— Privacy policy —

What stays on your phone stays on your phone.

In force since May 2026 v1.2 Last updated: May 18, 2026
·01

Scope and roles

This policy describes how KineSuite handles information in the mobile application (iOS and Android, when available) and on the website kinesuite.app.

Clinical patient data you record in the app is processed by you, as the treating clinician, within your relationship with the patient and the regulations that apply to you. KineSuite provides the software tool; it does not replace your legal obligations as data controller unless applicable law assigns otherwise to the app provider in your country.

For product terms of use (license, liability limits, scales as clinical support), see our Terms of use.

·02

Core principle: no chart on KineSuite servers (Pro v1)

KineSuite is designed offline-first: the library, forms, and scoring work without an internet connection.

In commercial Pro v1, the clinical chart (patients, assessment history, notes, and related metadata) is stored only in SQLite on your device (kinesuite.db, private app storage). KineSuite does not host or replicate that chart on its own servers as part of the Pro subscription.

Legal retention (e.g. multi-year periods and institutional medical records under Chilean Law 20.584) and data residency are your and your facility's responsibility through exports, copies, and the institution's official medical record (EMR). KineSuite does not replace that record.

·03

What data exists by plan

Free tier: you can use the library (core pack 001–100) and complete assessments with on-screen score and flag. No persistent clinical chart or patient history is stored locally. In-progress assessment drafts, when present, are kept in a limited way on the device and are not a Pro clinical record.

Pro tier: in addition to the expanded catalog (101+) and kits per product, you can create patients and save linked results. The template_version field records which scale version was used at save time; it is not an immutable audit log of later edits. Typical fields: name, optional identifier, date of birth, sex, item responses, calculated scores, clinical flag, notes, and assessment dates.

Website: we do not collect patient forms on kinesuite.app. The cookie notice and “notify me” form (roadmap) may store browser preferences (localStorage) without sending clinical data to our servers.

·04

Purpose and legal basis

  • Service delivery: run scales, calculate scores, show referential flags, and on Pro maintain a local chart and generate PDF.
  • Pro subscription: verify purchase status through the app stores (Apple / Google) and, if implemented, an intermediary such as RevenueCat—no mandatory KineSuite cloud account for Pro v1.
  • Improvement and support: respond to emails you send us; diagnose technical failures via error reports (see section ·07).
  • Compliance: legal obligations that apply to the software developer in each market.

As a clinician, you must have the legal basis your country requires to process health data (informed consent, care contract, vital interest, or other), and apply minimization, accuracy, and storage-limitation principles.

·05

Sharing and third parties

We do not sell clinical data or use assessment content for advertising.

Data may leave the device only when you decide or when a third party is required for the service:

  • PDF export (Pro): the report is generated on-device and shared through the channel you choose (email, messaging, Drive, etc.). That destination is under your control.
  • Manual backup (Pro v1): export/import of an encrypted database copy via Share or storage you choose.
  • Automatic backup (Pro roadmap): scheduled encrypted copies to Google Drive, iCloud, or another user-account store, with configurable frequency in a setup wizard. KineSuite does not index or host those files on its servers.
  • App stores: Apple and Google process Pro or kit purchases; they do not receive your clinical chart content from the app through that channel.
  • Website technical providers: static hosting and web fonts when loading this page, without access to your SQLite content.
  • Error reports (app only, production): if the production build includes Sentry configuration, technical exceptions are sent to Functional Software, Inc. (Sentry) in the United States. We do not use usage analytics or clinical flow performance tracing. Attached event data is filtered on-device to exclude names, identifiers, notes, and item values. Without a configured DSN (e.g. development), automatic reporting is disabled.

Future KineSuite cloud sync or B2B / BYO Supabase deployment would be a separate product with an updated policy; not part of Pro v1 at the base price (~USD 1.99/mo reference).

·06

Retention and deletion

On Pro, data remains on the device until you delete it (patient, assessment) or uninstall the app. Uninstallation removes local app storage except copies you saved elsewhere. The app shows warnings when deleting records to remind you to export or back up when appropriate.

Define retention periods required by your law and facility (e.g. clinical records in Chile) and export or back up before deleting. KineSuite cannot recover deleted or uninstalled data.

Support emails are kept as long as needed to handle the request and applicable developer legal obligations.

·07

Security

Indicative product measures (may evolve between versions):

  • Database in private app storage.
  • Android: system auto-backup disabled for app data (allowBackup=false).
  • iOS: kinesuite.db and related files (WAL/SHM) are marked with NSURLIsExcludedFromBackup so they are not included in system iCloud Backup. Deliberate clinical backup is via PDF export or the Pro Drive/iCloud wizard (roadmap).
  • Error reports: production builds with DSN only; no usage telemetry; clinical PII filtered before send (see ·05).
  • Pro v1 roadmap: SQLCipher encryption at rest and encryption of exported backup files; key in device Keychain/Keystore.

Protect your device with a passcode, biometrics, or institutional MDM policies.

·08

Your rights and patient rights

Depending on your jurisdiction (e.g. Law 19.628 in Chile, LGPD, GDPR, HIPAA, or others), patients may have rights of access, rectification, erasure, objection, or portability regarding health data.

As the clinical data controller, you handle those requests using app features and exports you generate. For questions about how the software works: hola@kinesuite.app.

·09

Minors and sensitive data

The app may be used in pediatric contexts under your professional judgment and institutional guidance. You are responsible for validating the therapeutic relationship, representative consent when required, and local age or regulatory restrictions.

Scores and flags (Normal · Caution · Risk) are referential; they are not a diagnosis or automatic treatment indication.

·10

International transfers

KineSuite is offered globally. The clinical chart in Pro v1 is not transferred to KineSuite servers through standard product use. If you export PDFs or backups to services abroad (Google, Apple, etc.), those providers' terms apply, along with your duty to inform the patient when the law requires it.

·11

Changes to this policy

We may update this policy when the product changes (e.g. automatic backup, optional cloud sync, or new subprocessors). Material changes will be published at this URL and, when reasonable, announced in the app or on the site.

·12

Contact

Privacy and product support: hola@kinesuite.app.

Institutional pilots or B2B: clinicas@kinesuite.app.

Factual summary for assistants: llms.txt (does not replace this policy).