Legal
Privacy Policy
Last updated: June 22, 2026 · Applies to the BiokinetIQ mobile app and BiokinetIQ Studio
1. Who we are
BiokinetIQ is operated by Cyrille Lecroq, based in France. Contact: contact@biokinetiq.tech.
The BiokinetIQ app is a digital sports preparation assistant that analyses movement in real time using your device's camera to help you improve and track your training sessions.
2. Data we collect
We collect the following categories of data:
- Account data — Name, email address, hashed password, role (athlete or coach). Collected at registration or via Google Sign-In and Apple.
- Biometric & movement data — Skeleton keypoints produced by ML Kit / Vision on-device pose analysis. These are processed locally on your device and never transmitted raw — only scores, progression metrics and aggregated results are sent to our servers.
- Health data (optional) — If you grant permission, the app writes exercise sessions to Apple HealthKit (iOS) or Google Health Connect (Android). We do not read any other health data.
- Session data — Sport practised, duration, score, motion blocks, post-session feedback. Linked to your account.
- Progression data — Attempt history, XP level, adaptive learning profile.
- Session videos (optional) — During each session, the app may record a video of your practice locally on your device. If you request a share clip, that video is sent to our Railway servers where a worker generates the highlight reel. The raw video is deleted from our servers as soon as the clip is ready (max 24 h). The generated clip remains available until you request its deletion.
- Technical data — Error logs, app version, device type. Never linked to your identity.
3. Purposes and legal bases (GDPR)
| Purpose | Legal basis |
|---|---|
| Providing the service (movement analysis, adaptive coaching) | Performance of contract |
| Google OAuth authentication | Performance of contract + Consent (third-party login) |
| Apple authentication | Performance of contract + Consent (third-party login) |
| Writing to HealthKit / Health Connect | Explicit consent (system permission) |
| Improving recommendation algorithms | Legitimate interest (aggregated, anonymised data) |
| User support | Legitimate interest |
| Legal obligations (accounting, GDPR) | Legal obligation |
4. Google Sign-In
If you choose to sign in with Google, we receive an ID token from Google that lets us verify your identity. We do not access your Google account, emails, contacts or any other Google data. Only your name and Google email address are retrieved to create or link your BiokinetIQ account.
Google may process data as part of this sign-in flow in accordance with its own Privacy Policy.
5. Sign in with Apple
If you choose to sign in with Apple, we receive an identity token that lets us verify your identity. Apple may provide your name on the first sign-in and an email address, which can be a private relay address if you choose to hide your email. We never access your Apple Account, emails, contacts, or Apple password.
Apple may process data as part of this sign-in flow in accordance with its own Privacy Policy.
6. Camera and pose analysis
Camera access is required for the app to function. Movement analysis runs in real time, entirely on-device, using ML Kit Pose Detection (Android) or Vision / CoreML (iOS).
Video frames are not stored during analysis. Only keypoints (coordinates of 33 body landmarks) are processed to compute your scores and metrics. These keypoints do not constitute biometric data capable of identifying you.
7. Sub-processors and transfers
We use the following service providers:
- Railway (API hosting) — European Union — AWS eu-west-1 servers
- Google Cloud (ML Kit, Sign-In) — Google token processing — see Google's policy
- Apple — Apple token processing — see Apple's policy
- Apple HealthKit — Data stored locally on the iOS device only
- Google Health Connect — Data stored locally on the Android device only
We never sell personal data to third parties.
8. Retention periods
- Account data — For the lifetime of the account, then deleted within 30 days of a deletion request
- Session & progression data — Retained during active use + 12 months
- Raw videos (clips) — Deleted after processing (max 24 h)
- Technical logs — Rolling 30 days
9. Your rights (GDPR)
You have the following rights over your personal data:
- Right of access — obtain a copy of your data
- Right of rectification — correct inaccurate data
- Right to erasure — delete your account and data
- Right to portability — receive your data in a structured format
- Right to object — object to certain processing activities
- Right to withdraw consent — at any time for HealthKit / Health Connect
To exercise these rights, contact us at contact@biokinetiq.tech. You may also lodge a complaint with your national data protection authority (in France: the CNIL).
10. Security
Your data is transmitted over HTTPS (TLS 1.3). Passwords are hashed with bcrypt. Database access is restricted to our internal servers. We perform regular backups and security audits of our infrastructure.
11. Minors
BiokinetIQ is intended for users aged 16 and over (or 13 with parental consent, depending on local legislation). We do not knowingly collect data from children under 13.
12. Changes to this policy
We may update this policy from time to time. For material changes, we will notify you via the app or by email. The last updated date is shown at the top of this page.
BiokinetIQ · contact@biokinetiq.tech · biokinetiq.tech