Scope and roles
This policy describes how KineSuite handles information in the mobile application (iOS and Android, when available) and on the website kinesuite.app. The product is offered internationally; you must comply with data-protection and health-privacy rules that apply where you practice and, where relevant, where the patient resides.
Clinical patient data you record in the app is processed by you, as the treating clinician, within your relationship with the patient and the regulations that apply to you. KineSuite provides the software tool; it does not replace your legal obligations as data controller unless applicable law assigns otherwise to the app provider in your country.
Mobile app vs website: the application does not use cookies or visit analytics. On kinesuite.app we store browser preferences and the hosting or CDN provider may log aggregated visit statistics (provider dashboard, no ad scripts on the page). Google Play app Data safety declarations are separate from this website policy.
For product terms of use (license, liability limits, regulatory nature of the app), see our Terms of use.
Core principle: no chart on KineSuite servers (Pro v1)
KineSuite is designed offline-first: the library, forms, and scoring work without an internet connection.
In commercial Pro v1, the clinical chart (patients, assessment history, notes, and related metadata) is stored only in SQLite on your device (kinesuite.db, private app storage). KineSuite does not host or replicate that chart on its own servers as part of the Pro subscription.
Legal retention periods, your institution's official medical record (EMR/EHR or local equivalent), and data residency are your and your facility's responsibility through exports, copies, and the record-keeping systems required by your regulations. KineSuite does not replace that institutional record.
What data exists by plan
Free tier: you can use the library (core pack 001–100) and complete assessments with on-screen score and flag. No persistent clinical chart or patient history is stored locally. In-progress assessment drafts, when present, are kept in a limited way on the device and are not a Pro clinical record.
Pro tier: in addition to the expanded catalog (101+) and kits per product, you can create patients and save linked results. The template_version field records which scale version was used at save time; it is not an immutable audit log of later edits. Typical fields: name, optional identifier, date of birth, sex, item responses, calculated scores, clinical flag, notes, and assessment dates.
Website (kinesuite.app)
There are no patient forms or clinical data on the site.
- Browser preferences (language, theme, cookie notice) in
localStorage. - Visit statistics (hosting/CDN): when serving pages, the hosting or CDN provider (e.g. analytics in its dashboard) may process aggregated technical data: requested URL, referrer, device/browser type, approximate country from IP, date and time. It does not include app content or clinical records. We do not use Google Analytics or advertising cookies on the landing.
- “Notify me” form (roadmap): when available, it will be described separately; it does not replace store registration today.
Purpose and legal basis
- Service delivery: run scales, calculate scores, show referential flags, and on Pro maintain a local chart and generate PDF.
- Pro subscription: verify purchase status through the app stores (Apple / Google) and RevenueCat as a validation intermediary—no mandatory KineSuite cloud account.
- Improvement and support (app): respond to enquiries you initiate by email or other channels (e.g. a store review). The mobile app does not send usage analytics or automatic crash reports to our servers or third-party diagnostics providers.
- Site statistics (website only): measure aggregated visits in the hosting/CDN provider dashboard to improve content and detect landing issues.
- Compliance: legal obligations that apply to the software developer in each market.
As a clinician, you must have the legal basis your country requires to process health data (informed consent, care contract, vital interest, or other), and apply minimization, accuracy, and storage-limitation principles.
Sharing and third parties
We do not sell clinical data or use assessment content for advertising.
Data may leave the device only when you decide or when a third party is required for the service:
- PDF export (Pro): the report is generated on-device and shared through the channel you choose (email, messaging, Drive, etc.). That destination is under your control.
- Manual backup (Pro v1): export/import of an encrypted database copy via Share or storage you choose.
- Automatic backup (Pro roadmap): scheduled encrypted copies to Google Drive, iCloud, or another user-account store, with configurable frequency in a setup wizard. KineSuite does not index or host those files on its servers.
- App stores: Apple and Google process Pro or kit purchases; they do not receive your clinical chart content from the app through that channel.
- RevenueCat (Pro subscription / kits): validates purchase status with store and device identifiers per its privacy policy; it does not receive charts or assessment results.
- Catalog CDN (app, Pro or kits): the app may download additional scale templates over HTTPS (instrument metadata and items, no patient data) from KineSuite distribution infrastructure. Downloads start only after the app verifies the matching entitlement (Pro or purchased kit). The CDN does not store clinical records.
- Website technical providers: static hosting, CDN, web fonts (Google Fonts), and the provider that supplies visit statistics in its dashboard — without access to your app SQLite.
- Voluntary technical support (app): if you email support or share a technical support file generated on your device (no clinical content), you do so under your control—like a PDF. Please do not include patient names, national IDs, notes, or assessment results in those messages.
There is no KineSuite cloud sync in the product plan: clinical data stays on your device and in backups you choose (PDF, Drive/iCloud when available in Pro).
Retention and deletion
On Pro, data remains on the device until you delete it (patient, assessment) or uninstall the app. Uninstallation removes local app storage except copies you saved elsewhere. The app shows warnings when deleting records to remind you to export or back up when appropriate.
Define retention periods required by your country's law and your facility, and export or back up before deleting. KineSuite cannot recover deleted or uninstalled data.
Support emails are kept as long as needed to handle the request and applicable developer legal obligations.
Aggregated hosting/CDN metrics are retained per that provider's policy.
Security
Indicative product measures (may evolve between versions):
- Database in private app storage.
- Android: system auto-backup disabled for app data (
allowBackup=false). - iOS:
kinesuite.dband related files (WAL/SHM) are marked withNSURLIsExcludedFromBackupso they are not included in system iCloud Backup. Deliberate clinical backup is via PDF export or the Pro Drive/iCloud wizard (roadmap). - In-app telemetry: no automatic crash reporting or usage analytics; no ad tracking or persistent identifiers to measure your clinical activity (see ·05).
- Pro v1 roadmap: SQLCipher encryption at rest and encryption of exported backup files; key in device Keychain/Keystore.
Protect your device with a passcode, biometrics, or institutional MDM policies.
Your rights and patient rights
Depending on your jurisdiction (e.g. GDPR in the EU/UK, LGPD in Brazil, HIPAA in the US, PIPEDA in Canada, local health-privacy laws, or others), patients may have rights of access, rectification, erasure, objection, portability, or restriction of processing regarding health data.
As the clinical data controller, you handle those requests using app features and exports you generate. For questions about how the software works: hello@kinesuite.app.
Minors and sensitive data
The app may be used in pediatric contexts under your professional judgment and institutional guidance. You are responsible for validating the therapeutic relationship, representative consent when required, and local age or regulatory restrictions.
Scores and flags (Normal · Caution · Risk) are referential; they are not a diagnosis or automatic treatment indication.
International transfers
KineSuite is offered globally. The clinical chart in Pro v1 is not transferred to KineSuite servers through standard product use. If you export PDFs or backups to services abroad (Google, Apple, etc.), those providers' terms apply, along with your duty to inform the patient when the law requires it.
Changes to this policy
We may update this policy when the product changes (e.g. automatic backup, optional cloud sync, or new subprocessors). Material changes will be published at this URL and, when reasonable, announced in the app or on the site.
Contact
Privacy and product support: hello@kinesuite.app. Technical support from the app: soporte@kinesuite.app.
Institutional pilots or B2B: clinics@kinesuite.app.
Factual summary for assistants: llms.txt (does not replace this policy).