Privacy Policy

1. Information We Collect

a. Account & Profile Information

• Name, email, password
• Date of birth, gender, height, weight
• Profile photo (optional)
• Time zone and language preferences

b. Health & Fitness Data

• Activity data (steps, distance, calories, active minutes, exercise type/duration)
• Heart rate and HRV
• Sleep data (duration, stages, quality)
• Fasting windows and IF logs
• Weight, body composition, nutritional intake
• Workout history, goals, progress metrics

c. Device & Technical Information

• Device type, OS, version
• Unique device identifiers (anonymized)
• App version, crash/error logs
• IP address

d. Usage Data

• Features used and interaction patterns
• Session duration and frequency
• In-app actions

e. Location Data

We do not collect precise GPS location data by default. If a feature requires location data (e.g., outdoor workout mapping), we will request your explicit opt-in permission before collecting any location information. You may revoke this permission at any time through your device settings.

f. Communications

• Support inquiries
• Feedback, surveys, reviews

2. How We Collect Information

We collect information through the following methods:

• Directly from you — when you create an account, update your profile, log data, or contact us.
• Automatically — through device sensors and app usage analytics.
• From connected platforms — including Apple Health/HealthKit, Samsung Health, Fitbit, Garmin Connect, and Google Fit.
• From third-party sign-in services — such as Google or Apple sign-in, which may provide your name and email.

We request permissions incrementally and only ask for access to the data categories needed for the features you choose to use. You can adjust or revoke these permissions at any time.

3. How We Use Your Information

We use the information we collect to:

• Provide and operate the Service — deliver core features such as activity tracking, sleep analysis, fasting logs, and progress insights.
• Personalize your experience — tailor recommendations, goals, and content to your health & fitness profile.
• Sync data across devices — ensure a seamless experience across your phone, tablet, and wearable devices.
• Improve and develop the Service — analyze usage trends, identify bugs, and build new features.
• Communicate with you — send service updates, respond to support requests, and provide important account notifications.
• Ensure safety and security — detect and prevent fraud, abuse, and unauthorized access.
• Comply with legal obligations — meet applicable regulatory and legal requirements.

4. Health & Fitness Data

Your health and fitness data receives special protections within our Service:

• Only used for core functionality and delivering the features you have requested.
• Never sold, rented, or traded to any third party.
• Never used for advertising, marketing, or interest-based targeting.
• Access is strictly restricted within our organization on a need-to-know basis.
• May be aggregated and de-identified for analytics to improve the Service, but only in a form that cannot be used to identify you.

5. Wearable Device Integrations

Kio Fitness integrates with several wearable and health platforms. The table below summarizes the data we access and our commitments for each:

5.1 Apple HealthKit Specific Disclosures

In compliance with Apple's HealthKit guidelines:

• We do not use HealthKit data for advertising or similar services.
• We do not sell HealthKit data to advertising platforms, data brokers, or information resellers.
• We do not use HealthKit data for purposes unrelated to health, fitness, or wellness without your explicit consent.
• We do not disclose HealthKit data to any third party without your express permission, except as required by law.
• All HealthKit data is encrypted both in transit and at rest.

5.2 Garmin Connect IQ Specific Disclosures

When you use our Garmin Connect IQ integration:

• Data synced from Garmin is transmitted directly to Kio Fitness servers, not to Garmin.
• We only access the data categories necessary to deliver the features you use.
• You may disconnect your Garmin account at any time, after which we will no longer receive new data from Garmin.
• Previously synced Garmin data will be deleted upon request or when you delete your account.

5.3 Fitbit & Google Fit Specific Disclosures

Our use of data received from Fitbit and Google Fit APIs complies with their respective Limited Use policies:

• We only use Fitbit and Google Fit data to provide and improve the user-facing features you see in Kio Fitness.
• We do not allow humans to read user data unless we have your affirmative agreement, it is necessary for security purposes, it is necessary to comply with applicable law, or the data is aggregated and anonymized for internal operations.
• We do not transfer or sell Fitbit or Google Fit data to third parties except as necessary to provide and improve user-facing features, as required by law, or as part of a merger, acquisition, or asset sale with continued confidentiality obligations.

5.4 Samsung Health Specific Disclosures

When you connect Samsung Health to Kio Fitness:

• We request only the minimum permissions needed for the features you use.
• We comply with Samsung's data access and usage policies.
• Samsung Health data is used solely to provide health and fitness insights within Kio Fitness.
• You can revoke Samsung Health permissions at any time through your device or Samsung Health settings.

6. Sharing of Information

We do not sell your personal data. We may share your information only in the following circumstances:

a. Service Providers

We may share data with trusted service providers who assist us in operating the Service (e.g., cloud hosting, analytics, customer support). These providers are contractually bound to use your data only for the purposes we specify and to maintain its confidentiality.

b. With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so.

c. Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

d. Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice within the Service before your information becomes subject to a different privacy policy.

e. Aggregated and De-Identified Data

We may share aggregated and de-identified data that cannot reasonably be used to identify you. This data may be used for industry analysis, research, and Service improvement.

7. Data Retention & Deletion

We retain your information for as long as your account is active or as needed to provide you with the Service. Specific retention periods:

• Active accounts: Data is retained for the duration of your account and is available to you at any time.
• After deletion request: Account data is deleted within 30 days of your request.
• Backup systems: Residual copies in encrypted backups are purged within 90 days.
• Garmin data: Data synced from Garmin is deleted upon account deletion or disconnection of the Garmin integration.

How to Delete Your Data

You can delete your account and all associated data by using the "Delete Account" option in the app settings, or by emailing support@kiofit.com.

8. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
• Access controls: Strict role-based access controls with multi-factor authentication (MFA) for all internal systems.
• Infrastructure: Hosted on infrastructure that complies with SOC 2 and ISO 27001 standards.
• Regular audits: We conduct periodic security audits and vulnerability assessments.
• Incident response: We maintain a comprehensive incident response plan and will notify affected users promptly in the event of a data breach.

9. Your Rights & Controls

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data.
• Portability: Request your data in a structured, commonly used, machine-readable format.
• Restriction: Request that we limit the processing of your data.
• Objection: Object to the processing of your data for certain purposes.
• Withdraw consent: Where processing is based on consent, withdraw your consent at any time.
• Revoke permissions: Disconnect any linked wearable or health platform at any time.

To exercise any of these rights, please contact us at support@kiofit.com.

In-App Controls

• Manage connected devices and platforms
• Control notification preferences
• Export your data
• Delete individual records or your entire account
• Adjust data sharing settings
• Revoke third-party permissions

10. Children's Privacy

Kio Fitness is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take steps to delete that information as quickly as possible. If you believe that a child under 13 has provided us with personal information, please contact us at support@kiofit.com.

11. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): We use EU-approved SCCs for transfers of data from the European Economic Area (EEA).
• Data Processing Agreements (DPAs): All service providers are bound by DPAs that meet applicable legal requirements.
• Encryption: Data is encrypted in transit and at rest regardless of location.

12. Third-Party Services

Our Service may contain links to or integrations with third-party services. We are not responsible for the privacy practices of these third-party services. We encourage you to review the privacy policies of any third-party service you interact with. This Privacy Policy applies only to information collected by Kio Fitness.

13. Cookies & Similar Technologies

We use cookies and similar technologies on our website and in our Service. Our use is limited to:

• Essential cookies: Required for the Service to function properly (e.g., authentication, security, session management).
• Analytics cookies: Help us understand how users interact with the Service so we can improve it. Analytics data is aggregated and does not personally identify you.

We do not use advertising or tracking cookies. We do not participate in cross-site tracking or interest-based advertising networks.

14. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know: You can request details about the categories and specific pieces of personal information we have collected about you.
• Right to delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to opt-out of sale: We do not sell your personal information. As such, there is no need to opt out.
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to correct: You can request correction of inaccurate personal information.
• Right to limit use of sensitive personal information: We only use sensitive personal information (including health data) as necessary to provide the Service.

To exercise these rights, contact us at support@kiofit.com. We will respond to verifiable consumer requests within 45 days.

15. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your data under the General Data Protection Regulation (GDPR). Our legal bases for processing include:

• Contractual necessity: Processing required to provide the Service you have requested.
• Consent: Processing based on your explicit consent, particularly for health data and wearable integrations.
• Legitimate interests: Processing necessary for our legitimate interests, such as improving the Service, provided these do not override your rights.
• Legal obligation: Processing necessary to comply with applicable laws.

Under the GDPR, you have the right to access, rectify, erase, restrict processing, data portability, and object to processing. You also have the right to lodge a complaint with your local data protection authority.

For GDPR-related inquiries, please contact our Data Protection Officer at support@kiofit.com with the subject line "DPO Inquiry".

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will provide at least 30 days' notice before the changes take effect. Notice may be provided by:

• Posting the updated policy within the Service
• Sending an email notification to your registered email address
• Displaying a prominent in-app notification

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should discontinue use of the Service and delete your account.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: