Privacy Policy

This Privacy Policy describes how Kallpa (“we”, “us”, “our”) handles personal information when you use the Kallpa mobile application, our website at kallpa.co, and related services (collectively, the “Service”).

Kallpa is a fitness and strength-training app. We are not a medical provider. The Service does not diagnose, treat, or prevent any disease or medical condition.

Questions or requests: hello@kallpa.co.

1. Information we collect

Account and profile

• Email address and authentication data when you sign up or sign in (including Google Sign-In, if you choose it).
• Profile and onboarding information you provide (for example training experience, goals, equipment, injury preferences, language).
• Optional demographic or body-composition fields you choose to enter (for example birth date, sex, body weight).

Training and app data

• Workout history: exercises, sets, reps, weight, rest, RIR, session dates, and program structure.
• Strength assessment inputs and estimated performance metrics derived from your logs.
• AI coaching events and related context used to personalize coaching messages (rule-based and, where enabled, LLM-enhanced text).
• Preferences you set in the app (units, rest timers, locale, and similar settings).

Website waitlist

If you join our email waitlist on the website, we collect the email address you submit and basic submission metadata (for example timestamp and language preference).

Technical and diagnostic data

• App version and coarse technical events (for example feature usage and error types) to improve reliability. We design these logs to avoid unnecessary personal content.
• Server and database logs from our hosting providers in connection with security and operations.

What we do not collect

• We do not sell your personal information.
• We do not use the Service to collect precise GPS location for training features.
• We do not knowingly collect information from children under 16.

2. How we use information

• Provide and maintain the Service (sync workouts, programs, coaching, and account features).
• Personalize training guidance, volume landmarks, and coaching messages based on your data.
• Authenticate you and secure your account.
• Send transactional emails (for example sign-up confirmation or password reset) when applicable.
• Send waitlist or product updates if you opted in on the website.
• Monitor performance, fix bugs, and understand aggregate usage patterns.
• Comply with law and protect the Service, our users, and our rights.

3. AI and automated processing

Parts of Kallpa use automated logic and, for some features, third-party language models to generate coaching text or program suggestions. We send only the data needed for each feature (for example recent training summaries or exercise context), not your full account history, unless required for that feature. AI output is informational and is not medical advice.

4. Legal bases (EEA / UK users)

Where GDPR or UK GDPR applies, we rely on:

• Contract — to provide the Service you request.
• Legitimate interests — to improve security, reliability, and product quality, balanced against your rights.
• Consent — where required (for example optional marketing or non-essential cookies, if we use them).
• Legal obligation — when we must retain or disclose data by law.

5. How we share information

We share personal information only with:

• Service providers that help us run the Service under contract, including:
  • Supabase — authentication, database, and backend hosting.
  • Google — if you use Google Sign-In (Google Privacy Policy).
  • Groq — when AI features process text to generate coaching or program content (Groq Privacy Policy).
  • Cloudflare — website and email routing for kallpa.co, where applicable.
• Authorities when required by law or to protect safety and rights.
• Business transfers if we are involved in a merger or acquisition (you will be notified where required).

We do not share your data with advertisers for cross-context behavioral advertising.

6. International transfers

We and our providers may process data in the United States and other countries. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers from the EEA, UK, or Switzerland.

7. Retention

We keep your information while your account is active and as needed to provide the Service. If you delete your account, we delete or anonymize personal data within a reasonable period, except where we must retain it for legal, security, or backup purposes.

8. Security

We use industry-standard measures including encryption in transit (HTTPS/TLS), access controls, and row-level security on user data in our database. No method of transmission or storage is 100% secure.

9. Your rights and choices

Depending on your location, you may have the right to:

• Access, correct, or delete your personal information.
• Export your workout data (where the app provides export).
• Object to or restrict certain processing.
• Withdraw consent where processing is consent-based.
• Lodge a complaint with your local data protection authority.

To exercise these rights, contact hello@kallpa.co. We may need to verify your identity. California residents may have additional rights under the CCPA/CPRA; we do not sell personal information as defined by those laws.

For users in Brazil (LGPD) and other jurisdictions with similar laws, you may contact us for access, correction, deletion, or portability requests as applicable.

10. Third-party links

The Service may link to third-party sites (for example exercise videos). Their privacy practices are governed by their own policies.

11. Changes to this policy

We may update this policy from time to time. We will post the new version on this page and update the effective date. Material changes may be communicated in the app or by email where appropriate.

12. Contact

Kallpa
Email: hello@kallpa.co
Web: https://kallpa.co