Privacy Policy

Who we are

Kintel (“the Service”) is operated by Kinos (“we”, “us”). For anything in this policy — questions, privacy requests, complaints — write to support@kintel.app.

What we collect

Account

Your name, email address, and a password (stored only as a salted hash — we cannot read it). Optionally a profile image.

Profile and settings

Preferences you set: primary sport, units, coach voice, weekly training hours, timezone, and — optionally, for energy and age-group calculations — birth year (never your full date of birth), sex, and height.

Training data

Activities you upload or sync: the original activity files (.fit), the sensor streams inside them (heart rate, power, cadence, speed, GPS traces), and everything we derive from them — training load, power curves, zone time, personal bests.

Health metrics

Values you log, screenshot, or sync: HRV, resting heart rate, sleep, stress, FTP, VO2 max, body weight and composition.

Nutrition

Meals you log (description, macros, calories), meal plans, recipes you create, and fueling plans.

Coach conversations

Your chat history with the AI coach and the memories it records about your training, nutrition, and health preferences. Memories are listed in the app and individually deletable.

Community (only if you opt in)

A handle, display name, optional avatar, your visibility settings, follows, Chapeaus, comments, and segment times. None of this exists until you create a community profile.

Billing

Your subscription state (plan, status, renewal date). Payment is handled entirely by Stripe — card numbers never touch our servers.

Usage analytics

Typed events carrying only categories and counts (for example, “a meal was logged, source: photo”). Deliberately excluded: health values, meal text, notes, free text of any kind, and URL query strings. Autocapture and session recording are switched off.

How we use your data

• To run the Service: analysis, planning, coaching, community.
• To power AI features you invoke (described in the next section).
• To send you email you asked for: account verification, password resets, export-ready notices, and community notifications you opted into per category.
• To bill your subscription through Stripe.
• To understand which features matter, via the privacy-scrubbed analytics described above.

We do not sell personal information, share it with data brokers, or use it for advertising.

AI processing

Kintel’s AI features send the content you submit to large language model providers — Anthropic and OpenAI, routed through Vercel’s AI Gateway — to do their work:

• Meal logging: your meal description or photo, to estimate macros.
• Screenshot reading: the wearable-app screenshot you paste, to extract the numbers on it.
• The coach: your messages, recent conversation context, the coach’s memories, and the training, nutrition, and health summaries it looks up to answer you.
• Recipe images: when a photo is generated for a recipe you created, its title, description, and ingredient list are sent to the image model to render it.

Photos and screenshots are deleted from our storage as soon as analysis completes, whether or not it finds anything. If an analysis fails outright, the file is removed when your account is deleted at the latest. We do not train models on your data, and our providers process this content as API traffic, which they do not use for model training.

Service providers

These companies process data on our behalf, only to run Kintel:

• Vercel — application hosting, private file storage, and AI request routing.
• Stripe — payments and subscriptions (receives your email; never your health data).
• Resend — transactional email delivery.
• PostHog — product analytics (receives the categorical events described above; person profiles carry only your account basics, never health values).
• Inngest — background job orchestration (events carry IDs and references, not raw health data).
• Anthropic and OpenAI — AI analysis, as described in the previous section.

intervals.icu is different: it is a connection you choose to make. We ask for read-only access (activities and wellness), we never write anything back, and the credential is stored encrypted (AES-256-GCM). Disconnecting deletes the credential and keeps everything you imported.

Community and location privacy

• Structural opt-in: without a community profile, you are invisible to other users — there is no record to find.
• You set the visibility: when you opt in, you choose who sees your activities — Public, Followers, or Private — and whether follows need your approval (they require approval by default).
• ~1 km home location: your “home” for the nearby feed is computed from recent ride starts and rounded to roughly 1 km. A precise address is never stored.
• Feed cards omit precise start coordinates and show simplified route lines, not your full GPS trace.
• Age-group leaderboards use your birth year only. Your exact age is never shown to other users; appearing in an age-group view reveals only the bracket.

Cookies and on-device storage

• Session cookies (prefixed kintel) keep you signed in. HttpOnly, secure in production.
• kintel-tz remembers your timezone so daily totals match your day, not our server’s.
• Analytics cookies from PostHog identify your browser for the event stream described above.
• Your browser’s local storage holds UI preferences (panel layout, toggles). During sign-up, your email is briefly kept in session storage — not in any URL — to show the “check your email” page; it clears when the tab closes.

Security

• Passwords are stored as salted hashes, never plaintext.
• Third-party credentials (like your intervals.icu connection) are encrypted at rest with AES-256-GCM.
• Uploaded files live in private storage and are served only through authenticated, ownership-checked routes.
• All traffic is encrypted in transit (HTTPS).

If a breach affects your personal data, we will notify you as required by applicable law.

Retention

• Your training, nutrition, and health history is kept until you delete it — it is your training log.
• Meal photos and metric screenshots are deleted immediately after AI analysis.
• Data export archives expire and are deleted after 7 days.
• Email verification links expire in 4 hours; password reset links in 1 hour.
• On account deletion, all of the above is destroyed (see “Your controls”). Stripe retains payment records it is legally required to keep; residual copies in our providers’ systems (such as routine database backups and analytics) roll off on their schedules.

Your controls

• Export everything: Settings › Account › Request export produces a zip with your settings, metrics, meals, goals, coach history, and original activity files. The download link works for 7 days.
• Delete your account: Settings › Account › Delete account. It is immediate and complete: every record, every file, your Stripe customer, your community footprint. Segments you created stay (other athletes have times on them) but are anonymized. There is no undo.
• Delete pieces: individual activities, meals, metrics, and each coach memory can be deleted in the app; goals can be archived.
• Read access is never paywalled: if your subscription lapses, you can still see and export your data.
• Disconnect keeps your data: removing the intervals.icu connection deletes the credential, not what you imported.
• Anything else — a correction, a question, a copy of this data by another means — email support@kintel.app.

Age

Kintel is for athletes 16 and older. We do not knowingly collect data from anyone younger; if you believe we have, contact us and we will delete it.

Changes to this policy

If we change this policy in a way that matters, we will say so in the app or by email before the change takes effect. The date at the top is always current.

Contact

support@kintel.app. See also the Terms of Service.