Privacy Policy

Last Updated: March 4, 2026  ·  Effective: March 4, 2026

1. Introduction

Welcome to Kinesis: Social Fitness App ("Kinesis", "we", "our", or "us"), developed by Ivan Sentemon. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile application ("App") available on the Apple App Store and Google Play Store.

By downloading, installing, or using Kinesis, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.

Target Audience: Kinesis is intended for users aged 16 and older. We do not knowingly collect personal information from children under the age of 16. If you are under 16, please do not use the App. If we learn that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information promptly.

2. Information We Collect

2.1 Account & Identity Data

When you create an account, we collect:

• Full name
• Username
• Email address
• Password (managed and encrypted by our identity provider, Keycloak)
• Google account credentials (if you sign in via Google OAuth; we receive only an authorization code, not your Google password)
• Account creation date and activity timestamps (e.g., last seen)

2.2 Profile Data

To personalize your experience, you may provide:

• Profile biography (free text)
• Profile photo / avatar image
• Date of birth
• Sex / gender (Male, Female, or Other)
• Height (in centimeters)
• Weight (in kilograms)
• Activity level (Sedentary, Lightly Active, Moderately Active, Very Active)
• Fitness goal (Lose Weight, Maintain, Gain Weight)
• Favorite workout types (e.g., Cardio, Strength Training, Yoga)

2.3 Health & Fitness Data

When you use our fitness tracking features, we collect:

• Workouts (title, description, duration, difficulty, cover image)
• Exercises (name, target muscle group, difficulty level)
• Sets and repetitions (reps, weight lifted, completion status, timestamps)
• Workout sessions (start time, duration, calories burned)
• Daily burned calories
• User streaks (current streak, longest streak, last completed date)
• Calorie budget and macronutrient goals (protein, carbohydrates, fat)

If you grant permission, we may also read:

• Steps count (from Apple Health / Google Health Connect)
• Active calories burned (from Apple Health / Google Health Connect)
• External workout data (activity type, start/end time, calories, distance) synced from Apple Health or Google Health Connect

Important: Health data from Apple HealthKit or Google Health Connect is accessed only with your explicit permission and is used solely to display fitness metrics within the App. We do not sell health data to third parties or use it for advertising purposes.

2.4 Nutrition Data

When you use our meal tracking features, we collect:

• Meals (type: Breakfast, Lunch, Dinner, Other; date and timestamp)
• Meal items (food name, quantity, unit, calories, protein, carbohydrates, fat, sugar, salt, notes)
• Daily nutrition totals (date, total calories, macronutrient breakdown)
• Food product information (name, barcode, nutritional values per 100g) — retrieved from the Open Food Facts open database when you search for products or scan a barcode
• Favorite products
• Food photos (images captured or selected for AI-powered food analysis)
• AI food analysis results (detected food items, estimated nutritional values, confidence scores)

2.5 Social & Community Data

When you interact with our social features, we collect:

• Posts (title, description, images, videos, content type)
• Comments (text content, timestamps)
• Likes (user-to-post associations)
• Follow relationships (follower/following connections)
• Feed subscriptions
• Notifications (type, associated content, read status)
• Reports (reported content type, reason, description)
• User search history (searched usernames, timestamps)

2.6 Device & Technical Data

We automatically collect:

• Push notification tokens (Expo Push Token, for delivering notifications)
• Authentication tokens (stored securely on your device using encrypted storage)
• Health sync preferences and timestamps (stored locally)
• App language preference

2.7 Media & Files

• Profile images uploaded by you
• Post images and videos shared on the platform
• Workout cover images
• Food photographs captured for nutritional analysis

3. How We Use Your Information

Purpose	Legal Basis (GDPR)
To create and manage your account	Performance of contract
To provide fitness tracking and workout logging	Performance of contract
To provide nutrition tracking and meal logging	Performance of contract
To enable social features (posts, comments, likes, follows)	Performance of contract
To deliver push notifications	Consent
To calculate calorie budgets and personalized fitness metrics	Performance of contract
To perform AI-powered food photo analysis	Consent
To moderate content and enforce community standards	Legitimate interest
To sync health data from Apple Health or Google Health Connect	Consent
To improve the App and fix bugs	Legitimate interest
To respond to user support requests	Legitimate interest
To comply with legal obligations	Legal obligation

4. How We Share Your Information

We do not sell your personal data to third parties. We may share information in the following limited circumstances:

4.1 With Other Users

• Your username, name, profile photo, and bio are visible to other users.
• Your posts, comments, and likes are visible to other users on the social feed.
• Your follow relationships (follower/following counts) are publicly visible.
• Your profile and activity information (such as workouts, posts, comments, likes, and follow relationships) is shared according to your in-app visibility and account settings.

4.2 With Service Providers

We use the following third-party services that may process your data:

• Keycloak (authentication and identity management) — processes your login credentials, email, and account data for secure authentication.
• Google OAuth (social sign-in) — if you sign in with Google, Google processes your authentication in accordance with Google's Privacy Policy.
• Apple HealthKit (iOS health data) — accesses steps, calories, and workout data on your device with your explicit permission, governed by Apple's Privacy Policy.
• Google Health Connect (Android health data) — accesses steps, calories, and workout data on your device with your explicit permission, governed by Google's Privacy Policy.
• Expo / Expo Application Services (EAS) — used for building, distributing, and delivering push notifications. Expo may process push notification tokens. See Expo's Privacy Policy.
• Azure Blob Storage — used for storing uploaded media files (profile images, post images/videos, food photos). See Microsoft Privacy Statement.
• Open Food Facts — an open food products database used to retrieve nutritional information when you search for food products by name or scan a barcode. Your search queries and scanned barcodes are sent to the Open Food Facts API. The data is licensed under the Open Database License (ODbL). See Open Food Facts Terms of Use.
• PostgreSQL — relational database used to store your account data, fitness data, nutrition data, social data, and other app information on our servers.

4.3 For Legal Reasons

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect our rights, safety, or the rights and safety of others.

4.4 In Business Transfers

If Kinesis is involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change.

5. Data Storage and Security

• Your data is stored on secure servers using PostgreSQL databases and Azure Blob Storage for media files.
• Authentication credentials are managed by Keycloak using industry-standard encryption (OAuth 2.0 / OpenID Connect).
• Sensitive tokens (access tokens, refresh tokens) are stored on your device using encrypted secure storage (Expo SecureStore).
• Communication between the App and our servers is encrypted via HTTPS/TLS.
• Internal service communication uses a message broker (RabbitMQ) within a secured private network.

While we implement reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. Specifically:

• Account and profile data is retained until you delete your account.
• Fitness, nutrition, and social data is retained until you delete your account.
• Push notification tokens are retained until you disable notifications or delete your account.
• Locally stored data (health sync preferences, cached products) is retained on your device until you clear the App data or uninstall the App.

After account deletion, we will delete or anonymize your personal data within 30 days, except where we are required to retain it by law.

7. Your Rights

7.1 General Rights (All Users)

You have the right to:

• Access your personal data stored within the App (via your profile and settings).
• Update or correct your personal data at any time through the App.
• Delete your account and associated data (see Section 8 below).
• Withdraw consent for push notifications, health data syncing, or other optional features at any time through the App settings or your device settings.

7.2 Rights Under the GDPR (European Economic Area, UK, Switzerland)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Right of Access (Art. 15) — You may request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16) — You may request correction of inaccurate data.
• Right to Erasure (Art. 17) — You may request deletion of your personal data ("right to be forgotten").
• Right to Restriction of Processing (Art. 18) — You may request that we limit the processing of your data.
• Right to Data Portability (Art. 20) — You may request a machine-readable copy of your data.
• Right to Object (Art. 21) — You may object to processing based on legitimate interests.
• Right to Withdraw Consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise these rights, please contact us at kinesis.fitness.app@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection supervisory authority.

7.3 Rights Under the CCPA (California, USA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know — You may request that we disclose what personal information we collect, use, disclose, and sell.
• Right to Delete — You may request deletion of your personal information.
• Right to Opt-Out of Sale — We do not sell your personal information. No opt-out is necessary.
• Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, please contact us at kinesis.fitness.app@gmail.com.

We do not sell personal information as defined by the CCPA/CPRA. In the preceding 12 months, we have collected the categories of personal information described in Section 2 of this Privacy Policy.

8. Account Deletion

You may request deletion of your account and all associated personal data at any time by:

1. In-App: Navigate to Settings → Account → Delete Account within the Kinesis app.
2. By Email: Send a request to kinesis.fitness.app@gmail.com with the subject line "Account Deletion Request" from the email address associated with your account.

Upon receiving your deletion request:

• Your account will be deactivated immediately.
• All personal data associated with your account will be permanently deleted within 30 days.
• Content that has been anonymized or de-identified may be retained for analytical purposes.
• Data that we are legally required to retain will be retained only for the minimum required period and then deleted.

Please note: Account deletion is irreversible. Once your data is deleted, it cannot be recovered.

9. Third-Party Links and Services

The App may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. Each third-party service we integrate with operates under its own privacy policy:

• Google (OAuth & Health Connect): https://policies.google.com/privacy
• Apple (HealthKit): https://www.apple.com/privacy/
• Expo: https://expo.dev/privacy
• Microsoft (Azure): https://privacy.microsoft.com/privacystatement
• Open Food Facts: https://world.openfoodfacts.org/terms-of-use

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. If you are in the EEA, UK, or Switzerland, we ensure that any transfer of personal data to countries outside these regions is protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this document.
• Notify you through the App or via email.

Your continued use of the App after any changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Ivan Sentemon
Email: kinesis.fitness.app@gmail.com

For GDPR-related inquiries, you may also contact your local data protection authority.

© 2026 Ivan Sentemon. All rights reserved.