PRIVACY POLICY
Kalonmoves takes the protection of your data seriously. This policy is based on the Swiss Data Protection Act (revFADP) and, where applicable, the EU General Data Protection Regulation (GDPR). It covers our web app and related services.
Last updated: 24 April 2026
1. Data Controller
Kalonmoves GmbH (in formation) Kreuzlingen (Thurgau), Switzerland Contact: support@kalonmoves.com Use the same address for data protection requests. We will appoint a dedicated data protection contact if legally required.
2. Data we process
• Account and profile data: email address, name, username, city, goals, avatar. • Authentication: magic link, 6-digit one-time code, session tokens, IP address and user-agent for rate limiting. • Event and ticket data: free RSVPs, booking status, QR ticket metadata, check-in time and attendance state. • Messaging: coach DMs and event/city channel content plus delivery and read state. • Coach inquiries and applications: name, city, email address, phone number, goals and messages. • CRM data: contact and profile basics, city metafield, city tag and email-marketing status in Shopify/Klaviyo. • Usage and operational data: technical logs, error reports and performance data.
3. Purpose and legal basis
We process your data to: • Provide the web app, login, RSVP, ticket, QR check-in and member area. • Send transactional messages for magic links, RSVPs, cancellations, tickets, coach inquiries and support. • Operate CRM and member communication through Shopify/Klaviyo based on your contact record and email-marketing status. • Protect the platform through security controls, fraud prevention, abuse mitigation, rate limits and error analysis. • Meet legal obligations and improve the product using aggregated or pseudonymized data.
4. Recipients and processors
We use selected vendors: • Supabase: database, authentication, storage, realtime and Edge Functions. • Vercel: web-app hosting and server/edge execution. • Resend: transactional emails such as magic links, RSVPs, cancellations, tickets, application and support notifications. • Shopify: CRM administration for registered prelaunch and member contacts, including city metafield and city tags. • Klaviyo: email communication and segments based on our CRM data, where enabled. • Sentry: error and performance monitoring, where enabled. We only share your data with additional third parties where required by law or if you explicitly consent.
5. International transfers
Where personal data is processed outside Switzerland or the EEA, we rely on an adequacy decision or on the European Commission's Standard Contractual Clauses combined with additional safeguards.
6. Retention
We keep data only as long as necessary for the purposes above or as required by law (e.g., 10 years under Art. 958f of the Swiss Code of Obligations). Accounts can be deleted at any time via support@kalonmoves.com; residual data on backups is removed within 30 days unless legal obligations require otherwise.
7. Cookies and local storage
We use strictly necessary cookies and local storage entries for authentication and for language and display preferences. We do not use analytics or advertising cookies, so no consent banner is required.
8. Your rights
Under the revFADP and GDPR you have the right to: • Request access to the personal data we process about you • Rectify inaccurate data • Request erasure ("right to be forgotten") • Restrict processing • Data portability • Object to processing based on legitimate interest • Withdraw previously given consent with effect for the future Submit requests informally to support@kalonmoves.com. We respond within 30 days.
9. Right to lodge a complaint
If you disagree with how we handle your data, you may lodge a complaint with the competent authority — in Switzerland with the Federal Data Protection and Information Commissioner (FDPIC, edoeb.admin.ch), or in the EU with the competent national data protection authority.
10. Security
We apply state-of-the-art technical and organizational measures: TLS encryption in transit, encryption of sensitive data at rest, strict row-level security on Supabase, signed QR tickets with short lifetime, and continuous security monitoring.
11. Changes
We update this policy whenever our processes or legal requirements change. The current version lives at /legal/datenschutz. We notify you by email of any material changes.