Zuno.fit | Privacy Policy

A product of Kiala Technologies Private Limited

Effective Date: 1 July 2026

Version: 1.0

Last Updated: 19 May 2026

1. Introduction and Scope

This Privacy Policy (“Policy”) describes how Kiala Technologies Private Limited, a company incorporated under the laws of India, having its registered office at NO 16, Lakshmi Nilaya, 2nd Main, 3rd Cross, Muneshwara Layout, Doddabommasandra, Vidyaranyapura, Bangalore North, Bangalore, Karnataka, India, 560097, with Corporate Identification Number (CIN) U46491KA2025PTC201557 (hereinafter referred to as the “Company”, “we”, “us”, or “our”), collects, processes, uses, stores, discloses, and protects information when you access or use the Zuno.Fit mobile application, the website zuno.fit, and any related services (collectively, the “Platform” or the “Services”).

By creating an account on the Platform, downloading the Zuno.Fit application, or otherwise accessing or using the Services, you (the “User”, “you”, or “your”) expressly acknowledge that you have read, understood, and unconditionally agree to be bound by this Policy and our Terms of Use and Medical Disclaimer, which are incorporated herein by reference.

If you do not agree with any provision of this Policy, you must immediately discontinue use of the Platform and uninstall the application.

2. Eligibility and Age Restrictions

2.1 Minimum Age. The Platform is intended exclusively for individuals who are eighteen (18) years of age or older. By using the Platform, you represent and warrant that you are at least 18 years of age and have the full legal capacity to enter into binding contracts.

2.2 No Use by Minors. We do not knowingly collect, solicit, or store personal information from individuals under the age of 18. If we become aware that we have collected information from a person under 18, we will delete such information promptly. If you believe a minor has provided us with personal information, please contact our Grievance Officer (details in Section 18).

2.3 Verification. During onboarding, we may require you to confirm your date of birth. Providing false information regarding your age is a material breach of these terms and may result in immediate termination of your account.

3. Information We Collect

4. Purpose of Processing

Data may be processed for purposes including:

Personalization of user experience
Platform functionality and service delivery
Analytics, research, and product improvement
Security, compliance, and fraud prevention

We collect the following categories of information. The specific data you provide depends on the features you choose to use.

3.1 Information You Provide Directly

(a) Account & Identity Information

Full name
Email address
Phone number
Date of birth
Gender
Password (encrypted; we never store passwords in plain text)
Profile photograph (optional)
Account preferences and settings

(b) Fitness, Body, and Lifestyle Information

Height, weight, and body measurements (waist, hip, chest, etc.)
Body fat percentage and Body Mass Index (BMI) calculations
Fitness goals (weight loss, muscle gain, endurance, stress and wellness, improved stamina, etc.)
Activity level, occupation type, sleep patterns
Workout history, exercise logs, sets, reps, weights lifted, duration of sessions
Step counts and physical activity data
Before and after progress photographs (uploaded voluntarily by you)
Dietary preferences (vegetarian, vegan, non-vegetarian, eggetarian, etc.)
Food allergies and intolerances
Regional cuisine preferences
Meal logs, calorie intake, macronutrient intake, water intake
Subjective wellness inputs such as mood, energy levels, hunger ratings

(c) Health and Medical Information

Self-declared medical conditions including but not limited to: Type 2 diabetes, Polycystic Ovary Syndrome (PCOS), hypertension, hypothyroidism, fatty liver, Irritable Bowel Syndrome (IBS), and high cholesterol
Pregnancy or breastfeeding status (if disclosed)
Medications or supplements you choose to disclose
Family medical history (only if voluntarily provided)
Information related to mental wellness, stress, sleep quality, and energy

Sensitive Personal Data and Information:

Health and medical information constitutes “Sensitive Personal Data or Information” under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and “Sensitive Personal Data” under the Digital Personal Data Protection Act, 2023 (“DPDP Act”). By providing such information, you give your explicit, free, specific, informed, and unambiguous consent to its collection, processing, and storage for the purposes set out in this Policy. You may withdraw this consent at any time as described in Section 11.

(d) Payment Information

Billing name and address
Payment method details (processed and stored by our payment processor; we do NOT store full credit/debit card numbers on our servers)
Transaction history, subscription status, ZunoCoins balance and redemption history
GST number (if you are a business user requesting a tax invoice)

(e) Communications

Customer support requests, emails, in-app chat messages
Feedback, ratings, reviews, survey responses
Reports of issues or adverse experiences

3.2 Information We Collect Automatically

(a) Device and Technical Information

Device type, model, manufacturer, and operating system version
Unique device identifiers (IDFA on iOS, Advertising ID on Android, where applicable)
Mobile network information, IP address, and approximate location derived from IP
App version, language settings, time zone
Crash logs and diagnostic data

(b) Usage Information

Pages and screens you view, features you use, time spent on each screen
Actions you take within the Platform (clicks, taps, searches, scrolls)
Date and time of access, frequency of use
Referral source (how you arrived at the Platform)

(c) Location Information

Approximate location derived from IP address (used for region-appropriate content)
Precise location ONLY if you grant permission (used for finding nearby fitness centers or Bodyfirst Fitness Center branches)

(d) Cookies and Similar Technologies

We use cookies, software development kits (SDKs), pixel tags, and similar tracking technologies on our website and within our mobile application. You can manage cookie preferences through your device or browser settings.

3.3 Information from Third-Party Sources

(a) Health Data Integrations (Optional)

Apple HealthKit (if you grant permission on iOS): step count, heart rate, active energy burned, workouts, sleep data, body measurements
Google Fit / Health Connect (if you grant permission on Android): equivalent data categories

Apple HealthKit Compliance Note: Health data accessed via Apple HealthKit is used solely for providing health and fitness services to you within the Zuno.Fit application. We do NOT use HealthKit data for advertising, marketing, or any other use-based data mining purposes beyond improving the Service. HealthKit data is not shared with third parties without your explicit consent, in compliance with Apple’s HealthKit guidelines.

(b) Social and Login Integrations

If you choose to sign up using Google, Apple, or Facebook login, we receive basic profile information from those services (name, email, profile photo)

(c) Payment Processors

Transaction status, refund status, and dispute information from Razorpay or other authorized payment processors

4. Purposes of Processing

We process your information for the following purposes, each based on a specific lawful basis as required under the DPDP Act, 2023:

4.1 Service Delivery and Personalization

To create and maintain your account
To generate personalized workout plans, meal plans, and nutritional recommendations
To track your progress and provide insights
To enable in-app features such as ZunoCoins, gamification, streaks, challenges, and community features
To deliver the Services you have requested

4.2 AI and Automated Decision-Making

4.2.1 AI-Generated Recommendations. The Platform uses artificial intelligence and machine learning systems, including large language models provided by third-party AI providers, to generate personalized content. This includes workout suggestions, meal plans, recipe recommendations, and educational content.

4.2.2 What this means for you:

Recommendations are generated by AI systems based on the information you provide
AI output is not reviewed by a licensed medical professional, registered dietitian, or certified fitness expert before being shown to you (unless explicitly stated otherwise in-app)
AI systems can make errors, including factual inaccuracies, omissions, or recommendations that may not be suitable for your specific situation
You retain the right to disregard any AI-generated content
AI-generated content is NOT medical advice and must NOT be relied upon as such

4.2.3 Right to Human Review. You have the right to request human review of any significant decision made about you using automated processing. To exercise this right, contact our Grievance Officer.

4.3 Payment Processing and Subscription Management

To process trial subscriptions (₹99 for 15 days) and recurring subscriptions
To manage ZunoCoins balance, accrual, and redemption against billing
To prevent fraudulent transactions
To issue tax invoices in compliance with Indian GST law

4.4 Communication

To send transactional emails (account creation, password reset, subscription confirmation, billing receipts)
To send service-related notifications (workout reminders, meal reminders, streak alerts)
To respond to your support requests
To send promotional communications (only with your prior consent, which you may withdraw at any time)

4.5 Analytics, Research, and Improvement

To understand how users engage with the Platform
To identify and fix bugs, errors, and performance issues
To develop new features and improve existing ones
To conduct internal research, including aggregated and de-identified studies on fitness and nutrition trends

4.6 Security, Fraud Prevention, and Legal Compliance

To detect and prevent fraudulent activity, abuse, or unauthorized access
To enforce our Terms of Use and other policies
To comply with applicable laws, court orders, and lawful requests from authorities

To protect the rights, property, and safety of the Company, our Users, and the public

5. Lawful Basis for Processing (DPDP Act 2023)

We process your personal data on one or more of the following lawful bases, as required under Section 4 of the Digital Personal Data Protection Act, 2023:

Your free, specific, informed, and unambiguous consent, as evidenced by your acceptance of this Policy and any in-app consent screens
The performance of our contractual obligations to you in providing the Services
Compliance with our legal obligations under Indian law
Certain legitimate uses as specified under Section 7 of the DPDP Act, including responding to medical emergencies, providing services you have requested, and protection against fraud

Your consent can be withdrawn at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. See Section 11 for how to withdraw consent.

6. Third-Party Service Providers (Data Processors)

We engage trusted third-party service providers to perform specific functions on our behalf. These providers process data only on our instructions and only as necessary to provide their service to us. The categories of providers and the data they process are listed below:

6.1 Cloud Infrastructure and Hosting

Provider: Amazon Web Services (AWS) and/or equivalent cloud providers
Purpose: To host the Platform, store data, and deliver content
Data shared: All categories of data, encrypted in transit and at rest

6.2 Authentication and Backend Services

Provider: Google Firebase
Purpose: User authentication, real-time database, push notifications, crash reporting
Data shared: Account credentials, device tokens, crash logs

6.3 Analytics

Provider: Google Analytics for Firebase, and similar analytics SDKs
Purpose: To understand app usage patterns, feature engagement, and performance metrics
Data shared: Anonymized or pseudonymized usage data, device information

6.4 Payment Processing

Provider: Razorpay Software Private Limited (or equivalent licensed payment aggregator)
Purpose: To process subscription payments and refunds
Data shared: Name, email, phone, transaction amount; full card details are processed directly by the provider and not retained by us

6.5 Artificial Intelligence Providers

Provider: Anthropic, OpenAI, and/or other licensed AI providers
Purpose: To generate workout plans, meal plans, and conversational coaching responses
Data shared: User inputs (fitness goals, preferences, history) in a structured format necessary to generate AI output; we do not provide your name, email, or other directly identifying information to AI providers

6.6 Crash Reporting and Performance Monitoring

Provider: Sentry, Firebase Crashlytics, or equivalent
Purpose: To identify and fix application errors
Data shared: Crash logs, stack traces, device information

6.7 Email and Communications

Provider: SendGrid, Twilio, MSG91, or equivalent transactional email and SMS services
Purpose: To send account-related emails and SMS notifications
Data shared: Email address, phone number, message content

6.8 Customer Support Tools

Provider: Help-desk and ticketing platforms
Purpose: To manage and respond to your support requests
Data shared: Name, email, support correspondence

7. Disclosure of Information

We disclose your information only in the limited circumstances described below:

7.1 With Your Consent. When you have given us explicit consent to share specific information with a specific third party.

7.2 To Service Providers. As described in Section 6.

7.3 Legal and Regulatory Compliance. We may disclose information when required to comply with applicable law, legal process, court orders, or government requests from authorized regulatory or law enforcement authorities.

7.4 Protection of Rights and Safety. We may disclose information when we believe in good faith that disclosure is necessary to:

Investigate, prevent, or take action regarding suspected illegal activities, fraud, or violations of our Terms
Protect the safety of any person
Enforce our Terms of Use or other agreements
Protect our rights, property, or interests, or those of our users

7.5 Business Transfers. In the event of a merger, acquisition, restructuring, sale of assets, or insolvency, your information may be transferred to the acquiring or successor entity. You will be notified of any such transfer by email or in-app notification, and you will have the option to delete your account before the transfer takes effect.

7.6 Aggregated and De-Identified Data. We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for research, statistical, or commercial purposes.

7.7 What We Will NEVER Do.

We will NEVER sell your personal data to advertisers, data brokers, or any other third party for monetary or non-monetary consideration
We will NEVER share your health information with insurance companies, employers, or any party that could use it against your interests
We will NEVER use your data in ways materially different from what is described in this Policy without first obtaining your consent

8. International Data Transfers

Some of our service providers may be located outside India. By using the Platform, you understand and consent to the transfer of your data to, and processing in, jurisdictions outside India, including the United States, the European Union, and other regions where our service providers operate.

Where such transfers occur, we ensure that appropriate safeguards are in place, including:

Contractual obligations on the recipient to maintain confidentiality and security
Compliance with restrictions on cross-border transfers as may be notified by the Indian Government under Section 16 of the DPDP Act
Adherence to international data protection frameworks where applicable

9. Data Security

9.1 Security Measures. We implement reasonable security practices and procedures consistent with the IT (Reasonable Security Practices) Rules, 2011, and the DPDP Act, 2023, including:

Encryption of data in transit (TLS/SSL) and at rest (AES-256 or equivalent)
Access controls limiting employee access to personal data on a need-to-know basis
Multi-factor authentication for administrative access to our systems
Regular security audits and vulnerability assessments
Secure software development practices
Incident response and breach notification procedures

9.2 No Absolute Security. While we take reasonable steps to protect your information, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security. By using the Platform, you accept this inherent risk.

9.3 Your Responsibility. You are responsible for keeping your account credentials confidential and for all activities under your account. Notify us immediately if you suspect unauthorized access at security@zuno.fit.

10. Data Breach Notification

In the event of a personal data breach that is likely to result in harm to you, we will:

Notify the Data Protection Board of India in accordance with the DPDP Act and applicable rules
Notify affected Users without undue delay, via email and/or in-app notification

Provide information about the nature of the breach, the data affected, the steps we are taking to address it, and recommended steps you can take to protect yourself

11. Your Rights

Subject to applicable law, you have the following rights with respect to your personal data:

11.1 Right to Access. You may request a summary of personal data we hold about you, the purposes of processing, and the identities of third parties with whom we have shared your data.

11.2 Right to Correction. You may request correction of inaccurate or incomplete data.

11.3 Right to Erasure (Deletion). You may request deletion of your personal data. We will comply unless retention is required by law or for legitimate business purposes (such as fraud prevention or unresolved disputes). Deletion is typically completed within 30 days of verified request.

11.4 Right to Withdraw Consent. You may withdraw your consent to processing at any time. To withdraw consent:

In-app: Go to Settings → Privacy → Manage Consent → Withdraw
By email: send a request to privacy@zuno.fit
Withdrawal does not affect processing already lawfully carried out and may result in our inability to provide certain features or the Service entirely

11.5 Right to Data Portability. You may request a copy of your personal data in a structured, commonly used, machine-readable format.

11.6 Right to Nominate. Under the DPDP Act, you have the right to nominate another individual to exercise your rights in the event of your death or incapacity. Contact our Grievance Officer to file a nomination.

11.7 Right to Grievance Redressal. If you believe we have not handled your data appropriately, you may file a grievance with our Grievance Officer (Section 18), and if unresolved, with the Data Protection Board of India.

11.8 How to Exercise Your Rights. To exercise any of these rights, contact us at privacy@zuno.fit with subject line “Data Rights Request”. We will respond within 30 days of receiving a verifiable request.

12. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected, subject to the following:

12.1 Retention Periods

Account data: Retained while your account is active and for 90 days after deletion to allow for account recovery
Workout and nutrition logs: Retained for the lifetime of your account, or until you delete them
Payment records and tax invoices: Retained for 8 years as required under the Indian Income Tax Act and GST law
Customer support records: Retained for 3 years from the date of last interaction
Marketing consents: Retained until you withdraw consent
Backup data: Retained in encrypted backups for up to 90 days after primary deletion
De-identified analytics data: May be retained indefinitely as it does not identify you personally

12.2 Account Deletion

You may delete your account at any time through Settings → Account → Delete Account, or by emailing privacy@zuno.fit. Upon deletion:

Your profile and identifiable data will be deleted within 30 days
Certain data may be retained as required by law (see retention periods above)

Anonymized or aggregated data may be retained for research purposes

13. Children's Privacy

As stated in Section 2, the Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact privacy@zuno.fit and we will take steps to delete such information.

14. Health and Medical Disclaimer

IMPORTANT — PLEASE READ CAREFULLY:

14.1 Not Medical Advice. Zuno.Fit is a fitness and nutrition information service. The content, recommendations, plans, and information provided through the Platform are for general informational and educational purposes only. They do NOT constitute medical advice, diagnosis, treatment, or professional healthcare advice of any kind.

14.2 Consult Healthcare Professionals. You should always consult a qualified medical professional, registered dietitian, or certified fitness trainer before:

Starting any new exercise or workout program
Changing your diet or nutritional intake
Following any plan generated by the Platform, especially if you have any pre-existing medical condition

14.3 No Doctor-Patient Relationship. Use of the Platform does not establish a doctor-patient, dietitian-client, or trainer-client relationship between you and the Company.

14.4 AI Limitations. Plans and recommendations are generated by artificial intelligence systems and may contain errors, omissions, or recommendations unsuitable for your specific situation. The Company makes no warranty regarding the accuracy, completeness, or suitability of any AI-generated content.

14.5 Your Acknowledgement. By using the Platform, you acknowledge that:

You use the Service at your own risk
You are solely responsible for your health and safety
The Company is NOT liable for any injury, illness, adverse reaction, or other harm arising from your use of the Platform, your reliance on its content, or your decision to follow any plan or recommendation generated by the Platform

14.6 Health Conditions. If you have declared any medical condition (including but not limited to diabetes, PCOS, hypertension, hypothyroidism, fatty liver, IBS, high cholesterol, pregnancy, eating disorders, cardiovascular conditions, or any chronic illness), you must:

Consult your treating physician before following any plan
Continue all prescribed medications and treatments
Monitor yourself for any adverse effects
Stop using the Platform and consult a doctor immediately if you experience any negative health effects

14.7 Emergency Situations. If you experience a medical emergency, call your local emergency services immediately. Do not rely on the Platform.

Full details of the medical disclaimer are set out in our separate Medical Disclaimer and Terms of Use, available at zuno.fit/terms.

15. Cookies and Tracking Technologies

We use cookies, SDKs, pixel tags, and similar technologies for the following purposes:

Essential cookies: Required for core functionality such as authentication
Analytics cookies: To understand how users interact with the Platform
Functional cookies: To remember your preferences and settings
Marketing cookies: To deliver relevant communications (only with your consent)

You can manage cookie preferences through your device or browser settings, or through our in-app Privacy Settings.

16. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

16.1 Notification of Changes:

Material changes: We will notify you by email and/or in-app notification at least 14 days before the changes take effect
Minor changes (clarifications, corrections): We will update the “Last Updated” date at the top of this Policy

16.2 Your Continued Use. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the revised Policy. If you do not agree, you must stop using the Platform.

17. Jurisdiction and Governing Law

This Policy is governed by and construed in accordance with the laws of India. Any dispute arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts at Bangalore, Karnataka, India.

18. Grievance Officer and Contact Information

In accordance with the Information Technology Act, 2000, the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer / Data Protection Officer.

Grievance Officer / Data Protection Officer:

Name: Aureen

Designation: Grievance Officer for Kiala Technologies Private Limited

Email: grievance@zuno.fit

Postal Address: Bangalore, India.

General Privacy Inquiries: privacy@zuno.fit

Security and Breach Reports: security@zuno.fit

Safety / Adverse Event Reports: safety@zuno.fit

Customer Support: support@zuno.fit

Response Time: We will acknowledge your grievance within 48 hours and respond substantively within 30 days as required by law.

If you are not satisfied with our response to your grievance, you may file a complaint with the Data Protection Board of India once it is operational, or with any other relevant regulatory authority.

19. Severability

If any provision of this Policy is found to be unenforceable or invalid under any applicable law, such unenforceability or invalidity shall not render this Policy unenforceable or invalid as a whole. The remaining provisions shall continue in full force and effect.

20. Entire Agreement

This Policy, together with our Terms of Use and Medical Disclaimer, constitutes the entire agreement between you and the Company regarding our collection, use, and disclosure of your personal data. It supersedes all prior agreements or understandings on this subject.

21. Acknowledgement

BY USING THE ZUNO PLATFORM, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS PRIVACY POLICY, UNDERSTAND IT, AND AGREE TO BE BOUND BY ITS TERMS, INCLUDING THE PROCESSING OF YOUR PERSONAL DATA (INCLUDING SENSITIVE HEALTH DATA) AS DESCRIBED HEREIN.

— End of Privacy Policy —

Address

NO 16, 2ND MAIN, 3RD CROSS, MUNESHWARA LAYOUT, VIDYARANYAPURA, Bangalore, India, 560097