This Privacy Policy explains how KAIROX Method ("Kairox," "we," "us") collects, uses, stores, and protects your personal information when you use our coaching platform. We take your privacy seriously, especially because some of the data you share with us is health-related and therefore sensitive.
If you have any question about this policy or want to exercise your rights, contact us at admin@kairox.co.
1. Who is responsible for your data
The data controller is KAIROX LLC, a Wyoming limited liability company, operated by Allison Fabbri. You can reach us at the email address above for any privacy-related request.
2. What data we collect
- Account data: email address, name, password (stored hashed).
- Profile and health data: age, gender, height, weight, body measurements, fitness goals, dietary restrictions, allergies, injuries, sleep quality, stress level, available training days, equipment access, training level, activity level.
- Activity data: workouts logged, food entries, mood logs, daily check-ins, habit completions, progress photos, journal entries.
- Communications: messages exchanged with your coach, support requests.
- Payment data: handled directly by Stripe. We store your subscription status, plan, and a Stripe customer reference, we never see or store your card details.
- Technical data: IP address, browser type, device type, pages visited, error reports (Sentry). When an error happens, Sentry may briefly record up to 60 seconds of your prior session for debugging; we mask all text and media in those recordings.
3. Why we collect it (legal basis)
- To provide the service (performance of contract): account creation, coaching delivery, billing, messaging.
- Health data (explicit consent, GDPR Art. 9): we process information about your body, training, nutrition, and mood only because you have voluntarily shared it for the purpose of receiving coaching. You can withdraw consent at any time by deleting your account.
- Platform security and improvement (legitimate interest): error monitoring, fraud prevention, analytics on aggregate usage.
- Legal obligations: retention of billing records as required by accounting and tax law.
4. Who we share data with
We do not sell your personal information. We share data only with the service providers below, who act as data processors on our behalf and are contractually required to protect it:
- Supabase, database hosting and authentication.
- Vercel, application hosting and content delivery.
- Stripe, payment processing.
- Sentry, error monitoring and crash reporting.
- Edamam, nutrition database lookups (food search only; we send food queries, not your identity).
- AI providers (OpenAI / Anthropic), when you generate AI-suggested workouts or meal plans, your relevant profile inputs are sent to the AI provider to generate the suggestion. These are not used to train their models for other customers.
- Your coach (Allison Fabbri), the primary recipient of your health, training, and nutrition data, since the entire purpose of the platform is for your coach to support you.
5. International transfers
Some of our service providers (Supabase, Vercel, Stripe, Sentry) are based in or transfer data to the United States. We rely on the Standard Contractual Clauses (SCCs) approved by the European Commission to cover those transfers and ensure equivalent protection.
6. How long we keep your data
- Account and activity data: as long as your account is active.
- After account deletion: removed from our active systems within 30 days. Backups may retain it for up to 90 days before being overwritten.
- Billing records: retained for the period required by applicable tax and accounting law (typically up to 10 years).
7. Your rights
Under the GDPR and similar laws, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Request deletion ("right to be forgotten").
- Restrict or object to certain processing.
- Receive a copy of your data in a portable format.
- Withdraw consent at any time (without affecting prior lawful processing).
- Lodge a complaint with your local data protection supervisory authority.
To exercise any of these rights, email us at admin@kairox.co. We will respond within 30 days.
8. Cookies and similar technologies
We use only strictly necessary cookies: authentication tokens (Supabase) and a timezone preference cookie so the app displays dates correctly. We do not use advertising, tracking, or analytics cookies. The cookie consent banner shown on your first visit confirms your acknowledgement of these cookies.
9. Children
The service is not directed to children under 16. We do not knowingly collect data from anyone under 16. If you believe a minor has provided us with personal data, contact us and we will delete it.
10. Security
We use HTTPS/TLS for all data in transit and rely on industry-standard encryption at rest from our hosting providers. Database access is restricted by row-level security policies that ensure each user can read only their own data. We continuously monitor for security incidents and will notify affected users without undue delay if a breach affecting their personal data occurs.
11. Changes to this policy
We may update this policy from time to time. We will publish the updated version on this page with a new "Last updated" date. For material changes, we will notify you by email or via an in-app notice before the change takes effect.
12. Contact
Email: admin@kairox.co
For questions specifically about your coaching relationship, you may also message your coach directly in the app.