Kinora

Privacy Policy

Effective date:23 March 2026   ·  Last updated: 23 March 2026

1. Introduction

Kinora (“we”, “our”, or “us”) operates the kinora.runplatform (the “Service”). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use Kinora. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

2.1 Account data

When you register, we collect:

  • Your name and email address (via Google OAuth)
  • Your profile photo (from your Google account)
  • Your selected role (Runner or Coach)

2.2 Running profile data

When you complete onboarding, we collect:

  • Date of birth and country
  • Experience level and running history
  • Preferred training days and weekly mileage
  • Race goals and target dates
  • Performance data (recent race results or time trial times)
  • Optional: weight, gender, injury history

2.3 Garmin Connect data

If you connect your Garmin account, we collect and process the following data from Garmin Connect:

  • Completed activity data: date, distance, duration, pace, heart rate, cadence, elevation, GPS route, running power
  • Training load metrics: aerobic and anaerobic training effect, VO₂max estimate
  • Wellness data: sleep duration and quality, HRV (Heart Rate Variability) score, Body Battery level, stress score
  • We push structured workouts to your Garmin Connect calendar on your behalf

2.4 Usage data

We automatically collect certain technical information including:

  • Browser type and device information
  • Pages visited and features used
  • Error logs and performance data

3. How We Use Your Data

We use your data to:

  • Generate and adapt personalised training plans
  • Sync workouts to and from your Garmin device
  • Provide coaching interactions (human or AI-powered)
  • Display your performance analytics and progress
  • Send training-related notifications and emails (with your consent)
  • Improve the platform and fix technical issues
  • Comply with our legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4. Garmin Connect Integration

Kinora integrates with Garmin Connect via the official Garmin Health API. By connecting your Garmin account you authorise Kinora to:

  • Read your activity, health, and wellness data from Garmin Connect
  • Write structured workouts to your Garmin Connect calendar
  • Receive real-time activity updates via webhook

You can disconnect your Garmin account at any time from your dashboard settings. Disconnecting will stop all future data sync. Previously imported data will be retained in your Kinora account unless you request deletion.

5. Data Sharing

We share your data only with the following categories of service providers, strictly to operate the platform:

ProviderPurpose
SupabaseDatabase hosting (PostgreSQL), hosted in the EU/US
VercelApplication hosting and deployment
StripePayment processing (billing data only)
ResendTransactional email delivery
AnthropicAI coaching responses (anonymised context, no persistent storage by Anthropic)
GarminWorkout sync and activity import (as described above)

All third-party providers are bound by data processing agreements and are prohibited from using your data for their own purposes.

6. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, all personal data is permanently deleted from our systems within 30 days, except where we are required to retain it by law (e.g. billing records). You can delete your account at any time from your dashboard under Settings → Delete Account.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion— request deletion of your data (“right to be forgotten”)
  • Portability — request your data in a machine-readable format
  • Objection — object to certain types of processing
  • Withdrawal of consent — withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at: privacy@kinora.run

8. Cookies

Kinora uses the following cookies:

  • Session cookies — required for authentication, deleted when you close your browser
  • Preference cookies — remember your settings (e.g. language, theme)

We do not use advertising or tracking cookies. You can control cookies through your browser settings.

9. Data Security

We implement industry-standard security measures to protect your data:

  • All data transmitted over HTTPS/TLS encryption
  • Database access restricted by role-based permissions
  • OAuth tokens stored encrypted at rest
  • Regular security reviews and dependency updates

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using best practices.

10. Children’s Privacy

Kinora is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us immediately at privacy@kinora.run.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via a prominent notice on the platform. The “Last updated” date at the top of this page will always reflect the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Kinora

Website: kinora.run

Email: privacy@kinora.run