Privacy Notice

1. Who we are

KinesioCore ("we", "us", "our") is the data controller for personal data processed through the KinesioCore service (the "Service"). This notice explains what we collect, why, and your rights.

2. Personal data we collect

• Account data: name, email address, password (hashed), level of study, university.
• Profile data: avatar, display preferences, optional staff identifier.
• Study activity: question attempts, answers, time spent, bookmarks, notes, scores.
• AI tutor messages: prompts you submit and the responses generated.
• Support communications: messages you send us.
• Technical data: IP address, browser type, device identifiers, log data, cookies.
• Billing data: handled by our Merchant of Record (Paddle). We receive a customer identifier, plan, and subscription status — we do not store full card details.

3. How we use your data and legal basis

• Provide the Service (account, study tools, AI tutor) — performance of contract.
• Process payments and subscriptions via Paddle — performance of contract.
• Security, fraud prevention, and abuse detection — legitimate interests.
• Product improvement and analytics (aggregated where possible) — legitimate interests.
• Customer support — performance of contract and legitimate interests.
• Marketing emails (only if you opt in) — consent.
• Comply with legal obligations (e.g. tax, accounting) — legal obligation.

4. Data sharing

We share personal data only with:

• Paddle, our Merchant of Record, for sales, subscription management, payment processing, tax compliance, and invoicing.
• Hosting and infrastructure providers that operate the platform on our behalf.
• AI providers that power the AI tutor (your prompts may be sent to them to generate responses).
• Analytics and support tooling used to operate the Service.
• Professional advisers (legal, accounting) where necessary.
• Authorities where required by law or to protect our rights.

5. International transfers

Our providers may process data outside your country, including in the United States or other regions. Where applicable, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

6. Retention

We retain account and study data for as long as your account is active. After deletion, we delete or anonymise personal data within a reasonable period, except where we are required to keep it (e.g. for tax or legal records).

7. Your rights

Depending on your jurisdiction, you may have the right to:

• access the personal data we hold about you;
• request correction of inaccurate data;
• request deletion of your data;
• restrict or object to processing;
• data portability;
• withdraw consent at any time (where processing is based on consent);
• lodge a complaint with a supervisory authority.

We aim to respond to requests within one month.

8. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and regular security reviews. No system is completely secure — please use a strong, unique password.

9. Cookies

We use essential cookies and local storage for authentication, session management, and saving your preferences (such as theme). We may use limited analytics cookies to understand how the Service is used. You can manage cookies through your browser settings; disabling essential cookies will prevent the Service from working correctly.

10. Children

The Service is intended for users who are of legal age to enter into a contract in their jurisdiction. We do not knowingly collect data from children.

11. Changes to this notice

We may update this notice from time to time. Material changes will be notified by email or in-app notice.

12. Contact

For privacy queries, contact us through in-app support. For billing-related personal data held by Paddle, visit paddle.net.