Privacy Policy

Last updated: March 9, 2026 · Version 1.2

This Privacy Policy describes how Kinetic Loop (“we”, “us” or “our”) collects, uses, stores, and shares the personal information of users (“you”, “your”) in connection with the use of the mobile application Mise (the “App”).

This Policy is drawn up in compliance with the Regulation (EU) 2016/679 (GDPR) and the applicable regulations in the iOS/Android stores.

1. Data Controller

The Data Controller is:

Kinetic Loop
Email: support@kineticloop.app
Website: https://mise.kineticloop.app

2. Types of Data Collected

2.1. Data voluntarily provided by the user

• Account Information: Name, email address, and profile picture (via Google Sign-In, Apple Sign-In, Facebook Login, or email and password registration).
• User-Generated Content: Recipes (title, ingredients, instructions, photographs), weekly meal plans, shopping lists, and recipe books created or imported into the App.
• Notes and Ratings: Personal notes and star ratings associated with recipes.

2.2. Data collected automatically

• Usage and Analytics Data: Aggregated and pseudonymized information about how you interact with the App (features used, navigation, session duration), collected via Google Analytics for Firebase. Your consent is required before enabling this collection.
• Technical and Crash Data: Device type, operating system, App version, stack trace in case of a crash, collected via Firebase Crashlytics for diagnosing and fixing errors.
• Performance Data: Screen loading duration and network request latency, collected via Firebase Performance Monitoring in an aggregated form.
• Purchase Data: Subscription status (active/expired), type of purchased plan, and transaction history (we do not include full credit card details, which remain with the Apple/Google stores). Processed via RevenueCat.
• Push Notifications: If you grant permission, we receive a device notification token to send you service communications (e.g., meal reminders). You can revoke this permission at any time from your device settings.

2.3. Data we do NOT collect

• We do not collect GPS location data.
• We do not collect biometric data.
• We do not sell or transfer your personal data to third parties for marketing purposes.

2.4. Microphone and Voice Data

• Voice Commands: When you use the Cooking Session feature, the App accesses your device microphone to capture spoken commands (e.g., “next step”, “repeat”, “set timer”). The microphone is only active when you explicitly start voice recognition within a cooking session.
• Audio Processing: The captured audio is processed in real time by the platform’s native speech recognition service:
  • Android: Google Speech Recognition (cloud-based) — audio is transmitted to Google’s servers for conversion to text.
  • iOS: Apple Speech Recognition — audio may be processed on-device or via Apple’s servers depending on your device model and iOS version.
• No Storage by Kinetic Loop: We do not record, store, or retain any audio data. No voice recording is saved to our servers or to Firebase.
• No Unauthorised Sharing: Audio data is not sold, transferred, or shared with any party other than the platform speech recognition services described above, which process it solely to return a text transcription to the App.

3. Purposes and Legal Bases for Processing

4. Third-Party Services

We use the following authorized service providers who process data on our behalf:

4.1. Infrastructure and Backend

• Google Firebase (Auth, Cloud Firestore, Cloud Storage, Cloud Functions): data hosting, authentication, and server-side logic. Firestore data is configured in the europe-west1 (Belgium) region. Firebase Privacy Policy

4.2. Analytics and Monitoring

• Google Analytics for Firebase: anonymous/pseudonymized usage statistics. Activated only upon your explicit consent. Google Privacy Policy
• Firebase Crashlytics: reporting of crashes and malfunctions. Active for App stability regardless of analytics consent.
• Firebase Performance Monitoring: aggregated performance metrics.

4.3. Payments and Subscriptions

• RevenueCat: management of in-app purchases and subscription logic. Processes anonymous identifiers and purchase history to verify your subscription status. RevenueCat Privacy Policy
• Apple App Store / Google Play: management of the actual payment. Their policies apply to payment data.

4.4. Social Authentication

• Google Sign-In / Apple Sign-In / Facebook Login: optionally used for authentication. We only receive your name, email, and public profile picture based on the granted permissions.

4.5. Speech Recognition Services

• Google Speech Recognition (Android): On Android devices, voice commands captured during cooking sessions are processed by Google’s cloud-based speech recognition service. Audio is transmitted to Google’s servers and returned as text. Kinetic Loop has no access to or control over this transmission. Google Privacy Policy
• Apple Speech Recognition (iOS): On iOS devices, voice commands are processed by Apple’s Speech Recognition framework, which may operate on-device or via Apple’s servers depending on the device model and iOS version. Apple Privacy Policy

5. Data Retention Periods

Upon account deletion, we initiate the process of deleting all your data (recipes, images, preferences) within 30 days, subject to legal retention obligations.

6. Your Rights (GDPR)

In compliance with the GDPR and other applicable laws, you have the right to:

• Access (Art. 15): Obtain confirmation as to whether we are processing your data and request a copy of it.
• Rectification (Art. 16): Correct inaccurate or incomplete data (you can do this directly from the App's profile settings).
• Erasure / Right to be Forgotten (Art. 17): Request the deletion of your account and all associated data. You can do this directly in the App (Settings → Delete Account).
• Portability (Art. 20): Receive your data in a structured, machine-readable format. Contact us to request this.
• Object (Art. 21): Object to processing based on legitimate interest (e.g., analytics if consent was not given).
• Withdrawal of Consent: You can change your consent preferences at any time from the App's Settings → Privacy.
• Complaint: You have the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it) or the supervisory authority of your EU country of residence.

7. Data Security

We adopt appropriate technical and organizational security measures, including:

• Encrypted data transmission via TLS/HTTPS.
• Authentication managed by Google Firebase Authentication (OAuth 2.0 standard).
• Firestore security rules that restrict access to the authenticated user's data only.
• Backend access limited to authorized personnel.

However, no transmission over the internet or electronic storage method is 100% secure. In the event of a data breach that poses a high risk to your rights, we will notify you as required by the GDPR.

8. International Data Transfers

Data may be transferred to Google (Firebase) servers located in the United States or other non-EU countries. Such transfers take place in compliance with the safeguards required by the GDPR, through Standard Contractual Clauses (SCCs) approved by the European Commission. Our main Firestore instance is configured in the europe-west1 region (Belgium, EU).

9. Underage Users

The App is not intended for users under the age of 16. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, please contact us immediately to request its deletion.

10. Changes to this Policy

We may update this Policy from time to time. In the event of material changes, we will update the revision date on this page and, where appropriate, send you an in-app notification. By continuing to use the App after being notified of changes, you accept the new version of the Policy.

11. Request Account Deletion

To request the permanent deletion of your account and all associated data (recipes, meal plans, shopping lists, images), send an email to the address below. We will process your request within 30 days.