Privacy Policy
Effective date: February 2026
Wolstapp ("we", "us", "our") operates the Kiln mobile application ("Kiln", "the App"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use Kiln.
By using Kiln, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the App.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address — provided by your Google or Apple account during sign-in
- User identifier — a unique ID generated by our authentication system
- Display name — optionally provided by your sign-in provider
1.2 Fitness and Health Data
When you use the App, you may voluntarily provide:
- Workout data — exercises performed, sets, repetitions, weights lifted, workout duration, and perceived exertion ratings
- Training programs — program names, phases, schedules, and workout templates you create
- Body measurements — body weight, body fat percentage, and circumference measurements (chest, waist, hips, arms, thighs)
All fitness and health data is user-generated and voluntarily entered. Kiln does not access your device's health sensors, Apple Health, Google Fit, or any other health data source.
1.3 Technical Data
We automatically collect limited technical data necessary for the App to function:
- Sync metadata — timestamps and status of data synchronisation between your device and our servers
- App version — to deliver over-the-air updates
We do not collect device identifiers, IP addresses for tracking purposes, location data, or browsing history.
2. How We Use Your Information
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Provide and maintain the App | Account info, fitness data | Performance of contract |
| Authenticate your identity | Email, user ID | Performance of contract |
| Sync data across your devices | All user data | Performance of contract |
| Deliver app updates | App version, technical data | Legitimate interest |
We do not use your data for:
- Advertising or marketing
- Profiling or automated decision-making
- Sale to third parties
- Training artificial intelligence models
3. Data Storage and Security
Your data is stored in two locations:
- On your device — Kiln uses a local SQLite database so the App works fully offline
- In the cloud — when connected, data syncs to our backend servers for backup and multi-device access
We use the following third-party services to operate Kiln:
| Service | Purpose | Data Processed |
|---|---|---|
| Supabase (supabase.com) | Authentication and database | Account info, all user data |
| PowerSync (powersync.com) | Offline-to-cloud data synchronisation | All user data (encrypted in transit) |
| Expo (expo.dev) | App delivery and over-the-air updates | App version metadata |
All data is encrypted in transit using TLS/HTTPS. Data at rest is stored on Supabase's infrastructure, which uses encryption at rest on managed PostgreSQL databases.
4. Data Isolation
Each user's data is isolated using row-level security policies. You can only access your own workouts, programs, measurements, and templates. No user can view, modify, or access another user's data.
5. Data Retention
We retain your data for as long as your account is active. When you delete your account:
- All data is permanently removed from our servers immediately
- Local data on your device is cleared
- This action is irreversible
6. Your Rights
6.1 All Users
You have the right to:
- Access your data — all your data is visible within the App at all times
- Delete your account and all associated data — available in Settings > Delete Account
- Export your data — contact us at the address below
6.2 European Economic Area (GDPR)
If you are located in the EEA, you additionally have the right to:
- Request rectification of inaccurate personal data
- Request restriction of processing
- Object to processing based on legitimate interest
- Data portability — receive your data in a structured, machine-readable format
- Lodge a complaint with your local data protection authority
6.3 California (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used
- Request deletion of your personal information
- Opt out of the sale of personal information — we do not sell your data
- Non-discrimination for exercising your privacy rights
7. Children's Privacy
Kiln is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy.
9. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Email: privacy@wolstapp.com