This Privacy Policy ("Policy") explains how Kahunas FZE ("Kahunas," "we," "us," or "our") collects, uses, shares, and protects personal information through our websites, mobile and desktop applications, and services (collectively, the "Services"). Kahunas is a company incorporated in the United Arab Emirates, with its registered office at Coworking Business Centre, Sharjah Publishing City Free Zone, Sharjah, United Arab Emirates.
We are committed to protecting your privacy and ensuring transparency. This Policy applies to all individuals who interact with our Services, including coaches, clients, and site visitors.
For all privacy-related inquiries, data subject requests, or GDPR matters:
Email: support@kahunas.io
Postal: Kahunas FZE, Customer Support - Data Protection, Coworking Business Centre, Sharjah Publishing City Free Zone, Sharjah, UAE
Kahunas operates under different roles depending on how our Services are used:
Data Processor: When coaches or trainers use our platform to manage and process personal data of their own clients (e.g., fitness tracking, coaching notes), Kahunas acts as a data processor on behalf of the coach (data controller). We maintain strict sub-processor agreements and ensure coaches have appropriate legal grounds for data processing.
Data Controller: When we collect and process personal data for our own purposes—such as managing user accounts, analyzing platform usage, sending marketing communications, or enhancing our services—Kahunas acts as a data controller.
Coaches are responsible for ensuring they have appropriate legal grounds and disclosures when using our platform with their clients. We provide guidance and tools to support compliance.
Depending on your jurisdiction, you may have the right to:
Access your personal data
Correct inaccurate or incomplete data
Request deletion of your data
Restrict or object to processing
Withdraw consent
Data portability
Lodge a complaint with a supervisory authority
Rights related to automated decision-making and profiling
Right to opt out of AI training and model development
Right to information about AI processing of your data
Chat History and Shared Communications: When processing data access requests that include chat history or shared communications, we provide your complete messages and conversation metadata while redacting other participants' messages to protect their privacy rights in accordance with data protection laws.
To exercise any of these rights, contact us at support@kahunas.io.
Log data (IP address, browser, pages visited, time spent)
Device data (OS, model, identifiers)
Location data (with user consent)
Usage behavior
Cookies and analytics data
Contact details (name, email, phone)
Profile data (username, preferences)
Payment information (via Stripe)
Support messages
Uploaded files (images, audio, documents)
Chat messages and communications between clients and coaches (GetStream integrations)
Video content and preferences (YouTube, Vimeo integrations)
With your explicit consent, we may collect:
Cardiovascular metrics (heart rate, VO2 max, BP)
Physical activity (steps, calories, workouts)
Body composition (weight, BMI, body fat)
Sleep data (duration, stages, quality)
Nutrition (intake, macros, hydration)
Biomarkers (glucose, SpO2, temperature)
Heart Rate Variability (HRV) and cardiovascular recovery metrics
Blood pressure measurements (systolic and diastolic)
Detailed sleep analysis (deep sleep stages, REM sleep, light sleep phases, sleep consistency)
Body composition metrics (body fat percentage, lean body mass, bone mass, body water mass)
Basal and standard body temperature measurements
Blood glucose levels and metabolic indicators
Respiratory metrics (breathing rate, breaths per minute)
Physical recovery and readiness indicators
Activity intensity and active minutes tracking
Consent can be granted or withdrawn at any time for specific categories.
With your permission, we may collect data from:
Health platforms: Health platforms: Apple Health, Google Fit, Health Connect SDK (Android's unified health platform)
Video platforms: YouTube, Vimeo (viewing preferences, workout video interactions)
Fitness tracking devices and apps (steps, workouts, heart rate, sleep data)
Other health and fitness applications you choose to connect
We only access third-party data you explicitly authorize, and you can revoke these connections at any time through your account settings.
We adhere to data minimization principles, collecting only the information necessary to provide our Services effectively.
We use personal data to:
Provide and improve our Services
Create and manage user accounts
Process payments
Respond to support inquiries
Send administrative messages
Deliver personalized content and recommendations
Facilitate secure communication between coaches and clients
Deliver and track video content and workout materials
Sync health and fitness data from connected apps and devices
Conduct analytics and platform optimization
Ensure legal compliance and security
Communicate with you (e.g., feedback requests, updates)
Conduct marketing (with opt-out)
Protect individual vital interests
Enhance our AI features and services, including training and refining algorithms to improve coaching recommendations, insights, and user experiences
Generate personalized health and wellness scores by algorithmically analyzing your health data to provide insights into:
- Sleep Score (based on sleep duration, deep sleep phases, and REM sleep quality)
- Stress Score (derived from heart rate variability, resting heart rate, and blood pressure)
- Anxiety Score (combination of stress indicators and sleep quality metrics)
- Readiness Score (sleep quality, HRV, and activity levels for training preparation)
- Wellbeing Score (daily steps, sleep patterns, and cardiovascular health indicators)
These scores use established health metrics and ranges (0-100 scale) to help you and your coach understand your health trends and optimize your wellness program.
We may use properly anonymized personal data to train artificial intelligence models that power our Services, including coaching recommendations and insights. For health data or any special category data, we will always obtain explicit consent before any AI training use. True anonymization means data cannot be re-identified and is no longer considered personal data under applicable privacy laws. You can opt out of AI training entirely at any time via your account settings or by contacting support@kahunas.io.
Under GDPR, UK GDPR, and other laws, our processing is based on:
Contract performance
Explicit consent (for special category data, including any AI training use of health data)
Legitimate interests (analytics, security, marketing, AI training with properly anonymized non-health data)
Legal obligation (e.g., financial recordkeeping)
Vital interests (emergencies)
We may share your data with:
Coaches (if you're a client working with a coach)
Essential service providers under strict data processing agreements:
Stripe (payment processing)
AWS (hosting and infrastructure)
SendGrid (messaging and communications)
GetStream (secure coach-client chat and messaging platform)
BunnyCDN (content delivery)
YouTube, Vimeo (video content delivery)
Apple Health, Google Fit (health data synchronization)
Legal or regulatory authorities (if required)
Successor entities (e.g., mergers or acquisitions)
Third-party integrations (with your explicit consent)
We maintain a register of all sub-processors and ensure they meet our data protection standards. We do not sell personal data for cross-contextual advertising.
Our Services are not directed to children under the age of 13 (or the age of majority in your jurisdiction). We do not knowingly collect personal data from children. If we become aware of such data, we will delete it within 30 days.
Account data: Active + 3 years
Health data: 3 years or until consent is withdrawn
Payment data: 7 years (financial compliance)
Chat messages and communications: 3 years or until account deletion
Logs: 12 months
Support messages: 3 years
Marketing preferences: 2 years after opt-out
Backup data: Maintained according to our disaster recovery procedures and deleted in line with primary data retention schedules
You may request earlier deletion where permissible.
We use cookies and similar technologies:
Essential cookies (platform functionality)
Analytics cookies (usage insights)
Marketing cookies (requires consent)
You can manage preferences via your browser or our consent banner.
We process data globally to provide our Services, including in the United Kingdom, European Union, United Arab Emirates, and United States. We ensure adequate protection through:
For UK Processing: We comply with UK GDPR and process data in accordance with UK data protection laws.
For EU Processing: We rely on European Commission adequacy decisions where available and Standard Contractual Clauses (SCCs) where required.
For UAE Processing: We operate under UAE data protection laws and implement appropriate safeguards.
For US Processing: We use Standard Contractual Clauses and ensure service providers meet equivalent protection standards.
For Other Countries: We assess adequacy and implement appropriate safeguards, including adequacy decisions, SCCs, or explicit consent where required.
We implement comprehensive safeguards:
Encryption (data in transit and at rest using industry-standard protocols)
Role-based access controls
Regular security audits and vulnerability scans
Staff training and background checks
Secure backup and disaster recovery procedures
Incident response protocols
While we implement robust security measures, no method is 100% secure. We continuously monitor and improve our security posture.
We do not make decisions based solely on automated processing that have legal or significant effects on you. Where we use automated systems for personalization, recommendations, or AI-powered features, you can:
Request human review of automated decisions
Understand the logic involved in AI processing
Contest or request reconsideration
Opt out of AI training and model development
Access information about how AI models process your data
AI Training and Model Development: We use AI and machine learning to enhance our Services. This includes:
Improving coaching recommendations and insights
Personalizing user experiences
Developing new features and capabilities
For AI training purposes:
We use only properly anonymized data that cannot be re-identified
Health data requires explicit consent for any AI training use
You can opt out of AI training entirely while continuing to use our Services
We maintain records of AI training activities and data usage
Health Score Calculations: We use automated algorithms to analyze your health data and generate numerical health scores (0-100 scale). These calculations process multiple health data points to create:
- Sleep quality assessments based on duration, sleep stages, and consistency
- Stress level evaluations using heart rate variability and cardiovascular indicators
- Anxiety indicators combining stress metrics with sleep quality
- Training readiness scores incorporating recovery and activity data
- Overall wellbeing scores reflecting multiple health factors
These automated health scores are designed to provide insights and support coaching recommendations. They do not make medical diagnoses or treatment decisions. You have the right to:
- Understand how your health scores are calculated
- Request information about the data inputs used
- Access raw health data behind any score
- Discuss score interpretations with your coach
- Opt out of automated scoring while maintaining access to raw health data
If you're a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:
Right to know what personal info we collect, use, or share
Right to delete your data
Right to opt-out of data sale (note: we don't sell data)
Right to correct inaccurate data
Right to non-discrimination for exercising your rights
To make a request, contact support@kahunas.io with sufficient detail to verify your identity.
If you're a UK resident, you have additional rights under UK GDPR, including:
Right of access to your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Rights related to automated decision-making
UK Supervisory Authority: If you're unsatisfied with our response to your data protection concerns, you can lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
UK Data Processing: We process UK resident data in compliance with UK GDPR and UK data protection laws. Our UK data processing activities are governed by the same high standards outlined in this policy.
In case of a personal data breach:
Supervisory Authorities: We will notify relevant authorities within 72 hours (UK ICO, EU supervisory authorities, or other applicable regulators)
Affected Users: We will inform you without undue delay if there is a high risk to your rights and freedoms
Investigation: All incidents are thoroughly investigated, documented, and used to improve our security measures
Transparency: We maintain records of all breaches and remedial actions taken
We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via:
Email notification to registered users
In-app notifications
Prominent notice on our website
The latest version is always available at https://kahunas.io/privacy. Your continued use of our Services after changes become effective constitutes acceptance of the updated Policy.
For any questions about this Privacy Policy, your data rights, or our privacy practices, please contact us:
Email: support@kahunas.io
Address: Kahunas FZE, Customer Support - Data Protection, Coworking Business Centre, Sharjah Publishing City Free Zone, Sharjah, UAE
This Privacy Policy is effective as of July 17, 2025, and governs our collection, use, and protection of your personal information in connection with our Services.