Kinoku
Menu
Download

Legal

Privacy Policy

Last updated: 2026-05-23

This page explains how the Kinoku Android app handles data. It matches what the app does today and the controls you have in the app.

The short version

Kinoku is a privacy-first Android fitness tracker. Your training log, run routes, cycle data, photos, and custom metrics stay on your device. There is no Kinoku account system. There is no Kinoku server for your workout history. There are no advertising SDKs and no data-broker SDKs.

A few features use networked services. Google Play Billing verifies subscriptions and purchases. Social Bets (multiplayer challenges) is turned off in v1.0 and will return in a later release. When it is on, it syncs limited bet metadata through Firebase/Firestore, and you can leave any bet at any time. Diagnostics (crash reports and analytics) are off by default. You can turn them on in Settings. Weather context for runs (off by default) sends rounded run-start coordinates (about 1.1 km precision) to Open-Meteo. This fetches temperature, wind, conditions, and (if you turn it on) air quality, pollen, UV, and sea-level pressure. Maps fetch map tiles from third-party tile providers when you view route maps.

Your reproductive-health data (cycle tracking, periods, fertility signals, pregnancy entries) lives in a dedicated on-device database. That database is left out of Google's automatic cloud backup. It never reaches Kinoku's servers. It is never written to Health Connect. See the reproductive-health section below.

Who we are

Kinoku is operated by DREAM SOFT DISTRIBUTED EOOD, a single-member limited liability company registered in Plovdiv, Bulgaria. "Kinoku" is the product and trading name. For GDPR purposes, DREAM SOFT DISTRIBUTED EOOD is the data controller. Contact: privacy@kinoku.app. Supervisory authority: the Bulgarian Commission for Personal Data Protection.

Data stored on your device

These categories are stored on your device. Normal app use does not send them to Kinoku servers:

  • Workouts, sets, reps, weight, RPE/RIR, rest times, notes
  • Run routes, splits, pace, elevation, heart-rate overlays
  • Routines, programs, training calendar, periodization plans
  • Body metrics, custom metrics, progress photos, share cards
  • Step data, achievements, rewards state
  • App preferences, theme, locale
  • Cycle, period, symptom, fertility, and pregnancy data. See the reproductive-health section for the enhanced protections.

Health Connect

Kinoku reads from and writes to Android Health Connect. This is opt-in, one permission at a time. Read permissions requested: Steps, Weight, Sleep, Resting Heart Rate, Heart Rate, Heart Rate Variability, Blood Pressure, Blood Glucose, Hydration, Body Fat, and Menstruation. Menstruation is read-only. Kinoku never writes menstruation data back to Health Connect under any circumstances. Write permissions: Exercise sessions and Steps. Steps cover paired Wear-device totals AND cadence-derived estimates from completed GPS walks and runs. This way, off-body sessions credit your daily total, and your step history survives a reinstall through the Health Connect store. You can turn off the cadence-derived step writeback at Settings → Run Tracking → "Mirror estimated steps to Health Connect". Health Connect is an on-device data broker operated by Google. Kinoku does not receive your Health Connect data over any network path.

Sensors, camera, and voice input

Kinoku uses Android's activity-recognition permission, step counter and step detector sensors, and accelerometer data. These power step tracking, cadence, suspected-vehicle filtering, and live step displays. Run-form features may use device motion sensors such as linear acceleration and gyroscope readings. Kinoku processes these sensor streams on your device and does not send them to Kinoku servers.

If you use camera or gallery features, Kinoku stores selected photos in its private app storage or uses them to build a share image on your device. Photos are not uploaded to Kinoku.

If you use voice logging, Kinoku launches Android's system speech recognizer. It prefers on-device recognition where available. But the system recognizer may use your device's internet connection or a Google speech service. This depends on your device and Android setup. Kinoku receives only the returned text, uses it to pre-fill workout fields, and does not store raw audio.

Social Bets (Firebase / Firestore)

Turned off in v1.0. Social Bets is not available in the v1.0 release. No Firebase Anonymous Auth runs, no Firestore document is created, and no anonymous UID is generated. The behaviors below take effect when the feature returns in a later release.

Social Bets is an optional multiplayer feature. If you don't use it, this data flow never happens. When you create or join a bet, Kinoku generates an anonymous Firebase UID (no email, no phone number). A Firestore document holds the bet rules, each participant's UID and display alias, and each participant's progress number. Workout details, health data, and cycle data never reach Firestore.

You can remove yourself from every bet at Settings → Import & Export → Your Data Rights → Leave all Social Bets. If you need server-side deletion beyond the in-app control, email privacy@kinoku.app.

Diagnostics (Analytics, Crashlytics, Performance)

Firebase Analytics, Crashlytics, and Performance Monitoring are off at the manifest level on first launch. They only send data after you opt in at Settings → Help improve Kinoku. After you opt in, Kinoku may send Firebase app interaction events, crash stack traces, performance traces, and limited event metadata. That metadata can include subscription tier, theme, training-goal label, scene actions, and billing product IDs. It can also include coarse workout interaction counts, such as whether a workout started or completed, duration in seconds, and exercise count. It does not include exercise names, set-by-set logs, notes, route coordinates, Health Connect values, cycle data, photos, or contact details. Ad-related flags are permanently denied.

Routine follow-along videos (YouTube and Vimeo)

When you paste a YouTube or Vimeo URL into a routine, Kinoku makes one oEmbed call to the provider. That call goes to youtube.com/oembed or vimeo.com/api/oembed.json. It fetches the video title, thumbnail URL, author or channel name, and duration. For YouTube URLs, Kinoku also fetches the public watch-page HTML to find chapter timestamps, if the description includes them. This is the same page anyone can view in a browser, and the fetch is capped at 5 MB. Chapter timestamps let the editor offer to build your exercise list from the chapters. For these requests, the pasted URL and your IP address are visible to Google or Vimeo. No Kinoku account, advertising identifier, workout ID, or health profile is attached. Kinoku caches the fetched metadata on your device with the routine. It is not re-fetched unless you change the URL.

Kinoku refuses redirects on the watch-page fetch by default. A 30x response from YouTube is treated as "no chapter metadata available." This stops a malicious upstream from redirecting Kinoku's HTTP request to a LAN or loopback address. This metadata fetch is the only network call the feature makes. Pasting a URL never embeds, downloads, or proxies the video itself. Tapping the play control opens the URL in your browser or in the YouTube or Vimeo app, the same way any link would.

Weather context for runs (Open-Meteo)

Off by default. When you turn on "Add weather context to runs" in Settings, Kinoku sends your run-start coordinates to Open-Meteo's API. The coordinates are rounded to two decimal places (about 1.1 km precision) before any URL is built. The call fetches temperature, apparent temperature, wind, and weather condition. With the AQI sub-toggle on, it also fetches US Air Quality Index, pollen index, UV index, and mean sea-level pressure. No Kinoku account, email, advertising identifier, or workout ID is attached. Open-Meteo must receive your IP address and the API URL, which holds the rounded coordinates. The fetch runs once on the first GPS fix and does not wait for a reply. Four checks each skip the call quietly: the settings toggle is off, there is no confirmed internet, a 4-second timeout, or a defensive limit of 200 calls per day. The returned values are stored on your device with the rest of your run data.

Open-Meteo is the third-party API provider for this feature. Its privacy policy and terms are at open-meteo.com.

Reproductive health

If you use cycle tracking or pregnancy logging, the data is held in a dedicated Room database (kinoku_cycle_db). That database is:

  • Left out of Google's Auto Backup cloud path. An automated test (CycleCloudBackupExclusionTest) checks this and fails the build if the exclusion is ever removed.
  • Never sent to Kinoku. Kinoku operates no server that holds cycle, fertility, or pregnancy data.
  • Never written to Health Connect. Kinoku may read menstruation entries to avoid duplicate logging. This is opt-in, with your explicit Health Connect consent. Kinoku does not and cannot write back.
  • Never included in share cards, Wrapped, photo overlays, the main CSV export, or Firestore bet payloads. A lint test (CycleImportPrivacyTest) checks this on every build.
  • Included in a device-to-device transfer that you start (Android setup wizard) and in the manual ZIP backup. Those are under your control.

Post-Dobbs note. Kinoku operates no server holding cycle data. So Kinoku cannot answer a subpoena by producing that data, because Kinoku does not have it. The data lives on your device, under your control. Delete it any time from Profile → Wellness → Delete all cycle data.

Washington MHMDA. For users who obtained the app in Washington State, cycle and pregnancy entries are classified as "consumer health data" under RCW 19.373. For deletion or access requests: privacy@kinoku.app.

Maps and tiles

GPS run tracking stores route polylines on your device. When you view a route map or make a route share image, Kinoku fetches map tiles from CARTO basemaps. If you choose the topographic style, it fetches them from OpenTopoMap. Tile providers receive the tile coordinates needed to draw the visible map area and your IP address for the request. Kinoku does not attach a Kinoku account, advertising identifier, workout ID, or health profile to tile requests.

Google Play Billing

Google Play Billing processes paid subscriptions. Kinoku does not receive your card details, billing address, or payment information. The app receives product IDs, purchase status, subscription tier, and the purchase tokens needed to acknowledge or restore purchases. Purchase tokens are not kept after normal acknowledgement. If acknowledgement fails, a token may be stored on your device for retry and is removed after the refund window. Refunds and subscription management are handled through Google Play.

App integrity, promo access, and gift codes

Kinoku uses Firebase App Check with Play Integrity to protect Firebase-backed features from abuse. Friends-and-family promo access uses Firebase Remote Config. The app fetches a configured allowlist and compares it on your device to the Android device ID shown in Settings. The Android ID reaches Kinoku only if you choose to share it with Kinoku support for promo access. Gift code redemption sends the gift code you enter to Firestore, checks the matching gift_codes document, and increases its use count. These flows do not send workout, health, cycle, route, or photo data to Firebase.

Android Auto Backup

If you turn on Android Auto Backup (a device setting), the main Kinoku database and files directory are backed up to your personal Google account. The cycle and pregnancy database is left out (see the reproductive-health section). You can turn off Auto Backup in your device's Google One Backup settings.

Wear OS companion

Wear OS sync runs over Google Play Services' Wearable Data Layer on your device. There is no server leg.

Third-party services

The third parties below process limited data when you use specific opt-in features or platform services. Kinoku uses no advertising, data-broker, or A/B-testing third parties.

ServiceWhat they processWhen
Google LLC: Firebase Auth, Firestore Anonymous Firebase UID, bet display alias, bet progress number; gift code entered, validity, tier/duration metadata, and use count Only when you create or join a Social Bet, or redeem a gift code
Google LLC: Firebase App Check, Remote Config App integrity signals; promo allowlist fetched by the app and compared locally to the Android device ID you choose to share with support When Firebase-backed features or promo access checks run
Google LLC: Firebase Crashlytics, Analytics, Performance Crash stack traces, app interaction events, performance traces, and limited metadata such as tier, theme, training-goal label, billing product IDs, and coarse workout interaction counts Only after you opt in via Settings → Help improve Kinoku
Open-Meteo (operated by Patrick Zippenfenig) Run-start coordinates rounded to ≈1.1 km precision in the API URL; your IP address is visible to Open-Meteo for the request Only when "Add weather context to runs" is enabled
CARTO basemaps and OpenTopoMap Tile coordinates for the visible map area; your IP must be visible to the tile operator for the length of each request When viewing route maps or making route share images
Google LLC: Google Play Billing Product IDs, purchase status, subscription tier, and purchase tokens needed to acknowledge or restore purchases; Kinoku never receives your payment details, card, or billing address When you purchase or manage a subscription

International transfers

Google LLC operates the Firebase services (Auth, Firestore, App Check, Remote Config, Crashlytics, Analytics, Performance) and Google Play Billing. These may transfer personal data to the United States or other countries outside the EEA. Such transfers rely on the European Commission's Standard Contractual Clauses (SCCs) and supplementary measures, as documented in Google's Cloud and Firebase data-processing terms. The Open-Meteo API call sends rounded coordinates only and includes no identifier. Open-Meteo's CDN decides its routing. Tile fetches to CARTO basemaps or OpenTopoMap may be served from EU or non-EU infrastructure, depending on geographic routing.

Retention

  • On-device data (workouts, routines, body metrics, photos, cycle entries, settings): kept until you delete it in the app or uninstall the app.
  • Social Bets Firestore documents: kept while needed to run the bet. Leaving a bet removes your UID, alias, and progress right away. If you cannot use the in-app control, email privacy@kinoku.app for deletion.
  • Gift-code and promo records: kept while needed to validate redemptions, prevent duplicate use, and manage promo access.
  • Diagnostics (Analytics, Crashlytics, Performance): subject to Google's Firebase retention policy. Turning diagnostics off stops future collection and tells the app to delete unsent crash reports queued on your device.
  • Google Play Billing records: held by Google Play under its own retention schedule. Kinoku stores only the local billing cache needed to remember your tier offline. Failed acknowledgement tokens are local-only and removed after the refund window.
  • Email correspondence with privacy@kinoku.app or hello@kinoku.app: kept for as long as needed to handle the request and to meet record-keeping duties under Bulgarian and EU law (typically up to 3 years from last contact).

The Kinoku website (kinoku.app)

The marketing website at kinoku.app is a static site. It uses no analytics, no cookies, no fingerprinting, and no third-party trackers. That means no Google Analytics, no Plausible, no Meta Pixel, and no Hotjar, or anything like them. Served pages do not intentionally load third-party analytics scripts, tracking pixels, or externally hosted fonts. The hosting provider may keep standard server access logs for a short time, for abuse and operational reasons. Kinoku does not access or query them.

Automated decision-making

AI Coach, Training Insights, Smart Suggestions, Readiness Score, Autoregulation, and Weight Progression are informational aids only. They do not produce legal or similarly significant effects. There is no profiling for marketing or advertising.

What Kinoku does not do

  • No ad SDKs, no data brokers, no cross-app tracking
  • No sale or sharing of personal information (CCPA/CPRA)
  • No required account creation
  • No server storing workout, cycle, or health data

Your rights

If you are in the EU, EEA, or UK, you have rights of access, rectification, erasure, restriction, portability, and objection. You also have the right to lodge a complaint with a supervisory authority. Most data lives on your device, so you use these rights directly through the app's export and deletion controls (Settings → Import & Export, and Settings → Profile → Wellness for cycle data). For requests that need Kinoku to act, email privacy@kinoku.app.

Under CCPA/CPRA: Kinoku does not sell or share personal information. Kinoku does not use sensitive personal information outside providing the service. Requests: same email.

Data Protection Officer

Kinoku has not appointed a Data Protection Officer. Kinoku's processing does not meet the criteria in GDPR Article 37(1). Kinoku is not a public authority. Its core activities do not consist of large-scale systematic monitoring of data subjects. And it does not engage in large-scale processing of special categories of data on systems it operates. The cycle, period, fertility, and pregnancy data described above lives only on user devices and is never sent to Kinoku-operated servers. For all data-protection matters, contact privacy@kinoku.app.

Children

Kinoku is meant for adults and is not directed at users under 18. Kinoku does not knowingly collect personal data from users under 18.

Data breach notification

Kinoku holds no copies of your workout, cycle, or health data on servers it operates. If a qualifying breach affects the Firestore bet, gift-code, promo, or Firebase diagnostics data, Kinoku will notify affected users. Where the law requires it, Kinoku will also notify the relevant supervisory authority within 72 hours.

Changes

Material changes raise the policy version and the "Last updated" date above. If a change requires consent, Kinoku will ask before turning on the affected processing.

Contact

DREAM SOFT DISTRIBUTED EOOD, Plovdiv, Bulgaria (EU). privacy@kinoku.app.