Privacy Policy

1. Introduction

Welcome to KRIO, operated by Ophanic Yazılım Teknoloji ve Danışmanlık Anonim Şirketi ("we," "our," or "us"), a company registered in Turkey. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application KRIO (the "App").

Please read this privacy policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access the App.

2. Definitions

• Account: A unique account created for you to access our Service.
• App: KRIO, the mobile application provided by us.
• Device: Any device that can access the Service, such as a smartphone or tablet.
• Personal Data: Any information that relates to an identified or identifiable individual.
• Service: The App and all related services provided by KRIO.
• Usage Data: Data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
• You: The individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service.

3. Data We Collect

3.1 Information You Provide

• Account Information: Email address, name, and authentication credentials when you create an account.
• Workout Data: Exercise selections, workout templates, session logs, sets, reps, weights, and other fitness tracking data you input.
• Preferences: Your fitness goals, experience level, available equipment, and other preferences used for AI workout generation.
• Subscription Information: Purchase history and subscription status (processed through Apple App Store or Google Play Store).

3.2 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers.
• Usage Data: App features used, time spent in the app, interaction patterns.
• Log Data: Error reports, crash logs, and performance data to improve the App.

3.3 Third-Party Services

We use the following third-party services that may collect information:

• Clerk: For secure authentication and account management.
• InstantDB: For real-time data storage and synchronization.
• RevenueCat: For subscription management and payment processing.
• Google AI (Gemini): For AI-powered workout generation and daily recommendations. Anonymized fitness data — including your goals, experience level, equipment preferences, workout history, and activity data — is shared with Google AI to generate personalized workouts. No personal identifiers (name, email, or account ID) are sent to AI services.
• PostHog: For product analytics. We collect anonymized usage events (e.g., feature usage, session data) to improve the App. No personally identifiable information is sent to PostHog.
• Canny: For in-app feedback and feature requests. When you access the feedback board, your user ID, email, and display name are shared with Canny via single sign-on (SSO) to authenticate your session. Any additional information you submit on the feedback board (e.g., feature requests, comments) is voluntarily provided by you directly to Canny.

4. How We Use Your Data

We use the information we collect for the following purposes:

• Provide the Service: To create and manage your account, track your workouts, and deliver AI-generated workout recommendations.
• Sync Your Data: To enable offline functionality and synchronize your data across devices.
• Process Subscriptions: To manage your subscription status and provide premium features.
• Improve the App: To analyze usage patterns, fix bugs, and enhance features.
• Communicate: To send important updates about the Service, respond to inquiries, and provide customer support.
• Security: To detect and prevent fraud, abuse, or security incidents.

5. AI-Powered Features & Your Consent

5.1 What AI Features Do

KRIO uses Google AI (Gemini) to generate personalized workouts, daily recommendations, and exercise suggestions tailored to your fitness profile.

5.2 What Data Is Shared with AI

When AI features are enabled, the following anonymized data is sent to Google AI through KRIO's secure servers:

• Fitness profile: goals, experience level, available equipment, gender, and age group
• Recent workout history: exercises performed, sets, reps, and weights
• Activity data from Apple Health (if connected): heart rate, calories burned
• Muscle fatigue indicators derived from your training history

5.3 Your Right to Decline

AI data sharing is entirely optional. You can choose to decline AI features at any time:

• During onboarding: Tap "Don't use AI features" on the AI consent screen.
• In Settings: Go to Profile > AI Data Sharing and toggle it off.

When AI features are disabled:

• No fitness data is sent to Google AI or any third-party AI service
• AI workout generation and AI-powered recommendations are disabled
• All other app features (workout tracking, templates, progress history, cloud sync) continue to work normally

You can re-enable AI features at any time from your Profile settings.

5.4 Data Processing by Google AI

When AI features are enabled, anonymized data is processed by Google AI (Gemini) under Google's AI terms. Google does not use data sent through the Gemini API to train its models.

6. Data Sharing

We do not sell your personal data. We may share your information only in the following circumstances:

• Service Providers: With third-party vendors who assist us in operating the App (authentication, database, payments) under strict data processing agreements.
• Legal Requirements: If required by law, regulation, or legal process.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to users.
• With Your Consent: When you explicitly agree to share data for a specific purpose.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Account Data: Retained while your account is active and for a reasonable period afterward.
• Workout Data: Retained as long as your account exists, or until you request deletion.
• Usage Data: Typically retained for up to 24 months for analytics purposes.

You can request deletion of your account and associated data at any time by contacting us.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit using TLS/SSL.
• Secure authentication through industry-standard providers (Clerk).
• Regular security assessments and updates.
• Access controls limiting data access to authorized personnel only.

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

9.1 General Rights

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data.
• Portability: Request your data in a portable format.
• Objection: Object to certain processing of your data.

9.2 For EU/EEA Residents (GDPR)

If you are in the European Union or European Economic Area, you have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority.

9.3 For California Residents (CCPA)

California residents have the right to:

• Know what personal information is collected.
• Know whether personal information is sold or disclosed and to whom.
• Say no to the sale of personal information (we do not sell personal information).
• Access their personal information.
• Equal service and price, even if they exercise their privacy rights.

To exercise any of these rights, please contact us using the information in Section 13.

10. Children's Privacy

The App is not intended for children under 13 years of age (or 16 in certain jurisdictions). We do not knowingly collect personal information from children under these ages.

If we learn that we have collected personal information from a child under the applicable age, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

When we transfer data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or other approved mechanisms.

12. Policy Changes

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page.
• Updating the "Last updated" date at the top.
• Sending you a notification through the App for significant changes.

We encourage you to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Company: Ophanic Yazılım Teknoloji ve Danışmanlık A.Ş.
• Address: Eğitim Mah. Hızırbey Cad. ARGE Teknopark B Blok No: 118/6 İç Kapı No: 1, Kadıköy, Istanbul, Turkey
• Tax ID: 6440931283
• Email: info@ophanic.com
• Website: https://kriofitness.app

We will respond to your inquiry within 30 days.