← Back to home

Privacy Policy

Last updated: June 23, 2026

Matias Tervonen ("Developer", "we", "us", or "our") operates the Kurvi mobile and web application ("App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. Please read this policy carefully. If you do not agree with the terms of this policy, please do not use the App.

1. Information We Collect

Account Information

  • Email address (used for authentication)
  • Display name
  • Profile picture

Profile & Body Data

  • Height, gender, and birth date
  • Preferred measurement units (weight, distance)

Custom Tracking & Metrics

  • Custom trackers you create to follow any value over time (the Tracking feature)
  • Common metrics include weight, sleep, water, mood, stress, resting heart rate, HRV, body fat, and body measurements (waist, chest), some of which may be health related
  • The values you log, their units, daily goals, and any free-text notes you add to each entry
  • Timer-tracked durations for metrics you time (e.g. meditation, reading, focus sessions)
  • Per-metric reminders and their schedules

Workout & Fitness Data

  • Gym training sessions: exercises, sets, reps, weight, RPE, duration, calories burned
  • Activity sessions: type, duration, distance, steps, notes
  • Workout templates and custom exercises
  • Step count data from your device's pedometer

Health & Fitness Platform Data (Apple Health & Health Connect)

If you choose to connect Apple Health (iOS) or Health Connect (Android), the App reads the following data, only for the categories you grant and only after you give permission in the platform's own consent screen:

  • Sleep sessions and sleep stages (deep, REM, light, awake), sleep efficiency
  • Heart rate, resting heart rate, and heart rate variability (HRV)
  • Blood oxygen / oxygen saturation (SpO2)
  • Steps
  • Workouts and exercise sessions (type, duration, distance, calories)
  • Distance, total and active calories burned, and elevation gained

This is read-only access. The App never writes to, modifies, or deletes data in Apple Health or Health Connect. On Android we also request background read access so the App can keep your data up to date when it is not open. You control which categories are shared and can revoke access at any time from the Apple Health or Health Connect settings on your device, or by disconnecting the source in the App under Menu → Settings → Health sources.

Location Data

  • GPS coordinates, altitude, and accuracy during activity tracking (running, cycling, walking, etc.)
  • Location data is collected in the foreground and background while an activity session is active
  • Route data is stored to display workout maps

Nutrition Data

  • Food logs: food items, quantities, calories, macronutrients (protein, carbs, fat, fiber, sugar, sodium)
  • Meal types and times
  • Custom foods and saved meals
  • Nutrition goals
  • Barcode scans (sent to Open Food Facts API for product lookup)

Notes, Todos & Habits

  • Notes with text content and folder organization
  • Todo lists and tasks
  • Habit definitions and daily completion logs

Reminders & Notifications

  • Reminder titles, notes, and schedules
  • Push notification subscription data (device token, device type)

Social & Communication Data

  • Friends list and friend requests
  • Chat messages, reactions, and media
  • Activity feed posts, comments, and likes
  • Sharing preferences

Media Files

  • Photos, videos, and voice recordings attached to workouts, activities, tracker logs, notes, todos, feed posts, and chat messages
  • These files are stored in cloud storage

Device Information

  • Device platform (iOS/Android)
  • Device identifier (for push notifications)
  • App version

User Settings & Preferences

  • Language preference
  • Notification preferences
  • GPS tracking preferences
  • Day reset hour

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the App
  • Create and manage your account
  • Track and display your fitness, nutrition, and health data
  • Enable social features (friends, chat, activity feed)
  • Send push notifications and reminders you configure
  • Display workout routes on maps
  • Monitor and fix errors and crashes via Sentry
  • Improve the App experience

We do not use your data to:

  • Serve advertisements
  • Sell your personal data to third parties
  • Build advertising profiles

3. Third-Party Services

We use the following third-party services that may receive some of your data:

ServicePurposeData Shared
SupabaseBackend database & authenticationAll user data, authentication tokens
SentryError tracking & crash reportingError logs, device info, session data
MapboxMap display for workout routesGPS coordinates, route data
Open Food FactsFood & barcode lookupProduct barcodes, food search queries
USDA FoodData CentralFood search & nutrition dataFood search queries
ResendTransactional email deliveryEmail address, email content
Anthropic (Claude)AI assistant chatYour chat messages, and when you ask about your own data, a summary of your logged data (training, nutrition, activities, habits, metrics, and health data such as sleep, heart rate, and blood oxygen)

Each third-party service operates under its own privacy policy:

4. Data Storage & Security

  • Your data is stored on Supabase servers with row-level security (RLS) enabled on all database tables
  • Authentication is handled securely through Supabase
  • Media files are stored in Supabase cloud storage
  • Local data on your device is stored using AsyncStorage and SQLite
  • We implement reasonable security measures but cannot guarantee absolute security

5. Data Retention

  • Your data is retained for as long as your account is active
  • You may delete individual data entries (workouts, food logs, notes, etc.) at any time within the App
  • You can delete your account and all associated data directly from the App's settings

6. Account & Data Deletion

You can delete your Kurvi account and all associated data at any time. Deletion is permanent and cannot be undone.

How to delete your account in the app

  1. Open Kurvi on your device
  2. Go to Menu → Security
  3. Tap Delete account and confirm

If you no longer have the app installed

Email support@kurvi.io from the address associated with your account and request account deletion. We will process the request within 30 days.

What gets deleted

  • Your account, profile, and authentication credentials
  • All workouts, activities, nutrition logs, custom trackers and their logs, notes, todos, habits, and reminders
  • All chat messages, friend connections, and feed posts you created
  • All photos, videos, and voice recordings you uploaded
  • All location data and GPS routes
  • Push notification tokens and device subscriptions

What may be retained

  • Encrypted database backups for up to 7 days (Supabase's rolling daily backup retention), after which they are automatically purged
  • Anonymized error logs in Sentry that contain no personal data, retained for up to 90 days
  • Information we are legally required to keep (e.g. fraud prevention or tax records)

7. Your Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Export your data in a portable format
  • Withdraw consent for data processing
  • Object to certain processing of your data

To exercise any of these rights, contact us at the email address listed below.

For EU/EEA Users (GDPR)

We process your data based on:

  • Contract performance — to provide the App's core functionality
  • Legitimate interest — to improve the App and fix errors
  • Consent — for optional features like location tracking and push notifications
  • Explicit consent (Article 9) — health data is a special category of personal data. We process the health and fitness data you choose to import from Apple Health or Health Connect (such as sleep, heart rate, HRV, and blood oxygen) only on the basis of your explicit consent, which you give in the platform's permission screen. You can withdraw it at any time by revoking access in Apple Health or Health Connect, after which we stop reading new data.

For California Users (CCPA)

We do not sell your personal information. You have the right to know what data we collect, request deletion, and not be discriminated against for exercising your rights.

8. Children's Privacy

The App is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete that data.

9. Location Data

  • Location data is only collected when you actively start an activity tracking session
  • Background location access is used solely to continue tracking your workout route when the App is in the background during an active session
  • You can disable location tracking in the App settings or through your device's permission settings
  • Location data is stored to display your workout routes and calculate distance

10. AI Assistant

The App includes an optional AI assistant (the in-app chat), available to Pro users. This section explains exactly how it handles your data.

  • It only runs when you use it. No chat data is sent anywhere unless you open the assistant and send a message. If you never use the assistant, none of the processing below happens.
  • How a reply is generated. When you send a message, the text you type is sent to our AI provider, Anthropic (Claude), which generates the response. Your conversation is kept so the assistant can refer back to earlier messages in the same chat; your chats are stored on your account and you can delete any chat, or your whole history, from within the App.
  • Reading your logged data.When you ask the assistant about your own data (for example "how was my training this week" or "look at my nutrition and where should I focus"), the App reads the relevant data you have logged and sends a short summary of it to the AI provider so it can answer. Depending on your question this can include training, nutrition, activity, habit, custom-metric, and energy-balance information, which may be health and fitness related. This summary is sent only for the specific question you asked, and only when you ask a question that needs it.
  • Scope and limits.The assistant reads only your own data, scoped to your account through row-level security. It cannot see other users' data, and it cannot create, change, or delete any of your data; it only reads it to answer you.
  • Location (optional, off by default). If you turn on location for the assistant, your approximate location may be sent to answer local questions such as weather. It stays off until you allow it, and you can turn it off at any time from the assistant's info screen.
  • Model training. Your messages and data summaries are sent to the AI provider to generate your answer and are not used to train its models.
  • Legal basis (EU/EEA). Processing for the assistant is based on your use of this optional feature (contract performance) and, where applicable, your consent. You can choose not to use the assistant at all.

11. Health & Fitness Data (Apple Health & Health Connect)

This section explains specifically how we handle data read from Apple Health and Google Health Connect, in line with Apple's and Google's health data requirements.

  • You are in control. We read health data only after you connect a source and grant permission in Apple Health or Health Connect. You choose which categories to share, and you can revoke any of them at any time from the platform settings or by disconnecting the source in the App. Access is read-only; we never write to or delete data in Apple Health or Health Connect.
  • How we use it. Imported health data is used solely to provide features you can see in the App: showing your sleep, heart rate, blood oxygen, steps, and workouts, charting trends, and, when you choose to ask the in-app AI assistant about your data, including a summary of it in your question so the assistant can answer (see the AI Assistant section above).
  • What we do not do. We do not use Apple Health or Health Connect data for advertising or marketing, we do not sell it, we do not share it with data brokers, and we do not use it to build advertising profiles. We do not transfer this data to third parties except the infrastructure providers needed to run the App (our backend on Supabase, and Anthropic only when you ask the AI assistant a question that needs it), as described in the Third-Party Services section.
  • Storage and deletion. Health data you import is stored on your device and synced to your account on Supabase under row-level security, so only you can access it. You can delete imported health entries in the App, and deleting your account removes this data as described in the Data Retention section. Revoking the platform permission stops any further reading.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this policy. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: support@kurvi.io

Developer: Matias Tervonen