Privacy Policy

Last updated: February 2026

Introduction

Core3 (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose your information when you use our training and wellness platform, including our website, mobile experience, and related services (collectively, the “Service”).

By using Core3, you agree to the practices described in this policy. If you do not agree, please do not use the Service. We may update this policy from time to time; we will notify you of material changes by posting the updated policy and revising the “Last updated” date.

1. What Data We Collect

We collect information that you provide directly, that we obtain when you connect third-party services, and that we collect automatically when you use the Service.

  • Account information — When you register, we collect your name, email address, and any profile details you choose to provide. We use this to create and manage your account, authenticate you, and communicate with you about the Service.
  • Strava data — When you connect your Strava account, we import activities, GPS routes, heart rate, power, cadence, and profile information via the Strava API. We use this to power your dashboard, analytics, and coaching features. Strava may collect its own data about API usage; see Strava's policies for details.
  • Check-in data — Daily wellness check-ins (e.g. fatigue, sleep quality, soreness) that you submit. We use this to personalise insights and coaching and to help you track recovery.
  • Nutrition logs — Meals, foods, and macro data you record. We use this to provide nutrition tracking and feedback within the Service.
  • Training plans and calendar events — Workouts you schedule, complete, or skip, and any notes you add. We use this to show your calendar, calculate training load, and tailor coaching.
  • Coach conversations — Messages you send to and receive from the AI coaching assistant. We process these to provide coaching and to improve the quality of the Service (as described in our AI and third-party sections).
  • Usage and device data — We may collect information about how you use the Service (e.g. pages visited, features used) and basic device or browser information (e.g. type, language) to operate, secure, and improve the Service and to troubleshoot issues.
  • Cookies and similar technologies — We may use cookies, local storage, and similar technologies for authentication, preferences, security, and analytics. You can manage cookie settings in your browser, though some features may depend on them.

2. How We Use Your Data

We use the data we collect to provide, maintain, and improve the Service, to communicate with you, and to comply with legal obligations. Specific uses include:

  • Providing and personalising your dashboard, calendar, and analytics.
  • Generating AI-powered coaching insights and adaptive training plans.
  • Calculating training load, fitness, fatigue, and form metrics.
  • Providing nutrition tracking and wellness feedback.
  • Authenticating you and keeping your account secure.
  • Sending service-related messages (e.g. account or security notices, product updates).
  • Responding to your requests and support inquiries.
  • Analysing usage to improve the Service, fix bugs, and develop new features.
  • Complying with applicable laws, regulations, and legal process.

We do not sell your personal data. We do not share your personal data with advertisers for their marketing purposes. We may share data only as described in this policy (e.g. with service providers who process data on our behalf, or when required by law).

3. Third-Party Services

We use selected third-party services to operate the Service. Each has its own privacy practices; we encourage you to review their policies.

  • Strava — We use the Strava API to import your activities and related data. Strava may collect usage data about API access independently. See Strava's Privacy Policy.
  • Google Gemini — Our AI coaching feature uses Google's Gemini language model. Conversation content is sent to Google for processing. We do not use your conversations to train general-purpose models; processing is for providing the coaching feature. Google's handling of data is governed by their terms and privacy policy.
  • Supabase — We use Supabase for database, authentication, and related infrastructure. Your account and activity data are stored on Supabase; they process data according to their privacy policy and our instructions.
  • Other providers — We may use additional providers for hosting, analytics, error reporting, or email. We choose providers that commit to appropriate security and confidentiality and use data only as necessary to provide the Service.

4. Data Security

We implement technical and organisational measures to protect your data against unauthorised access, loss, or misuse. These include secure connections (e.g. HTTPS), access controls, and secure storage. No system is completely secure; we will notify you and relevant authorities where required if we become aware of a breach that affects your personal data.

5. Data Retention

We retain your data only as long as needed to provide the Service and to fulfil the purposes described in this policy, unless a longer retention period is required by law.

  • Strava data — Raw Strava API response data and activity stream data are automatically purged 7 days after import. Normalised activity metrics (distance, duration, power averages, etc.) are retained for as long as your account is active. If you disconnect Strava in your account settings, we delete all synced Strava activity data promptly.
  • Account and other data — Check-ins, nutrition logs, training plans, coach conversations, and account information are retained while your account is active. After you request account deletion, we delete or anonymise your data in line with our deletion process and legal obligations.
  • Logs and backups — We may retain certain logs or backup data for a limited period for security, fraud prevention, or legal compliance; such data is then deleted or anonymised.

6. Your Rights and Choices

Depending on where you live, you may have rights to access, correct, delete, or port your data, or to object to or restrict certain processing. You can exercise many of these through the Service:

  • Access and correction — You can view and update much of your profile and preferences in the Service. For other requests, contact us at info@coreiii.com.
  • Disconnect Strava — In your account settings, you can disconnect Strava. This revokes API access and we delete all synced Strava activity data.
  • Account deletion — To request full deletion of your account and associated data, email us at info@coreiii.com. We will process your request in line with our policies and applicable law.
  • Marketing — We do not use your data for third-party marketing. Service-related emails (e.g. security or product updates) may still be sent where permitted.
  • Complaints — If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection authority.

7. Children's Privacy

The Service is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us at info@coreiii.com, and we will delete it promptly.

8. International Data Transfers

Your data may be processed in countries other than your own, including by our service providers. We ensure appropriate safeguards (such as standard contractual clauses or adequacy decisions) where required by law so that your data remains protected in line with this policy and applicable regulations.

9. Strava API Disclosures

Our use of the Strava API is subject to the Strava API Agreement. Strava may independently collect analytics about API usage. We display Strava data with proper attribution and do not re-share Strava data with third parties except as described in this policy (e.g. processing for AI coaching via our providers).

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on the Service and update the “Last updated” date. For material changes, we may also notify you by email or through the Service. Your continued use of Core3 after the effective date constitutes acceptance of the updated policy, except where further consent or other steps are required by law.

11. Contact

For questions about this policy, your data, or to exercise your rights, contact us at info@coreiii.com.