers (SendGrid, Resend):
This data is used to (a) measure delivery health, (b) honor unsubscribe requests, and (c) improve message relevance. You may suppress open tracking by disabling remote-image loading in your mail client. To stop all marketing email from us, click any unsubscribe link, reply with the word STOP, or email privacy@yourkendra.com.
We retain different categories of data for different periods, balancing your purpose-limitation rights (GDPR Art. 5) against legal recordkeeping obligations:
You may request immediate deletion of any of the above (subject to overriding legal-hold obligations) by emailing privacy@yourkendra.com.
YourKendra is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors.
Material changes to this policy will be communicated to active subscribers via email at least 14 days before taking effect.
For privacy-related questions, contact us at hello@yourkendra.com.