Legal

Privacy Policy

How Core3 collects, uses and protects your personal information.

Last updated: 14 June 2026

Core3 ("we", "us", "our") is an AI-powered training, nutrition and recovery platform available on the web at coreiii.com and as mobile applications (together, the "Service"). This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and the choices and rights you have.

We are committed to processing your personal information lawfully and transparently in accordance with the Protection of Personal Information Act 4 of 2013 ("POPIA") and other applicable laws. By creating an account or using the Service you acknowledge the practices described in this policy.

Core3 processes health and fitness information, which is "special personal information" under POPIA. We only do so with your consent and for the purposes set out below. You can withdraw that consent at any time as described in "Your rights".

1. Who we are (Responsible Party)

For the purposes of POPIA, Core3 is the "responsible party" that determines how and why your personal information is processed.

  • Operator: Core3 [registration / entity details to be confirmed]
  • Registered address: [REGISTERED ADDRESS]
  • Information Officer: [INFORMATION OFFICER NAME]
  • Email: info@coreiii.com

2. Information we collect

Information you give us
  • Account details: name, email address and a securely hashed password.
  • Profile and athlete data: date of birth or age, sex, height, weight, training history, performance benchmarks (such as FTP, threshold pace or heart-rate zones), goals and preferences.
  • Nutrition data: meals, foods, macronutrient and calorie targets, and related logs.
  • Communications: messages you send to support, feedback, and chats with the in-app AI coach.
Information from connected services

If you choose to connect a third-party platform (Garmin, Wahoo, Hammerhead, Zwift and Ōura), we receive data from that platform via its API once you authorise the connection. This may include workouts and activities, GPS routes, power, pace, heart rate, cadence, sleep, recovery and other health and fitness metrics. We only request the data needed to operate the Service, and you can disconnect a provider at any time.

Information we collect automatically
  • Device and technical data: device type, operating system, app version, browser, language and approximate region.
  • Usage data: features used, pages viewed, and interactions, collected through analytics tools (see our Cookie Policy).
  • Location: with your permission, your device location is used to provide local weather and conditions for outdoor sessions. You can decline or revoke this in your device settings.
  • Cookies and similar technologies on the website (see the Cookie Policy for detail).

3. How we use your information and our lawful basis

We process your personal information for the following purposes, relying on the POPIA justifications shown in brackets:

  • To create and manage your account and provide the Service (performance of our contract with you).
  • To generate adaptive training plans, nutrition targets and recovery guidance using your data, including AI-assisted analysis (your consent and performance of our contract).
  • To sync and display data from connected services you authorise (your consent).
  • To process health and fitness "special personal information" for coaching insights (your explicit consent under sections 26–27 of POPIA).
  • To communicate with you about the Service, including service notices and, where permitted, product updates (legitimate interest / your consent).
  • To send direct marketing where you have opted in, and to measure and improve our marketing (your consent).
  • To understand and improve the Service, troubleshoot, and keep it secure (legitimate interest).
  • To comply with legal obligations and to establish, exercise or defend legal claims (legal obligation / legitimate interest).

4. AI-assisted coaching

Core3 uses automated analysis and third-party large-language-model providers to turn your training, nutrition and recovery data into plans, insights and answers from the in-app coach. Where data is sent to an AI provider to generate a response for you, it is processed under contract and is not used by that provider to train its general models without an appropriate basis.

AI-generated guidance is informational and is not medical, dietary or professional advice. See the Terms & Conditions for the health and safety disclaimer.

5. Who we share information with (Operators)

We do not sell your personal information. We share it only with service providers ("operators") who process it on our behalf under written agreements, and with others as described below:

  • Hosting and infrastructure providers that run our applications, databases and APIs.
  • AI / large-language-model providers used to generate coaching insights and chat responses.
  • Connected fitness and health platforms you authorise (Garmin, Wahoo, Hammerhead, Zwift and Ōura), to enable data sync.
  • Analytics and marketing providers, including Google services such as Google Analytics, Google Ads and Google Search Console, to measure usage, understand reach and run and measure advertising. See the Cookie Policy for the cookies these set and how to control them.
  • Email and communications providers used to send account and support messages.
  • Professional advisers, and authorities or acquirers, where required by law, to protect our rights, or in connection with a merger, sale or reorganisation.

6. International transfers

Some of our operators (including hosting, AI and Google services) store or process information on servers outside the Republic of South Africa. Where we transfer personal information across borders, we do so in accordance with section 72 of POPIA — for example because the recipient is subject to laws or binding agreements that provide an adequate, comparable level of protection, or because you have consented to the transfer, or it is necessary to perform our contract with you.

7. Cookies and similar technologies

Our website uses cookies and similar technologies for essential functionality, to remember your preferences, to measure usage with analytics, and to support advertising. We set non-essential cookies (including Google Analytics and Google Ads cookies) only with your consent. Full detail, including how to manage your choices, is in our Cookie Policy.

8. Direct marketing

We will only send you electronic marketing (such as promotional emails) where you have consented or where otherwise permitted by law. Every marketing message includes an easy way to opt out, and you can unsubscribe at any time by contacting us at info@coreiii.com. Opting out of marketing does not stop essential service messages about your account.

9. How long we keep your information

We keep your personal information for as long as your account is active and as needed to provide the Service. Training and activity history is retained so your long-term trends and analytics remain accurate; we do not routinely purge it. When you disconnect a third-party provider, we stop syncing from it and delete the data sourced from that provider. When you delete your account, we delete or anonymise your personal information, except where we must retain certain records to meet legal obligations or resolve disputes.

10. How we protect your information

We take appropriate, reasonable technical and organisational measures to safeguard your personal information against loss, unauthorised access and misuse, including encryption in transit, hashed passwords, access controls and reputable infrastructure providers. No method of transmission or storage is completely secure, but we work to protect your information and will notify you and the Information Regulator of a compromise where the law requires.

11. Your rights

Subject to POPIA, you have the right to:

  • Be told what personal information we hold about you and to access it.
  • Request correction or deletion of personal information that is inaccurate, irrelevant, excessive, out of date or unlawfully obtained.
  • Object, on reasonable grounds, to the processing of your personal information.
  • Withdraw consent you have given (for example for health-data processing or marketing), without affecting processing already carried out.
  • Not be subject to a decision based solely on automated processing that has legal or similarly significant effects, except as permitted by law.
  • Lodge a complaint with the Information Regulator.

You can exercise most of these rights in the app, or by emailing us at info@coreiii.com. We may need to verify your identity before acting on a request.

Complaints to the Regulator
  • Information Regulator (South Africa)
  • JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
  • Email: complaints.IR@inforegulator.org.za
  • Website: https://inforegulator.org.za

12. Children

The Service is not intended for children. You must be at least 18 years old (or the age of majority where you live) to create an account. We do not knowingly collect personal information from children without the consent of a competent person; if you believe a child has provided us information, contact us so we can remove it.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a new "Last updated" date and, where changes are material, take reasonable steps to notify you. Your continued use of the Service after an update means you accept the revised policy.

14. Contact us

Questions about this policy or your personal information? Contact our Information Officer at info@coreiii.com.