1. Who we are
Kinematic is a field force management software-as-a-service platform operated by Kaiyo Technology Labs ("we", "us", "our") headquartered in India. We provide field operations software to organisations whose workforce operates outside fixed locations — distribution, sales, audit, services, delivery and last-mile teams across FMCG, pharma, banking, retail, logistics and real estate.
This Privacy Policy applies to:
- Our website at kinematicapp.com
- The Kinematic mobile applications (Android & iOS, distributed via Google Play, Apple App Store and direct enterprise distribution)
- The Kinematic web dashboard accessible to administrators and supervisors
- Communications with us via email, WhatsApp, in-product messaging or our website forms
2. What we collect
We collect personal data only where it is necessary to deliver the service. The categories of data we process are:
2.1 Account & identity data
- Full name, email address, mobile number, employee ID (where provided by the customer)
- Designation, manager / reporting relationship, team / city assignment
- Profile photograph (optional, for attendance and identity verification)
2.2 Field operations data
- Location data — GPS coordinates, geofence entry/exit events, route history, distance travelled. Captured only during active duty hours configured by the customer administrator.
- Attendance & check-in records — timestamped events, selfie attendance photographs, device metadata
- Activity data — visits logged, leads created, orders booked, expenses claimed, forms submitted, voice commands issued to Kini AI
- Audio recordings — when a field executive uses Kini AI's voice-first feature, the spoken command is transcribed. Audio is processed in-memory and discarded; only the resulting structured action (e.g. "create lead") is retained.
- Images — outlet photographs, shelf images for planogram audit, expense receipts, signed documents
2.3 Device & technical data
- Device model, operating system version, mobile carrier, IP address, app version
- Crash reports, performance telemetry, feature usage logs
- Browser type, screen resolution, referring URL (for website visitors)
2.4 Communications & support
- Email and WhatsApp messages exchanged with our team
- Demo requests, sales enquiries and form submissions on kinematicapp.com
- Support tickets and feedback
What we do not collect. We do not collect biometric data (fingerprints, face geometry), financial account credentials, health records, or political/religious affiliations. We do not access SMS, call logs, contacts, photos outside the app, or the microphone outside of explicit Kini AI voice sessions.
3. How we use your data
We use personal data only for the following purposes:
- Service delivery — providing the Kinematic platform functionality our customer has subscribed to (attendance, beat planning, lead management, analytics, etc.)
- Accountability & reporting — generating reports for the customer's administrators and supervisors
- Safety — SOS alerts, last-known-location tracking when an FE triggers an emergency
- Authentication — verifying field executives are present where attendance is claimed (geofence + selfie)
- Product improvement — aggregated, de-identified usage analytics to improve features
- Communication — sending operational notifications (shift reminders, beat allocations, manager messages) and — only with consent — marketing emails about new features
- Legal & compliance — tax records, audit trails, response to lawful requests from authorities
4. Legal basis for processing
Under DPDP Act 2023 (India) and GDPR (EU), we process personal data on the following grounds:
- Performance of a contract — most field-executive data is processed because the customer organisation has contracted with Kinematic to deliver field force management services. The FE is performing employment duties using the platform.
- Legitimate interest — for fraud prevention (anomaly detection on attendance), platform security, and product analytics in aggregated form.
- Consent — for optional features (e.g. marketing emails, optional location sharing outside duty hours, voluntary profile data). Consent can be withdrawn at any time.
- Legal obligation — for retention of records required by Indian tax, labour or evidence laws.
For website visitors, our legal basis is consent (analytics cookies) and legitimate interest (essential cookies for site function). See Section 10.
5. Sharing & subprocessors
We do not sell personal data. We share data only with the following categories of recipients:
5.1 Our customer (your employer)
If you are a field executive, supervisor or administrator, your data is shared with the organisation that has subscribed to Kinematic — this is the primary purpose of the service. Your employer is the data fiduciary (DPDP Act) or controller (GDPR) for this data; we are the data processor.
5.2 Subprocessors (cloud infrastructure)
We use vetted third-party providers under signed data processing agreements (DPAs):
| Provider | Purpose | Data location |
|---|
| Hostinger | Website hosting (kinematicapp.com) | India / EU |
| Railway | Backend application hosting | USA / EU |
| Supabase | Database (PostgreSQL) & authentication | USA / Singapore |
| Vercel | Web dashboard hosting | USA / EU / India |
| Anthropic | Kini AI voice transcription & intent parsing | USA |
| Google (Maps, Firebase) | Map tiles, geocoding, push notifications | USA / India |
| Meta (WhatsApp Cloud API) | WhatsApp message delivery | USA / Singapore |
| Hostinger SMTP | Transactional email delivery | India / EU |
An up-to-date list of subprocessors is available on request to s@kinematicapp.com. Customers are notified at least 30 days before any material change in subprocessors.
5.3 Legal disclosures
We may disclose personal data when required by a valid Indian court order, subpoena, or written request from a competent regulatory authority, or to defend against legal claims. We notify the affected customer wherever permitted by law.
6. Location data — specific notice
Because location is the most sensitive data we process, we apply the following safeguards:
- Location is captured only during configured duty hours set by your employer's administrator. Outside duty hours, the app does not record location.
- The app displays a persistent notification icon whenever location is being captured, so it is never collected silently.
- Location data is associated with attendance and visit events. It is not used for personal profiling outside the workplace context.
- You can request location precision to be reduced, or location capture to be paused, by contacting your administrator.
- SOS-triggered location is captured immediately on alert and shared with designated supervisors and emergency contacts.
7. Data retention
We retain personal data only as long as needed:
- Active employment data — retained for the duration of your employment with the Kinematic customer, plus 90 days for handover
- Attendance and field activity records — retained for 7 years to meet Indian labour and tax compliance requirements
- Voice recordings (Kini AI) — discarded within minutes of transcription; only structured action records persist
- Website analytics — 14 months (GA4 default)
- Marketing consent records — retained until you withdraw consent
- Support correspondence — 24 months
After retention periods expire, data is deleted or anonymised so it can no longer identify you.
8. Your rights
Under DPDP Act 2023 and GDPR, you have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — request that inaccurate or incomplete data be corrected
- Erasure — request deletion of personal data (subject to legal retention obligations)
- Restrict processing — request that we temporarily stop processing your data while a dispute is resolved
- Object to processing — for legitimate-interest or direct marketing processing
- Data portability — receive your data in a machine-readable format
- Withdraw consent — for any processing based on consent, at any time
- Grievance redressal — contact our Data Protection Officer for complaints
- Lodge a complaint — with the Data Protection Board of India or your local supervisory authority
If you are a field executive whose data is in Kinematic because of your employment, requests should normally be routed via your employer's HR or designated administrator, since they are the data fiduciary. We support our customers in fulfilling these requests promptly.
To exercise these rights directly, contact s@kinematicapp.com. We respond within 30 days of receiving a verified request.
9. Security
We apply industry-standard technical and organisational measures to protect personal data:
- Data encrypted in transit using TLS 1.2+ on all connections
- Data encrypted at rest using AES-256 in our databases
- Role-based access control — staff access is restricted to what is needed for their role
- Multi-factor authentication enforced on all administrative consoles
- Regular security reviews, dependency patching, and least-privilege production access
- Backups encrypted and stored separately; tested for restoration
- Incident response plan with notification commitments aligned to DPDP Act and GDPR timelines
In the event of a personal data breach likely to result in significant harm, we notify the Data Protection Board of India within the timelines prescribed by the DPDP Act, and affected users as required by law.
10. Cookies & tracking
Our website uses cookies and similar technologies. We classify them as follows:
- Essential cookies — required for site function (consent state, basic security). Always active; cannot be disabled.
- Analytics cookies — Google Analytics 4 via Google Tag Manager. Optional; off until you accept.
- Marketing cookies — for measuring ad campaign performance. Optional; off by default.
On your first visit, our consent banner asks for your choice. You can change preferences any time using the "Cookie preferences" link in the footer.
Until you grant analytics consent, we use Google's Consent Mode v2 — Google receives no identifiable analytics data, only anonymous modelled signals.
The Kinematic mobile app does not use third-party advertising trackers.
11. Children's data
Kinematic is a business platform. Our services are not directed to children under 18, and we do not knowingly collect personal data from minors. If we become aware that data has been collected from a minor, we will delete it promptly.
12. International data transfers
Some of our subprocessors operate servers outside India (e.g. the USA). When transferring personal data internationally, we rely on:
- The transfer mechanisms permitted under DPDP Act 2023 (transfers to countries not blacklisted by the Government of India)
- For EU personal data: Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework where applicable
- Contractual data protection commitments from every subprocessor (DPAs)
13. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. For material changes affecting how we process personal data, we notify customers via email and in-product banner at least 30 days before the change takes effect.
For privacy questions, requests, or grievance redressal:
- Email — s@kinematicapp.com
- Subject line — "Privacy request — [your question]"
- Response time — within 30 days for verified requests
Kinematic is operated by Kaiyo Technology Labs. Headquartered in India.
