This Privacy Policy explains how Kadvar ("we") collects, uses, and protects your personal data when you use our service. We are committed to handling your data responsibly and in line with the EU General Data Protection Regulation (GDPR).
The data controller is the individual operator of Kadvar, based in the Czech Republic. For any privacy questions or to exercise your rights, contact: support@kadvar.com. (A working contact is legally required before launch.)
To create your personalised plan, we collect information you provide during onboarding and use:
Some of the data above — such as health, injury, and dietary information — may be considered special category data under the GDPR. We process it only with your explicit consent, given when you choose to provide it during onboarding, and solely to generate and adjust your fitness and nutrition plan. You can withdraw this consent at any time by deleting your account or contacting us.
| Purpose | Legal basis |
|---|---|
| Create and adjust your personalised plan | Performance of our contract with you; explicit consent for health data |
| Manage your account and subscription | Performance of contract |
| Process payments | Performance of contract; legal obligation |
| Improve and secure the service | Our legitimate interests |
| Communicate important service updates | Performance of contract / legitimate interests |
To generate your workout and meal plans, relevant profile information is sent to third-party AI providers (currently Anthropic and OpenAI) which process it to produce your plan. This data is sent for the purpose of generating your plan and is subject to those providers' own data-handling terms. We send only what is needed to create your plan. If you are not comfortable with this processing, please do not use the Service, as AI generation is core to how it works.
We use trusted service providers ("processors") to operate Kadvar. We do not sell your personal data. These providers include:
Some of these providers may process data outside the EU. Where that happens, appropriate safeguards (such as Standard Contractual Clauses) should apply. [A lawyer should confirm the transfer mechanisms for each provider.]
We keep your data for as long as your account is active. If you delete your account, we delete or anonymise your personal data within a reasonable period, except where we must retain certain records (for example, payment records) to meet legal obligations.
You have the right to: access your data; correct inaccurate data; delete your data ("right to be forgotten"); restrict or object to processing; data portability; and withdraw consent at any time. You also have the right to lodge a complaint with your local data protection authority (in the Czech Republic, the Úřad pro ochranu osobních údajů). To exercise any right, contact us at the email above.
Kadvar uses only essential cookies and similar storage needed to keep you logged in and operate the Service. We do not use advertising or third-party analytics tracking cookies. [If you add analytics in future, this section must be updated and a cookie consent banner added.]
We use reasonable technical and organisational measures to protect your data, including encrypted connections and access controls provided by our infrastructure providers. No system is perfectly secure, but we take your privacy seriously.
Kadvar is not intended for anyone under 18, and we do not knowingly collect data from minors.
We may update this policy. Material changes will be communicated via the app or email.