DRAFT, pending legal review

Privacy Policy

Last updated: 2026-05-20

This Privacy Policy explains what information Kronos collects, how we use it, and the choices you have. It applies to the Kronos mobile application and related services.

1. Information You Provide

When you create an account and use the Service, we collect:

• Account details: email address, display name, locale, and region.
• Fitness preferences: gender, date of birth, self-reported fitness level, primary training goal, and any free-text notes you enter in the “injuries” or “guidelines” fields.
• Equipment and locations: names of training locations and lists of equipment you tell us are available.
• Workout activity: the workouts generated for you, the sessions you start, time spent active, exercises modified or skipped, perceived difficulty ratings, and any notes you add.
• Exercise feedback: love/like/neutral/dislike/hate ratings you assign to individual exercises.
• Feedback submissions: messages, optional screenshots, and the in-app context (such as which screen you were on) when you tap the feedback button.

2. Information Collected Automatically

When you use the app we automatically collect:

• AI usage data: the AI model used to generate each workout, token counts, and estimated cost. We use this to monitor system health and enforce free-tier limits.
• Device context attached to feedback submissions: app version, platform (iOS / Android / web), and current locale.
• Subscription state: whether your account currently has an active Kronos Pro entitlement, the store of purchase, and the renewal/expiry date. Payment card information is handled directly by Apple or Google and never reaches our servers.
• Product analytics events (only if analytics is enabled in your build): anonymous interaction events tied to your account ID, used to understand which features are working and which need improvement.

3. What We Do Not Collect

Kronos does not request or collect any of the following:

• Apple HealthKit or Google Fit data.
• Precise or coarse location (the app does not request location permission).
• Motion or accelerometer data.
• Camera images, except screenshots you explicitly attach to feedback.
• Microphone audio.
• Contacts, calendar, or photos beyond what you explicitly share.

4. How We Use Information

We use the information we collect to:

• Provide the Service, including generating personalised workouts. The free-text contents of your preferences (including the “injuries” field) are included in prompts sent to our AI provider so that the model can take them into account.
• Authenticate you and maintain your account.
• Operate billing and entitlement features through our payment partners.
• Improve the Service, debug issues, and develop new features.
• Communicate with you about the Service, including responding to feedback and (if you opt in) sending marketing messages.
• Comply with legal obligations and protect against fraud, abuse, and harm to users or the Service.

5. Third-Party Service Providers

We share information with the following processors who help us operate the Service:

• Convex (database and backend hosting): stores essentially all of your account data, preferences, workouts, and sessions.
• Google (Gemini API): receives the prompt content used to generate each workout, including your preferences, equipment, goals, and the free-text “injuries” and “guidelines” fields. Google’s handling of API data is governed by its own terms.
• RevenueCat (subscription management): receives a pseudonymous identifier and your purchase history.
• PostHog (product analytics): receives anonymous interaction events tied to your account ID, when analytics is enabled.
• Apple and Google: handle authentication and in-app purchases according to their own privacy policies.

We do not sell your personal information to anyone.

6. Data Retention

We retain your information for as long as your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce our agreements. You may request deletion of your account at any time by emailing us at the address below.

7. Your Choices and Rights

Depending on where you live, you may have rights under laws such as the GDPR or the CCPA to access, correct, port, or delete your personal information, and to object to or restrict certain processing. You may also opt out of marketing communications at any time from within the app or by following the unsubscribe link in any marketing email. To exercise these rights, please contact us at the address below.

8. Children

The Service is intended for users aged 18 and over (or 13 to 17 with verified parental consent). We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can delete it.

9. Security

We use commercially reasonable administrative, technical, and physical safeguards to protect the information we hold. No method of transmission or storage is fully secure, however, and we cannot guarantee absolute security.

10. Changes

We may update this Policy from time to time. Material changes will be signalled by an updated version date above and a new in-app consent prompt the next time you open the app.

11. Contact

Privacy questions or rights requests can be sent to legal@kronosstudio.app.