Overview
KILO is a workout tracker for iPhone and Apple Watch. By default, your workout data is stored locally on your device. Cloud features — iCloud backup and optional KILO account sync — are strictly opt-in, and you remain in control of your data at every stage.
This policy describes the information handled by the KILO iOS app and this website (“KILO,” “we,” “us”).
Information we handle
Data you create in the app
This includes workouts, sets, reps, weights, exercise notes, templates you build, personal records, streaks, unit and theme preferences, and your self-reported experience level. This data is stored locally on your device using Apple’s on-device storage.
Health data (HealthKit)
When you grant permission, KILO reads live heart rate from your Apple Watch during a workout and writes completed workouts back to Apple Health. HealthKit data is governed by Apple’s on-device privacy model. We never transmit HealthKit data off your device, and we never use it for advertising or derived analytics.
Account information (optional)
If you create a KILO account for cross-device sync, we collect your email address and a securely hashed password, or a credential returned by Sign in with Apple. We do not receive your Apple ID password.
Synced workout data (optional)
If you enable account sync, the workouts, templates, and settings you create are transmitted over HTTPS and stored on our backend so they can reach your other devices. This data is associated with your account and isolated from other users.
iCloud data (optional)
If you enable iCloud sync, your data is stored in your personal iCloud container. We cannot access your iCloud data — it is encrypted and managed by Apple on your behalf.
Diagnostic information
If you opt in at the system level, Apple may share anonymised crash reports with us via built-in diagnostics. These reports do not contain your workout data. KILO does not embed third-party analytics or advertising SDKs.
How we use information
- Run the app. Local data powers the workouts, charts, streaks, and suggestions you see on your device.
- Keep your devices in sync. If you opt in, account sync makes your history available on each of your signed-in devices.
- Authenticate you. Your email and password (or Sign in with Apple credential) are used solely to sign you in and to let you reset your password.
- Respond to you. If you email support, we use your message to answer you and improve the product.
We do not sell your data. We do not share it with advertisers. We do not use your data to train machine learning models.
Smart suggestions
KILO’s suggestion engine runs on-device. It analyses your own training history together with general best practices about recovery and progressive overload. No training data is sent to external servers to power suggestions.
Third-party services
We use a small number of trusted service providers to deliver cloud features. Each has been chosen for its strong privacy posture:
- Supabase — hosts authentication and account-synced workout data. Data is stored encrypted in transit (TLS) and at rest.
- Apple (iCloud, HealthKit, Sign in with Apple) — Apple’s platform services handle iCloud sync, health data, and Apple sign-in. Their use is governed by Apple’s privacy policy.
Data retention
Locally stored data remains on your device until you delete the app or clear it from within Settings. Account-synced data is retained while your account exists. When you delete your account, synced data is removed from our backend. Backups may persist for a limited period before being purged per standard operational schedules.
Your choices and rights
- Toggle sync. Enable or disable iCloud sync and account sync independently, at any time, from Settings.
- Control health data. Grant or revoke HealthKit permissions from the system Health app.
- Access and export. You can view all your data inside the app. Contact us to request an export of your account-synced data.
- Correct or delete. Edit or remove any entry from within the app. Delete your account from Settings to remove synced data from our servers.
Depending on where you live, you may have additional rights under laws such as GDPR or CCPA, including the right to object to processing or request a copy of your data. Contact us using the address below to exercise those rights.
Security
All traffic between the KILO app and our backend is encrypted in transit with TLS. Passwords are stored only as salted hashes. We regularly review our infrastructure and apply the principle of least privilege to administrative access.
If you suspect unauthorized access to your account, contact us immediately so we can help.
Children’s privacy
KILO is not directed to children under 13 (or the equivalent minimum age in your region). We do not knowingly collect personal information from children. If you believe a child has provided us with information, please contact us and we will delete it.
International users
If you use KILO from outside the country where our servers are located, your information may be transferred to, stored, and processed in another country. We take steps to ensure your data remains protected consistent with this policy.
Changes to this policy
We may update this policy as the product evolves. Material changes will be announced in-app and on this page. The effective date at the top of the policy always reflects the latest version.
Contact us
Questions about this policy or about your data? We’d like to hear from you.