Privacy Policy

Last Updated: 13 April 2026
Effective Date: 13 April 2026

Introduction

Your privacy matters to us. This Privacy Policy explains how GrandPoint Ltd ("we," "us," "our") collects, uses, stores, and protects your personal information when you use the Kinesa fitness and wellness tracking application ("App," "Service").

By using Kinesa, you consent to the practices described in this Privacy Policy.

Key Information

App Name: Kinesa
Data Controller: GrandPoint Ltd
Company Number: 16498233
Registered Address: 108 St Helens Street, Ipswich, UK
Contact Email: support@kinesa.app
Privacy Email: privacy@kinesa.app
Legal Email: legal@kinesa.app
Website: https://www.grandpoint.uk
DPO: privacy@kinesa.app

Legal Basis

We process your data under:

UK General Data Protection Regulation (UK GDPR)
EU General Data Protection Regulation (EU GDPR)
Data Protection Act 2018 (UK)
Privacy and Electronic Communications Regulations 2003 (PECR)

1. Information We Collect

1.1 Information You Provide Directly

Account Information:

Email address (required)
Password (encrypted)
Display name (optional)
Profile photo (optional)
Fitness profile (goals, fitness level, workout preferences)

Fitness and Health Data (voluntarily provided by you):

Workout details (exercises, sets, reps, weight, duration)
Gym session logs (exercises performed, rest times, energy levels, session duration, personal records)
Habit tracking (daily check-ins, custom habits, streaks)
Mood and energy levels (1-5 ratings, context tags)
Nutrition logs (meal ratings, photos, optional calorie and macro data)
Barcode-scanned food items (product barcodes are sent to the Open Food Facts database to retrieve nutritional information; we do not store the barcode itself beyond your food log entry)
Custom food entries (name, calories, macros, serving size)
Sleep logs (hours, quality ratings)
Progress photos
Body measurements (if you choose to log them)
Goals and targets
Free-text notes and comments

Payment Information:

Kinesa offers a free tier and an optional paid subscription ("Kinesa Pro").
If you subscribe to Kinesa Pro, payment is processed entirely by Apple (App Store) or Google (Google Play), depending on your device. We do not collect, store, or have access to your credit card number, bank account details, or other payment credentials.
We use RevenueCat, Inc. as a subscription management platform. RevenueCat receives transaction identifiers, subscription status, and purchase history from Apple or Google on our behalf to manage your entitlements. RevenueCat does not receive your payment card details. For more information, see RevenueCat's privacy policy.
We store your subscription status (e.g., "free" or "premium") and entitlement records in our database to provide you with the correct features. We do not store any financial payment details.

1.2 Information from Third-Party Integrations

Wearable Devices and Health Platforms (with your explicit permission):

Apple Health (iOS): Steps, sleep, workouts, heart rate, HRV, active calories
Google Health Connect (Android): Steps, sleep, workouts, heart rate

You control which data types we access through device permissions. You can revoke access at any time in your device settings.

1.3 Information from Third-Party Databases

Nutrition Data:

When you scan a food barcode, Kinesa queries the Open Food Facts database (https://openfoodfacts.org) to retrieve product name and nutritional information. This query includes the barcode number only. Open Food Facts is an open-source, community-maintained database and is not operated by us. Please refer to their privacy policy for how they handle queries.

1.4 Information Collected Automatically

Usage Data:

Device information (model, operating system, app version)
IP address (for security and fraud prevention)
Log data (timestamps, errors, crashes via Firebase Crashlytics)
Analytics events (features used, screens viewed)

We use analytics to improve the app, not for advertising.

1.5 Information We Do Not Collect

We do not collect:

Precise geolocation unless explicitly needed for a feature you enable
Access to your contacts or microphone
Camera access beyond barcode scanning and photos you choose to take
Social media data beyond basic profile info for Apple or Google sign-in

2. How We Use Your Information

We use your data to:

Provide and operate the Kinesa service
Track your fitness, nutrition, habits, sleep, mood, and gym sessions
Provide rule-based, on-device AI coaching insights for in-workout guidance (processed entirely on your device, no external services)
Provide AI Fitness Coach chat responses, only when you have given explicit consent (see Section 4.2 for details)
Display progress dashboards, streaks, achievements, and personal records
Enable community features (Unity challenges, circles, activity feeds)
Sync health data between Kinesa and your device health platform
Manage your account
Send notifications about workouts, habits, challenges, and reminders
Improve the app through aggregated, anonymised usage analytics
Respond to support requests
Comply with legal obligations

3. How We Share Your Information

We do not sell your data. We share data only as follows:

Service Providers:

Firebase (Google) for authentication, database, analytics, and crash reporting
Anthropic as a backend AI sub-processor for the AI Fitness Coach chat, used only after you have given explicit consent (see Section 4.2)
RevenueCat, Inc. for subscription management and entitlement tracking (receives transaction identifiers and subscription status from Apple/Google; does not receive payment card details)
Apple (App Store) and Google (Google Play) for payment processing of subscriptions (subject to their respective privacy policies)
Open Food Facts for nutritional data lookups (barcode numbers only)

Community Features (Unity):

Other participants may see your display name, avatar, progress metrics (if you opt in), rankings (if you opt in), and posts or comments you make
We never share your email, health data, or exact location with other participants

Legal Requirements:

We may disclose data if required by law or to protect our rights.

4. AI-Powered Features

Kinesa includes two types of AI features:

4.1 In-Workout AI Coach (On-Device, Rule-Based)

The AI Coach that provides real-time workout guidance, progressive overload suggestions, fatigue awareness, and form reminders during gym sessions:

Uses rule-based logic processed entirely on your device
Does not send your data to external AI services
Does not require internet connection during use

4.2 AI Fitness Coach Chat (Third-Party AI Sub-Processor)

The AI Fitness Coach chat feature provides personalised fitness coaching, workout recommendations, form guidance, and fitness advice:

Powered by a large language model provided by Anthropic (the "AI provider"), used as a sub-processor under our instructions
Requires your explicit consent before first use
Sends the following data to the AI provider each time you send a message:
- Your chat messages and questions
- Workout context provided in prompts (recent workout history, exercise data)
- Your fitness profile information (goals, preferences, physical stats)
Data is transmitted securely via Kinesa's own Cloud Functions backend. No AI provider credentials, API keys, or endpoint URLs are embedded in the Kinesa app itself — the Kinesa app only communicates with Kinesa's backend, which then relays the request to the AI provider on your behalf.
Kinesa has configured its AI provider account so that your chat data is not used to train, fine-tune, or improve any AI models. Data sent to the AI provider is used solely to generate your response in real time and is not retained by the AI provider beyond the duration of the request.
Data is processed according to the AI provider's privacy policy
The AI Fitness Coach chat is available to Kinesa Pro subscribers. Grandpoint Ltd pays for the AI service as part of the cost of operating the app.
You can revoke consent at any time in Settings → Data Management → AI Coach Consent

Before using the AI Fitness Coach chat for the first time, you will be presented with a consent dialog explaining what data is shared and with whom.

5. Data Retention

We retain your data while your account is active. Upon account deletion:

Personal data is deleted within 30 days
Anonymised, aggregated analytics data may be retained
Data required by law may be retained for the legally mandated period
Community posts you made (if not deleted before account deletion) may be retained in anonymised form

6. Data Security

We use industry-standard security practices including:

Encryption in transit (TLS) and at rest
Firebase Security Rules for database access control
Secure authentication (email/password, Apple Sign-In, Google Sign-In)
Regular security reviews

No system is 100 percent secure. If you become aware of a security issue, contact privacy@kinesa.app.

7. Your Rights Under UK GDPR and EU GDPR

You have the right to:

Access your personal data
Correct inaccurate data
Delete your data (via Settings or by contacting us)
Restrict processing
Export your data in a portable format
Object to processing
Withdraw consent at any time

To exercise any right, contact privacy@kinesa.app. We respond within 30 days.

8. Children's Privacy

Kinesa is intended for users 16 years and older. Users aged 13-15 may use Unity community features only with verified parental or guardian consent. We do not knowingly collect personal data from children under 13.

9. International Data Transfers

Your data is primarily stored on Firebase servers. Some service providers may process data outside the UK/EU under appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

10. Community Features (Unity)

10.1 Data We Collect in Unity

When you participate in Unity features, we collect:

Challenge participation records
Progress metrics shared with participants
Rankings and leaderboard positions (if you opt in)
Posts, comments, and reactions in activity feeds
Circle membership and roles
Reports and moderation actions

10.2 Who Sees Your Data

Other participants can see:

Your display name and avatar
Your progress metrics (if you opt in)
Your ranking (if you opt in)
Your posts, comments, and reactions

We never share your email, exact location, or full health data with other participants without your explicit consent.

10.3 Your Choices

You can:

Choose a display name different from your real name
Opt out of rankings and leaderboards
Leave challenges or circles at any time
Delete your posts before leaving

10.4 Data Retention for Unity

Active challenge data is retained while you participate
After leaving, your progress is removed; past posts remain unless you delete them beforehand
After account deletion, all Unity data is deleted within 30 days

11. Camera and Barcode Scanning

Kinesa requests camera access for:

Scanning food barcodes to retrieve nutritional information
Taking progress photos (optional)

Camera access is requested only when you use these features. You can revoke camera permission at any time in your device settings. Barcode images are processed on-device and are not stored or transmitted; only the decoded barcode number is sent to Open Food Facts.

12. Notifications

Kinesa may send push notifications for:

Workout and habit reminders
Challenge updates and invitations
Achievement milestones
App updates

You can manage notification preferences in Settings or your device settings.

13. Cookies and Tracking Technologies

Kinesa is a native mobile app and does not use cookies. Firebase SDKs may store small amounts of data locally for analytics and crash reporting.

14. Marketing and Communications

We may send occasional marketing communications about new features. You can opt out at any time. Transactional communications (account security, important account changes) cannot be opted out of.

15. Third-Party Links and Services

Kinesa may link to third-party services. Their privacy policies apply when you use those services.

16. Changes to This Privacy Policy

We may update this policy and will notify you of material changes through the app or email. Continued use after changes constitutes acceptance.

17. Contact Us

Email: privacy@kinesa.app
Support: support@kinesa.app
Website: https://www.grandpoint.uk
Postal Address: GrandPoint Ltd, 108 St Helens Street, Ipswich, UK

Document Version: 5.0