Privacy Policy

1. Who we are

"KinetiQsport", "we", "our" and "us" refers to the operator of kinetiqsport.com. KinetiQsport is a web application that lets sports coaches track matches, generate AI-powered tactical analysis, and build training plans.

If you have questions about this policy or how your data is handled, contact us at privacy@kinetiqsport.com.

2. What we collect

2.1 Information you give us

• Account data: the email address and password you use to sign up. Passwords are never stored in plain text.
• Subscription data: when you start a paid plan, our payment processor Stripe collects your billing details. We never see or store your card number — Stripe gives us back a customer ID, your subscription tier, and your subscription status.
• Coaching data: the team names, opponent names, player numbers and names, formations, match events, and any notes you save inside the app.
• Optional data: any messages you send to our in-app support chat.

2.2 Information collected automatically

• Auth session cookies and local storage: we store your login session and your in-app preferences (selected language, last sport, in-progress match state) on your device. These are strictly necessary cookies — they are required for the app to work and do not need a consent banner under EU law.
• Crash and error logs: if the app crashes, we automatically log the error message and a stack trace to our database so we can fix it. These logs do not include your password, your card data, or the contents of your matches.
• AI-feature usage telemetry: for each call to our AI Coach or AI Training Plan we record an audit row (who, when, which sport) so we can apply per-user rate limits and detect abuse. These rows do not include the actual prompt or response text.
• Google Analytics (consent-gated): if you accept analytics cookies on our consent banner, we use Google Analytics 4 to understand how visitors discover and use the site (pages viewed, signups, trial starts, match saves). IP addresses are anonymized before storage. We do not use Google Signals, ad personalization, or any cross-site advertising features. You can change your choice any time by clearing your browser data and refreshing the page. See Section 4 for Google's role as a sub-processor.

2.3 What we do NOT collect

• We do not run third-party marketing or advertising trackers.
• We do not sell your data to anyone.
• We do not collect biometric data or location beyond what your browser exposes by default (none, unless you explicitly grant permission).
• We do not collect data from minors under 13. The app is designed for coaches; if a coach records a minor's name, that minor's data is processed under the coach's responsibility (see Section 7).

3. Why we collect it (lawful bases)

Under GDPR Art. 6 we process your data on the following lawful bases:

• Performance of a contract (Art. 6(1)(b)) — to operate your subscription, store your matches, and provide the features you signed up for.
• Legitimate interest (Art. 6(1)(f)) — to keep the service secure, prevent abuse, debug crashes, and communicate operational notices.
• Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, and consumer-protection law.
• Consent (Art. 6(1)(a)) — for any optional feature where we explicitly ask for it (e.g. transactional emails you opt into).

4. Who we share it with (sub-processors)

Your data is processed on our behalf by the following service providers. We have signed Data Processing Agreements (DPAs) with each.

• Supabase (database + authentication). Servers in the EU. supabase.com/privacy
• Netlify (web hosting + serverless functions). Servers globally with EU edge nodes. netlify.com/privacy
• Stripe (payment processing). PCI-DSS Level 1 certified. stripe.com/privacy
• Anthropic (AI Coach + AI Training Plans + support chat). Your match data is sent to Anthropic's API to generate tactical analysis; Anthropic does not train models on this data per their commercial terms. anthropic.com/privacy
• Google Workspace (Gmail) (delivery of match reports and AI tactical analyses to your account email, sent from report@kinetiqsport.com via Google's SMTP infrastructure). policies.google.com/privacy
• Google Analytics 4 (anonymized website usage statistics, only if you consent via the cookie banner). IP addresses are truncated before storage; no advertising features are enabled. policies.google.com/privacy

We do not share your data with anyone else without your explicit consent or unless legally required (e.g. by a valid court order).

5. International transfers

Some of our sub-processors are based outside the EU/EEA. Where this is the case, transfers are protected by Standard Contractual Clauses approved by the European Commission, or by the equivalent successor mechanism. Anthropic and Stripe in particular operate primarily from the United States; we rely on their published Standard Contractual Clauses and supplementary measures.

6. How long we keep it

• Account data and matches: kept as long as your account is active. If you delete your account, all your matches, AI analyses, training plans and squads are deleted within 30 days.
• Billing records: kept for 7 years to comply with Spanish tax law, even after account deletion.
• Crash and error logs: 90 days, then automatically purged.
• AI usage telemetry: 13 months, then automatically purged.

7. Coaching data and minors

The KinetiQsport app is designed for use by coaches. When a coach records a player (name, number, performance) inside the app, the coach is the data controller for that player's data; KinetiQsport acts as the data processor.

If you are a coach using the app to track minors:

• You are responsible for obtaining the consent of the minor's parents or guardians before recording their data.
• You must inform parents/guardians about how the data is stored, who can access it, and how it can be deleted.
• Players can be removed at any time; deleting a team cascades and removes all associated player data.

8. Your rights

Under GDPR you have the right to:

• Access the personal data we hold about you;
• Request that inaccurate data be corrected;
• Request that your data be deleted ("right to be forgotten");
• Restrict or object to certain processing;
• Receive your data in a portable, machine-readable format;
• Withdraw consent at any time, where processing is based on consent;
• Lodge a complaint with the Spanish data-protection authority (AEPD) or your local supervisory authority.

To exercise any of these rights, email privacy@kinetiqsport.com. We will respond within 30 days as required by GDPR Art. 12.

9. Security

We protect your data with industry-standard measures:

• All connections to the app use TLS encryption;
• Database access is restricted by row-level security policies — every user can only read or write their own rows;
• Passwords are hashed using a slow, salted algorithm (bcrypt-equivalent);
• API keys and secrets are stored in encrypted environment variables on Netlify;
• Stripe handles all card data — we never receive or store your card number.

10. Cookies

We use only strictly necessary cookies and equivalent local-storage entries. They are required for login sessions and to remember your in-app preferences. Under EU law, strictly necessary cookies do not require an opt-in banner.

We do not use advertising cookies, third-party analytics cookies, or tracking pixels. If we ever introduce optional analytics, we will add a consent banner at that time.

11. Changes to this policy

If we make material changes to this policy we will notify you by email or via an in-app banner before the changes take effect. The effective date at the top of this page always reflects the most recent version.

12. Contact

For any privacy-related question or to exercise your rights, contact us at privacy@kinetiqsport.com.