Privacy Policy
Last Updated: 11 July 2026
Effective Date: 11 July 2026
Introduction
Your privacy matters to us. This Privacy Policy explains how GrandPoint Ltd ("we," "us," "our") collects, uses, stores, and protects your personal information when you use the Kinesa fitness and wellness tracking application ("App," "Service").
By using Kinesa, you consent to the practices described in this Privacy Policy.
Key Information
- App Name: Kinesa
- Data Controller: GrandPoint Ltd
- Company Number: 16498233
- Registered Address: 108 St Helens Street, Ipswich, UK
- Contact Email: support@kinesa.app
- Privacy Email: privacy@kinesa.app
- Legal Email: legal@kinesa.app
- Website: https://www.grandpoint.uk
- DPO: privacy@kinesa.app
Legal Basis
We process your data under:
- UK General Data Protection Regulation (UK GDPR)
- EU General Data Protection Regulation (EU GDPR)
- Data Protection Act 2018 (UK)
- Privacy and Electronic Communications Regulations 2003 (PECR)
1. Information We Collect
1.1 Information You Provide Directly
Account Information:
- Email address (required)
- Password (encrypted)
- Display name (optional)
- Profile photo (optional)
- Fitness profile (goals, fitness level, workout preferences)
Fitness and Health Data (voluntarily provided by you):
- Workout details (exercises, sets, reps, weight, duration)
- Gym session logs (exercises performed, rest times, energy levels, session duration, personal records)
- Habit tracking (daily check-ins, custom habits, streaks)
- Mood and energy levels (1-5 ratings, context tags)
- Nutrition logs (meal ratings, photos, optional calorie and macro data)
- Meal descriptions you provide for AI-assisted food logging — either typed or spoken (e.g. "two scrambled eggs on wholemeal toast"). See Sections 4.3 and 4.4 for how these are processed
- Meal photos you choose to take or select for AI food identification. See Section 4.3
- Barcode-scanned food items (product barcodes are sent to our food search service, and where necessary the Open Food Facts database, to retrieve nutritional information; we do not store the barcode itself beyond your food log entry)
- Custom food entries (name, calories, macros, serving size)
- Sleep logs (hours, quality ratings)
- Progress photos
- Body measurements (if you choose to log them)
- Goals and targets
- Free-text notes and comments
Payment Information:
- Kinesa offers a free tier and an optional paid subscription ("Kinesa Pro").
- If you subscribe to Kinesa Pro, payment is processed entirely by Apple (App Store) or Google (Google Play), depending on your device. We do not collect, store, or have access to your credit card number, bank account details, or other payment credentials.
- We use RevenueCat, Inc. as a subscription management platform. RevenueCat receives transaction identifiers, subscription status, and purchase history from Apple or Google on our behalf to manage your entitlements. RevenueCat does not receive your payment card details. For more information, see RevenueCat's privacy policy.
- We store your subscription status (e.g., "free" or "premium") and entitlement records in our database to provide you with the correct features. We do not store any financial payment details.
1.2 Information from Third-Party Integrations
Wearable Devices and Health Platforms (with your explicit permission):
- Apple Health (iOS): Steps, sleep, workouts, heart rate, HRV, active calories
- Google Health Connect (Android): Steps, sleep, workouts, heart rate
You control which data types we access through device permissions. You can revoke access at any time in your device settings.
1.3 Food and Nutrition Data Sources
Kinesa's food search and nutrition information comes from the following sources, some bundled in the app and some queried through Kinesa's own food search service:
- A curated on-device food library bundled with the app, built from the U.S. Department of Agriculture (USDA) FoodData Central dataset (public domain) and the UK Composition of Foods Integrated Dataset (CoFID), published under the Open Government Licence v3.0. Searching this library happens entirely on your device.
- Kinesa's food search service, which returns branded product information drawn from Open Food Facts (https://openfoodfacts.org), an open-source, community-maintained database made available under the Open Database Licence (ODbL). When you search branded foods or scan a barcode, your search term or barcode is sent to this service to retrieve results.
- Where necessary, the Open Food Facts API directly for barcode lookups. This query includes the barcode number only. Open Food Facts is not operated by us; please refer to their privacy policy for how they handle queries.
Attribution for these data sources is available in the app under Settings → About → Data sources.
1.4 Information Collected Automatically
Usage Data:
- Device information (model, operating system, app version)
- IP address (for security and fraud prevention)
- Log data (timestamps, errors, crashes via Firebase Crashlytics)
- Analytics events (features used, screens viewed)
We use analytics to improve the app, not for advertising.
1.5 Information We Do Not Collect
We do not collect:
- Precise geolocation unless explicitly needed for a feature you enable
- Access to your contacts
- Continuous or background microphone access. The microphone is used only while you are actively dictating with voice input, and speech is recognised on your device or by your operating system (see Section 4.4) — we do not record, store, or transmit the audio itself
- Camera access beyond barcode scanning, meal photos, and progress photos you choose to take
- Social media data beyond basic profile info for Apple or Google sign-in
2. How We Use Your Information
We use your data to:
- Provide and operate the Kinesa service
- Track your fitness, nutrition, habits, sleep, mood, and gym sessions
- Provide rule-based, on-device AI coaching insights for in-workout guidance (processed entirely on your device, no external services)
- Provide AI Fitness Coach chat responses, only when you have given explicit consent (see Section 4.2 for details)
- Display progress dashboards, streaks, achievements, and personal records
- Enable community features (Unity challenges, circles, activity feeds)
- Sync health data between Kinesa and your device health platform
- Manage your account
- Send notifications about workouts, habits, challenges, and reminders
- Improve the app through aggregated, anonymised usage analytics
- Respond to support requests
- Comply with legal obligations
3. How We Share Your Information
We do not sell your data. We share data only as follows:
Service Providers:
- Firebase (Google) for authentication, database, analytics, and crash reporting
- Anthropic as a backend AI sub-processor for the AI Fitness Coach chat (see Section 4.2) and for Smart Nutrition Logging — the "describe your meal" and meal-photo features (see Section 4.3). Chat use requires your explicit consent
- RevenueCat, Inc. for subscription management and entitlement tracking (receives transaction identifiers and subscription status from Apple/Google; does not receive payment card details)
- Apple (App Store) and Google (Google Play) for payment processing of subscriptions (subject to their respective privacy policies)
- Open Food Facts for nutritional data lookups (barcode numbers only)
Community Features (Unity):
- Other participants may see your display name, avatar, progress metrics (if you opt in), rankings (if you opt in), and posts or comments you make
- We never share your email, health data, or exact location with other participants
Legal Requirements:
We may disclose data if required by law or to protect our rights.
4. AI-Powered Features
Kinesa includes several AI features:
4.1 In-Workout AI Coach (On-Device, Rule-Based)
The AI Coach that provides real-time workout guidance, progressive overload suggestions, fatigue awareness, and form reminders during gym sessions:
- Uses rule-based logic processed entirely on your device
- Does not send your data to external AI services
- Does not require internet connection during use
4.2 AI Fitness Coach Chat (Third-Party AI Sub-Processor)
The AI Fitness Coach chat feature provides personalised fitness coaching, workout recommendations, form guidance, and fitness advice:
- Powered by a large language model provided by Anthropic (the "AI provider"), used as a sub-processor under our instructions
- Requires your explicit consent before first use
- Sends the following data to the AI provider each time you send a message:
- Your chat messages and questions
- Workout context provided in prompts (recent workout history, exercise data)
- Your fitness profile information (goals, preferences, physical stats)
- Data is transmitted securely via Kinesa's own Cloud Functions backend. No AI provider credentials, API keys, or endpoint URLs are embedded in the Kinesa app itself — the Kinesa app only communicates with Kinesa's backend, which then relays the request to the AI provider on your behalf.
- Kinesa has configured its AI provider account so that your chat data is not used to train, fine-tune, or improve any AI models. Data sent to the AI provider is used solely to generate your response in real time and is not retained by the AI provider beyond the duration of the request.
- Data is processed according to the AI provider's privacy policy
- The AI Fitness Coach chat is available to Kinesa Pro subscribers. Grandpoint Ltd pays for the AI service as part of the cost of operating the app.
- You can revoke consent at any time in Settings → Data Management → AI Coach Consent
Before using the AI Fitness Coach chat for the first time, you will be presented with a consent dialog explaining what data is shared and with whom.
4.3 Smart Nutrition Logging (Describe Your Meal and Meal Photos)
Kinesa can turn a plain-English description of a meal, or a photo of a meal, into a food log entry:
- When you use "describe your meal", the text you type or dictate is sent, via Kinesa's own secure backend, to our AI sub-processor (Anthropic), which identifies the foods and estimated portions.
- When you use meal-photo logging, the photo you selected or captured is sent, via Kinesa's secure backend, to the AI sub-processor to identify the foods in the image.
- The AI only identifies foods and estimates portions. Calorie and nutrient values always come from Kinesa's food databases, not from the AI. Results are shown to you for review and editing before anything is saved.
- As with the AI Fitness Coach chat, Kinesa has configured its AI sub-processor account so that this data is not used to train, fine-tune, or improve any AI models, and is not retained by the AI sub-processor beyond the duration of the request.
- No AI provider credentials or endpoints are embedded in the app; the app only communicates with Kinesa's backend, which relays the request.
- Meal photos are sent for analysis only when you choose to use meal-photo logging. They are stored in your nutrition log only if you attach them to a meal.
4.4 Voice Input and Speech Recognition
Throughout Kinesa you can dictate instead of typing (for example, to describe a meal, a workout, your sleep, or a goal):
- Speech-to-text is performed by your device's own on-device or operating system speech recognition service (for example, Android or iOS speech recognition). Kinesa does not record, store, or transmit your audio.
- Only the resulting text is used. Where that text then feeds an AI feature (such as describe-your-meal), it is handled exactly as described in the relevant section above.
- The microphone is accessed only while you are actively dictating, and only after you grant microphone permission. You can revoke microphone permission at any time in your device settings; voice input will simply be unavailable and you can continue to type.
5. Data Retention
We retain your data while your account is active. Upon account deletion:
- Personal data is deleted within 30 days
- Anonymised, aggregated analytics data may be retained
- Data required by law may be retained for the legally mandated period
- Community posts you made (if not deleted before account deletion) may be retained in anonymised form
6. Data Security
We use industry-standard security practices including:
- Encryption in transit (TLS) and at rest
- Firebase Security Rules for database access control
- Secure authentication (email/password, Apple Sign-In, Google Sign-In)
- Regular security reviews
No system is 100 percent secure. If you become aware of a security issue, contact privacy@kinesa.app.
7. Your Rights Under UK GDPR and EU GDPR
You have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your data (via Settings or by contacting us)
- Restrict processing
- Export your data in a portable format
- Object to processing
- Withdraw consent at any time
To exercise any right, contact privacy@kinesa.app. We respond within 30 days.
8. Children's Privacy
Kinesa is intended for users 16 years and older. Users aged 13-15 may use Unity community features only with verified parental or guardian consent. We do not knowingly collect personal data from children under 13.
9. International Data Transfers
Your data is primarily stored on Firebase servers. Some service providers may process data outside the UK/EU under appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.
10. Community Features (Unity)
10.1 Data We Collect in Unity
When you participate in Unity features, we collect:
- Challenge participation records
- Progress metrics shared with participants
- Rankings and leaderboard positions (if you opt in)
- Posts, comments, and reactions in activity feeds
- Circle membership and roles
- Reports and moderation actions
10.2 Who Sees Your Data
Other participants can see:
- Your display name and avatar
- Your progress metrics (if you opt in)
- Your ranking (if you opt in)
- Your posts, comments, and reactions
We never share your email, exact location, or full health data with other participants without your explicit consent.
10.3 Your Choices
You can:
- Choose a display name different from your real name
- Opt out of rankings and leaderboards
- Leave challenges or circles at any time
- Delete your posts before leaving
10.4 Data Retention for Unity
- Active challenge data is retained while you participate
- After leaving, your progress is removed; past posts remain unless you delete them beforehand
- After account deletion, all Unity data is deleted within 30 days
10.5 Reporting Content
If you report a post, message, challenge content, or member profile using the in-app Report tool, we collect the report so our moderation team can review it. A report contains your user ID (as the reporter), a reference to the reported content and its author, the reason you selected, and any optional comment you add. Reports are used only to keep the community safe — to review, remove, or act on content that breaches our Terms — and are visible only to GrandPoint Ltd, never to the member you reported. We retain reports for as long as needed for moderation and safety record-keeping.
11. Camera, Microphone, and Barcode Scanning
Kinesa requests camera access for:
- Scanning food barcodes to retrieve nutritional information
- Taking meal photos, including for optional AI meal-photo logging (see Section 4.3)
- Taking progress photos (optional)
Kinesa requests microphone access only for voice input (dictation), as described in Section 4.4.
Camera and microphone access are requested only when you use these features, and can be revoked at any time in your device settings. Barcode images are processed on-device and are not stored or transmitted; only the decoded barcode number is sent to retrieve product information.
12. Notifications
Kinesa may send push notifications for:
- Workout and habit reminders
- Challenge updates and invitations
- Achievement milestones
- App updates
You can manage notification preferences in Settings or your device settings.
13. Cookies and Tracking Technologies
Kinesa is a native mobile app and does not use cookies. Firebase SDKs may store small amounts of data locally for analytics and crash reporting.
14. Marketing and Communications
We may send occasional marketing communications about new features. You can opt out at any time. Transactional communications (account security, important account changes) cannot be opted out of.
15. Third-Party Links and Services
Kinesa may link to third-party services. Their privacy policies apply when you use those services.
16. Changes to This Privacy Policy
We may update this policy from time to time. When we make material changes — for example, introducing a new way of processing your data — we will notify you within the app the next time you open it, and ask you to review and acknowledge the updated policy before you continue using affected features. The "Last Updated" date and Document Version at the foot of this policy tell you when it last changed. For non-material changes we may simply update the policy in the app. Your continued use of Kinesa after an update, once you have been notified, constitutes acceptance of the updated policy.
17. Contact Us
- Email: privacy@kinesa.app
- Support: support@kinesa.app
- Website: https://www.grandpoint.uk
- Postal Address: GrandPoint Ltd, 108 St Helens Street, Ipswich, UK
Document Version: 5.1