Privacy Policy

Kovr (“we”, “our”, or “us”) is operated by based in Queensland, Australia. This policy explains how we collect, use, store, and protect your personal information when you use the Kovr app and website.

By using Kovr, you agree to the practices described in this policy. If you disagree, please do not use the service.

Information we collect

Information you provide directly

• Account details: name, email address, date of birth, sex, body weight, height
• Health goals and training preferences
• Food and nutrition logs entered by voice or text
• Morning check-in data including HRV readings you log manually
• Subscription and billing information (processed by Apple; we do not store card details)

Health data from Apple HealthKit

With your explicit permission, Kovr reads the following data types from Apple HealthKit:

• Heart rate and heart rate variability (HRV)
• Resting heart rate
• Sleep analysis
• Active energy and basal energy
• Workout data (type, duration, distance, heart rate)
• Step count

HealthKit data is used solely to provide coaching features within Kovr. We do not share HealthKit data with third parties, use it for advertising, or sell it under any circumstances. This is a firm commitment, not a policy subject to change.

Usage data

• App interactions and feature usage (via anonymous analytics)
• Device type and iOS version
• Crash reports and error logs

How we use your information

• To provide coaching: Your health data, nutrition logs, and training data are processed to generate session insight cards, the weekly coaching letter, and Ask responses.
• To improve the service: Aggregated, anonymised usage patterns help us improve coaching quality and app performance.
• To communicate with you: Service updates, account information, and (with consent) product announcements via email.
• To process payments: Subscription management via Apple In-App Purchase. We do not process payment card data directly.

AI coaching and data processing

Kovr uses Anthropic’s Claude API to generate coaching responses. When you use Ask or session insight cards, relevant context from your health data and nutrition logs is sent to Anthropic’s servers to generate a response. This data is subject to Anthropic’s privacy policy. We use Anthropic’s API under terms that prohibit them from using your data to train their models.

A deterministic physiology engine processes your health data locally on-device to produce the substrate (training load, HRV baseline, calorie targets) that informs coaching responses. Raw health metrics are not stored on our servers beyond what is necessary to provide the service.

Data retention

• Active account data is retained for the duration of your subscription plus 90 days
• After account deletion, personal data is removed within 30 days
• HealthKit data is never stored on Kovr servers — it is read on-device and used transiently
• Coaching history (Ask conversations) is stored locally on your device and in your iCloud backup if enabled

Data sharing

We do not sell your personal data. We share data only with:

• Anthropic: Coaching context for AI response generation (see above)
• Apple: In-App Purchase processing and App Store analytics
• Cloudflare: Website hosting and DNS (kovrapp.com)
• Legal authorities: When required by law or to protect our rights

Your rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your account and associated data
• Withdraw consent for data processing at any time
• Data portability (export of your data in a readable format)

To exercise any of these rights, contact us at [email protected].

Children’s privacy

Kovr is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us immediately.

International transfers

We are based in Australia. Your data may be processed by Anthropic (United States) and Apple (United States) as described above. These transfers occur under standard contractual clauses and applicable privacy frameworks.

Security

We implement industry-standard security measures including HTTPS encryption, secure API authentication, and access controls. No method of transmission over the internet is 100% secure — we cannot guarantee absolute security but we take reasonable precautions to protect your data.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or in-app notification. Continued use of Kovr after changes constitutes acceptance of the updated policy.

Contact

For privacy-related enquiries: [email protected]