KONA - Privacy Policy

Last updated: 2 December 2025

This Privacy Policy explains how KONA (“KONA”, “we”, “us”, “our”) collects, uses, and protects your personal data when you use our mobile app and website, including any integrations with third-party services such as Garmin Connect, Apple Health, and Google Fit / Health Connect.

We are committed to protecting your privacy and handling your data in a transparent and secure way.

1. Data Controller & Contact

The data controller responsible for processing your personal data is:

Name: Niklas Seibold

Business form: Einzelunternehmer

Location: Hohenzollernstrasse 23, 80801, Munich, Germany

Email: support@trainkona.com

If you have any questions about this Privacy Policy or how we handle your data, you can contact us at any time via email.

2. What Data We Collect

We only collect data that is necessary to provide and improve KONA. Depending on how you use the app, we may process the following categories of data:

2.1 Account & Identification Data

Name (first and last name)

Email address

Password (hashed and not visible to us)

Authentication provider information (e.g. “Sign in with Apple”, Google login)

Internal user IDs (e.g. Firebase user ID, KONA app user ID, RevenueCat ID)

2.2 Profile & Training Setup Data

To create your training plan and personalize the experience, we process:

Age

Sex

Current fitness level (self-reported)

Training experience (e.g. beginner, intermediate, advanced)

Race goals and target events (distance, date, goal time, etc.)

Weekly time availability for training

Sport preferences (e.g. preferred training days, focus areas)

2.3 Training & Usage Data

When you use KONA for training, we may process:

Planned training sessions (sport, duration, intensity, description)

Completed sessions (distance, duration, pace, perceived effort, RPE)

Progress statistics (e.g. number of completed sessions, training load trends)

In-app surveys after training (e.g. “How did the session feel?”, fatigue, soreness)

Coach tips and recommendations generated for you

Adjustments you make in your training plan (moving sessions, skipping, etc.)

2.4 Wearable & Health Data (Garmin / Apple Health / Google Fit)

If you connect KONA to Garmin Connect, Apple Health, or Google Fit / Health Connect, and explicitly grant permission, we may receive:

Activity and workout data (e.g. runs, rides, swims, triathlon sessions)

Metrics such as:

Distance, pace, speed

Duration

Heart rate data (e.g. average HR, max HR, HR zones)

Elevation

Training load / performance-related metrics (if provided by the service)

Sleep duration and basic sleep stages (if you explicitly allow sharing sleep data)

Other fitness metrics that you choose to share via your wearable platform

We use this data to:

Analyse how your training is going

Adjust training recommendations (where applicable)

Display your activities and progress in KONA

We do not use this data to show ads, nor do we sell it to third parties.

Sending data back to Garmin / other services:

In the future, KONA may support sending planned workouts/sessions to your watch or wearable platform (e.g. exporting structured workouts to Garmin). If this is enabled:

We only send the minimum data needed to create the workout on your device (e.g. workout structure, duration, intensity).

We do not send your full profile or any unrelated personal data back to Garmin or others.

You can disconnect KONA from Garmin / Apple Health / Google Fit at any time in their respective settings.

2.5 Device & Technical Data

We may collect certain technical data to keep the app running smoothly and improve performance, such as:

Device model and operating system

App version

IP address (short-term, for security and diagnostics)

Crash logs and performance metrics

General interaction data (e.g. which screens are used, feature usage)

2.6 Payment & Subscription Data

KONA uses external payment platforms (e.g. Apple App Store, Google Play, integrated via RevenueCat) to manage subscriptions:

We do not see or store your full credit card or payment details.

We may receive:

Information about your active subscription (monthly, yearly, lifetime)

Subscription status (active, canceled, trial, etc.)

Trial start and end dates

A limited transaction or purchase identifier

We use this data to determine whether you have access to KONA Pro features.

2.7 Communication & Support Data

If you contact us (e.g. via email or in-app support):

Email address

Content of your request

Technical context (if relevant to the issue)

We use this to respond to you and improve our service.

3. How We Use Your Data (Purposes & Legal Bases)

We process your data for the following purposes and on these legal bases under GDPR:

3.1 Providing the App & Core Functionality

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)

Creating and managing your user account

Generating and updating your training plan

Displaying and tracking training sessions and progress

Syncing with Garmin / Apple Health / Google Fit, if you choose to connect

Managing your KONA Pro subscription and entitlements

3.2 Integrations with Garmin, Apple Health, Google Fit

Legal basis: Your consent (Art. 6(1)(a) GDPR)

Importing activities, heart rate, sleep, and other metrics you explicitly allow

Adjusting training recommendations based on your wearable data

(Optional) Sending structured workouts from KONA to your device/platform

You can revoke this consent at any time by:

Disconnecting KONA within Garmin / Apple Health / Google Fit settings, and/or

Disabling the connection in KONA (if applicable)

3.3 Improving KONA & Product Development

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Analysing anonymised or pseudonymised usage patterns

Improving training logic, user experience, and performance

Fixing bugs and preventing crashes

We ensure that these interests do not override your fundamental rights and freedoms. Data used for this is, where possible, aggregated or pseudonymised.

3.4 Communication & Support

Legal basis: Performance of a contract & legitimate interests

Responding to your support requests

Informing you about important changes (e.g. app updates, terms changes, critical technical issues)

3.5 Legal Obligations

Legal basis: Compliance with legal obligations (Art. 6(1)(c) GDPR)

Accounting and tax obligations (for paid subscriptions)

Responding to lawful requests from authorities, if required by law

3.6 Marketing Communication (Optional)

Legal basis: Consent (Art. 6(1)(a) GDPR)

If you explicitly subscribe to a newsletter or similar, we may use your email to:

Send updates about KONA

Inform you about new features, offers, or content

You can unsubscribe at any time via the link in the email or by contacting us.

4. How We Share Your Data

We do not sell your personal data.

We may share your data with the following categories of recipients, always under appropriate data protection agreements:

4.1 Service Providers (Processors)

Hosting & Backend Providers (e.g. database, server, cloud infrastructure)

Authentication & User Management (e.g. Firebase Authentication)

Subscription & Billing Management (e.g. RevenueCat)

Analytics & Crash Reporting (if implemented; anonymised or pseudonymised where possible)

Email & Support Tools (for support and transactional emails)

These providers act on our instructions and are bound by data processing agreements.

4.2 Platform Providers

Apple (if you use Sign in with Apple or purchase via App Store)

Google (if you use Google login or Google Play)

Garmin (if you connect KONA to Garmin Connect; via their API)

Apple Health / Google Fit (if you connect and grant permissions)

These are independent controllers for their own services. Their privacy policies apply in addition to ours.

4.3 Legal & Compliance

We may disclose data if necessary:

To comply with applicable laws or legal processes

To respond to valid requests from public authorities

To protect our rights, property, or safety, or those of our users

5. International Data Transfers

KONA may use service providers located outside the European Union (EU) or European Economic Area (EEA), such as the United States.

Where this occurs, we will ensure that appropriate safeguards are in place, for example:

Standard Contractual Clauses (SCCs) approved by the European Commission

Equivalent mechanisms ensuring an adequate level of data protection

You can contact us for more information about these safeguards.

6. Data Retention

We keep your personal data only as long as necessary for the purposes described in this policy, in particular:

Account data: As long as you have an active KONA account

Training & wearable data: As long as your account is active, or until you delete it or request erasure

Subscription data: For the duration required by tax and accounting laws (typically up to 10 years in Germany)

Support communication: As long as needed to handle your request and for a reasonable documentation period

If you request deletion of your account, we will:

Delete or anonymise your personal data, unless we are legally required to retain certain information (e.g. invoices, accounting records)

7. Data Security

We take appropriate technical and organisational measures to protect your data, including:

Encrypted transport (HTTPS)

Secure storage and access controls

Restricting access to personal data to those who need it

Regular updates and security patches for our systems

However, no system can be 100% secure. We strive to protect your data but cannot guarantee absolute security.

8. Your Rights Under GDPR

If you are in the EU/EEA, you have the following rights with respect to your personal data:

Right of access – You can request information about what data we store about you.

Right to rectification – You can request correction of inaccurate or incomplete data.

Right to erasure – You can request deletion of your data, where legally permissible.

Right to restriction of processing – You can request that we limit how we process your data.

Right to data portability – You can request your data in a structured, commonly used format.

Right to object – You can object to processing based on legitimate interests at any time, for reasons relating to your particular situation.

Right to withdraw consent – If processing is based on consent (e.g. Garmin / Apple Health integration, newsletter), you can withdraw it at any time with effect for the future.

To exercise your rights, please contact us at: support@trainkona.com

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence or place of work. In Germany, one example is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

9. Children

KONA is not intended for individuals under the age of 18.

We do not knowingly collect or process personal data from anyone under 18 years old.

If we become aware that we have inadvertently collected such data, we will delete it promptly.

If you believe that a minor under 18 has provided us with personal data, please contact us at support@trainkona.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in:

Our app and features

Legal requirements

Third-party integrations (e.g. Garmin, Apple, Google)

When we make significant changes, we will:

Update the “Last updated” date at the top

Inform you within the app and/or by email, where appropriate

The current version of the policy will always be available at:

https://trainkona.com/privacy-policy

11. Contact

If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, you can contact:

Data Controller:

Niklas Seibold

Munich, Germany

Email: support@trainkona.com

We will do our best to respond promptly and help you exercise your rights.

© 2025. All rights reserved.

LEGAL

PRIVACY POLICY

IMPRINT

TERMS OF SERVICE