Privacy Policy

Effective Date: April 5, 2026 · Last Updated: April 5, 2026

Kardia Labs LLC ("Kardia Labs," "we," "us," or "our") operates the Temple mobile application (the "App") and the website templeai.app (the "Site"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App and Site (collectively, the "Service"). By using the Service, you consent to the practices described in this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address
• Display name and username
• Profile photo (if provided)
• Password (stored in hashed form; we never store or have access to plaintext passwords)
• Authentication tokens and session data

1.2 Health and Fitness Data

To provide core App functionality, we collect:

• Workout data: exercises performed, sets, reps, weight, duration, rest times, and workout timestamps
• Exercise history: personal records, one-rep max calculations, strength progression, and historical performance data
• Body metrics: height, weight, body composition data, and body measurements (if provided)
• Cardio and activity data: GPS location data during tracked activities (runs, walks, rides), distance, pace, elevation, route maps, heart rate (if connected), and weather conditions at time of activity
• Nutrition data: food logs, calorie counts, macronutrient data (protein, carbohydrates, fats), meal photos, barcode scan data, and dietary goals
• Training preferences: workout split preferences, training goals, experience level, available equipment, scheduling preferences, and trainer personality selection

1.3 AI Interaction Data

When you interact with our AI assistant ("Samson"), we collect:

• Messages and prompts you send to Samson
• AI-generated responses, workout programs, and nutrition recommendations
• Questionnaire responses used to personalize AI recommendations (training goals, experience level, split preferences, injury history)
• Mesocycle and periodization data generated by AI programming
• Trainer personality preference (your selected coaching style for Samson's tone and communication approach)

1.4 Social and User-Generated Content

• Posts, comments, and likes on the social feed
• Workout share cards and activity share cards
• Follow/follower relationships
• User-created workout templates
• Notification preferences and interaction history

1.5 Device and Usage Information

• Device type, operating system, and version
• App version and build number
• Device identifiers (e.g., advertising ID, device ID)
• Crash reports and performance diagnostics
• Usage patterns (features accessed, session duration, navigation behavior)
• IP address and approximate location (derived from IP)

1.6 Payment and Subscription Information

Subscriptions are processed through Apple's App Store via RevenueCat. We do not directly collect or store your credit card number, bank account details, or other financial payment instruments. We receive:

• Subscription status (active, expired, trial, cancelled)
• Subscription plan type and billing period
• Transaction identifiers
• Purchase and renewal dates

1.7 Camera and Photo Data

With your permission, we access your device camera and photo library for:

• Food photo scanning for nutritional analysis
• Barcode scanning for food product lookup
• Profile photo uploads
• Social feed post images

Camera access is only activated when you explicitly initiate a scan or photo capture. We do not access your camera in the background.

1.8 Microphone and Voice Data

With your permission, we access your device microphone for:

• Voice-based food logging (speech-to-text input for describing meals)

Voice input is processed using your device's built-in speech recognition (Apple Speech Recognition). Audio is processed on-device and is not recorded, stored, or transmitted to our servers. We only receive the transcribed text, which is then used to search for nutritional information. Microphone access is only activated when you explicitly tap the microphone button. We do not access your microphone in the background.

1.9 Location Data

With your permission, we collect precise GPS location data only during active cardio tracking sessions (running, walking, cycling). Location data is used to:

• Map your activity route
• Calculate distance, pace, and elevation
• Retrieve local weather conditions during your activity

Location tracking stops immediately when you end or pause an activity session. We do not track your location in the background or outside of active sessions.

2. How We Use Your Information

We use the information we collect to:

• Provide core functionality: track workouts, log nutrition, record activities, and display your fitness history and progress
• Power AI features: generate personalized workout programs, provide nutrition analysis, calculate training recommendations, and deliver AI coaching through Samson
• Enable social features: allow you to share workouts, follow other users, post to the social feed, and receive notifications about social interactions
• Personalize your experience: tailor workout suggestions based on your training history, goals, available equipment, and performance data
• Process subscriptions: manage your subscription status, entitlements, and access to premium features
• Improve the Service: analyze usage patterns to fix bugs, improve performance, and develop new features
• Communicate with you: send service-related notices, security alerts, and support messages
• Ensure safety and security: detect and prevent fraud, abuse, and violations of our Terms of Service

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Third-Party Service Providers

We share data with trusted third-party providers who help us operate the Service:

3.2 Social Features

Information you choose to share publicly through the App's social features (posts, workout shares, activity shares, profile information) is visible to other users. Your display name, username, and profile photo are visible to anyone who views your profile or social content.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to:

• Comply with a legal obligation, subpoena, or court order
• Protect and defend the rights or property of Kardia Labs LLC
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users of the Service or the public

3.4 Business Transfers

If Kardia Labs LLC is involved in a merger, acquisition, asset sale, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you before your personal information becomes subject to a different privacy policy.

4. Data Storage and Security

4.1 Storage

Your data is stored on servers operated by Supabase (hosted on Amazon Web Services) in the United States. Some data (user preferences, cached workout data) is stored locally on your device using AsyncStorage.

4.2 Security Measures

We implement industry-standard security measures including:

• Encryption in transit (TLS/SSL) for all data transmitted between the App and our servers
• Encryption at rest for stored data
• Row Level Security (RLS) policies on our database ensuring users can only access their own data
• Hashed and salted password storage
• Secure authentication token management
• Regular security audits and updates

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Service. Specifically:

• Account data: retained until you delete your account
• Workout and fitness data: retained until you delete your account or individually delete specific records
• AI conversation history: retained for up to 90 days to provide conversation continuity, then automatically purged
• Activity GPS data: retained until you delete the specific activity or your account
• Usage and analytics data: retained in anonymized/aggregated form for up to 24 months

After account deletion, we may retain certain data in anonymized or aggregated form for analytical purposes. Backup copies may persist for up to 30 days after deletion before being fully purged.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to request a copy of the personal data we hold about you. We will provide this data in a structured, commonly used, machine-readable format (JSON or CSV) within 30 days of your verified request.

6.2 Correction

You can update or correct your account information at any time through the App's profile settings. For other data corrections, contact us directly.

6.3 Deletion

You may request deletion of your account and associated personal data by:

• Using the "Delete Account" option in the App's settings
• Contacting us at the email address below

Upon receiving a verified deletion request, we will delete your personal data within 30 days, except where we are legally required to retain certain information.

6.4 Opt-Out of AI Data Use

You may use the App without interacting with AI features. If you choose to use Samson, your conversation data is processed to generate responses but is not used to train or fine-tune AI models. Your data is sent to our AI provider (Anthropic) solely for generating real-time responses and is subject to Anthropic's data processing terms, which prohibit using API inputs for model training.

6.5 Push Notifications

You can opt out of push notifications through your device settings at any time.

6.6 Location and Camera Permissions

You can revoke location and camera permissions through your device settings at any time. Revoking location permission will disable GPS-based cardio tracking. Revoking camera permission will disable food photo scanning and barcode scanning.

7. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
• No Sale or Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
• Sensitive Personal Information: Health and fitness data, precise geolocation, and account credentials are considered sensitive personal information under CPRA. We use this data only as necessary to provide the Service and do not use it for purposes beyond what is disclosed in this policy.

To exercise these rights, contact us at the email address below. We will verify your identity before processing your request.

8. European Economic Area (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following applies:

8.1 Legal Basis for Processing

8.2 Your GDPR Rights

You have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing based on legitimate interest
• Withdraw consent at any time (without affecting the lawfulness of processing before withdrawal)
• Lodge a complaint with your local data protection authority

8.3 International Data Transfers

Your data is transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards for international data transfers as required by applicable law.

9. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we discover that a child under 16 has provided us with personal information, we will delete it immediately. If you believe a child under 16 has provided us with personal information, please contact us at the email address below.

10. Health Data Disclaimer

Temple is a fitness tracking and planning tool, not a medical device. The health and fitness data collected and displayed by the App (including AI-generated workout programs, nutrition recommendations, macro calculations, and exercise suggestions) is for informational and tracking purposes only. It is not intended to diagnose, treat, cure, or prevent any disease or health condition. Always consult a qualified healthcare professional before beginning any exercise or nutrition program.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy policies of any third-party service you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page with a revised "Last Updated" date
• Sending an in-app notification or email for significant changes

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern, contact us at:

Kardia Labs LLC
Email: support@templeai.app

We will respond to all privacy-related inquiries within 30 days.