Privacy Policy

Last updated: March 17, 2026

Kilography ("we", "our", or "us") operates the Kilography mobile and web application (the "Service"). This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

1. Information We Collect

We collect the following types of information:

• Account Information: When you sign in with Google, we receive your name, email address, and profile picture via Google OAuth.
• Activity Data: GPS route points (latitude, longitude, elevation, timestamp) from GPX files you import or from connected fitness devices such as Garmin wearables.
• Usage Data: Artwork titles, run titles, distances, durations, and color preferences you configure within the app.

2. How We Use Your Information

• To authenticate your identity and provide access to the Service.
• To render your GPS running routes as visual artwork on maps.
• To allow you to share artworks and collaborate with other users via invite codes.
• To sync and store your activity data so it is accessible across devices.

3. Garmin Connect Integration

If you choose to connect your Garmin account, we access your activity data (GPS tracks, distance, duration) through the official Garmin Health API. We only access data you explicitly authorize. Garmin data is stored in our database solely to display your running routes within the app. We do not sell or share Garmin data with third parties.

4. Data Storage and Security

Your data is stored securely on Supabase (PostgreSQL), hosted on AWS infrastructure. We implement Row-Level Security (RLS) so that you can only access your own data. All data is transmitted over HTTPS.

5. Data Sharing

We do not sell your personal data. We share data only in the following cases:

• Within the app: Artwork routes are visible to other members of the same artwork group (only those you invite).
• Service providers: Supabase (database), Google (authentication), Garmin (fitness data). Each provider has its own privacy policy.
• Legal requirements: If required by law or to protect our rights.

6. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Request deletion of your account and all associated data.
• Disconnect your Garmin account at any time through Garmin Connect settings.
• Export your activity data.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated personal data and activity records will be permanently deleted within 30 days.

8. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at:
niphyang@gmail.com