Join Waitlist
Back to Home

Privacy Policy

Last updated: May 24, 2026

Effective Date: May 24, 2026

CoreN Digital Ltd. ("CoreN Digital", "CoreWod", "we", "us", or "our") provides the CoreWod mobile application, related websites, support channels, and community features (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, store, and protect information when you use the Service.

CoreN Digital Ltd. is generally the controller responsible for the personal data described in this Privacy Policy unless we state otherwise. If local law requires us to identify an in-country representative, local contact, or local entity for your region, we will provide those details in-app, on our website, or on request.

1. Scope and Health-Related Data

CoreWod is a fitness and wellness service, not a medical provider. Some information you choose to provide or connect, such as joint sensitivities, body measurements, progress photos, workout history, recovery signals, or connected health platform data, may be treated as health-related or sensitive personal data under laws such as the UK GDPR, EU GDPR, Turkey's Personal Data Protection Law No. 6698 ("KVKK"), or similar laws in other countries.

Where required, we process health-related or sensitive data based on your explicit consent or another lawful basis permitted by applicable law.

2. Information We Collect

Information you provide directly

  • Email address and authentication method
  • Name, username, bio, birthday, gender, avatar, and profile photo
  • Onboarding answers, workout preferences, goals, event targets, benchmark entries, and coaching style choices
  • Workout notes, difficulty and enjoyment ratings, custom workouts, support messages, and other content you submit

Training and wellness data

  • Workout history, completion logs, streaks, movement stats, favorites, and saved workouts
  • Program enrollments, program workout logs, challenge participation, challenge progress, and leaderboard scores
  • Health and training inputs such as joint sensitivities, height, weight, body progress check-ins, progress photos, and body measurements
  • AI Coach prompts, generated insights, coach suggestions, and related feedback

Community and public content

  • Public profile fields such as username, display name, bio, avatar, and follower/following counts
  • Activity feed events, reactions, friend challenge participation, and leaderboard placements
  • Custom workouts or other content you choose to mark as public

Device, usage, and technical data

  • App activity such as screens viewed, features used, taps, workout interactions, paywall interactions, and session events
  • Device type, operating system, app version, push-notification identifiers, analytics identifiers, diagnostic identifiers, and related technical metadata
  • Crash reports, error logs, performance data, and support diagnostics

Purchases and account status

  • Subscription plan, trial status, renewal state, entitlement status, and billing-provider identifiers
  • Apple App Store or Google Play purchase metadata needed to activate, restore, and manage premium access

We do not collect or store your payment card number, bank account number, or full payment credentials. Payments are handled by Apple, Google, RevenueCat, or another payment infrastructure provider as applicable.

Connected health platform data

CoreWod currently supports Apple Health on iOS. If you enable Apple Health, CoreWod may write completed workouts and may read only the specific metrics or records you authorize for requested features, such as workout activity, active energy, exercise time, VO2 max, resting heart rate, walking heart rate average, HRV, sleep, and similar training or recovery signals.

We do not import your full external health history into CoreWod. We read only the specific data types you authorize. If we later enable Garmin Connect, Android Health Connect, or similar integrations, this Privacy Policy will apply to those integrations when they are available and enabled by you.

3. Where We Get Data

We collect personal data:

  • Directly from you when you create an account, complete onboarding, log workouts, join challenges, upload media, or contact support
  • Automatically from your use of the app and device
  • From Apple, Google, or identity providers when you sign in or make purchases through them
  • From Apple Health or another supported health platform when you explicitly enable the integration and grant permissions

4. How We Use Your Data

We use personal data to:

  • Create and manage your account, authenticate you, and provide customer support
  • Generate personalized workouts, programs, benchmarks, reminders, and training recommendations
  • Power AI Coach, Ask Coach, coach suggestions, progress summaries, and related wellness insights
  • Track progress, avoid recent workout repeats, and improve recommendation quality
  • Operate community features such as public profiles, activity feed, follows, leaderboards, and challenges
  • Sync completed workouts to supported health platforms and read the metrics you authorize for requested features
  • Send push notifications and reminders if you allow them
  • Measure product usage, diagnose issues, protect the service, prevent abuse, and improve reliability
  • Manage subscriptions, entitlements, billing support, legal compliance, and recordkeeping

5. App Store Privacy Label Summary

For App Store privacy-label purposes, CoreWod may collect the following categories of data, depending on the features you use:

  • Contact Info: name and email address
  • Health and Fitness: health and fitness data
  • User Content: photos or videos, customer support content, and other user-generated content
  • Identifiers: user ID and device ID
  • Purchases: purchase history and subscription status
  • Usage Data: product interaction and other usage data
  • Diagnostics: crash data, performance data, and other diagnostic data

We do not use these categories of data for third-party advertising or cross-app tracking. We do not sell personal data. We do not share personal data with data brokers. We do not use connected health data for advertising, data brokerage, or unrelated profiling.

6. Legal Bases for Processing

Depending on your location and the context, we rely on one or more of the following legal bases:

  • Performance of a contract: to provide the Service you request, including your account, workouts, programs, subscriptions, and community features
  • Consent: for health platform access, push notifications, and other optional processing where consent is required
  • Legitimate interests: to secure the Service, prevent abuse, understand feature usage, fix bugs, and improve product quality where those interests are not overridden by your rights
  • Legal obligations and legal claims: to comply with applicable laws, tax, accounting, enforcement requests, or defend legal claims

For health-related or other sensitive data, we rely on your explicit consent where required by the UK GDPR, EU GDPR, KVKK, or similar laws, unless another specific legal exception applies.

7. AI Coach and Automated Processing

CoreWod uses OpenAI for AI Coach, Ask Coach, workout suggestions, and related coaching features. To provide those features, we may send limited training context such as workout patterns, goals, preferences, program progress, body progress trends, and connected health platform metrics you have authorized.

We do not send your raw birthday to OpenAI; if age is needed, we derive and send age instead. We avoid sending raw progress photos to OpenAI unless a future feature clearly asks for photo-based analysis and obtains appropriate consent.

AI responses are generated automatically and may be incomplete, inaccurate, or unsuitable for your situation. They are provided for general fitness and wellness guidance only and are not medical advice.

We cache some AI outputs inside CoreWod to reduce repeated transfers and improve response times. According to OpenAI's API data controls documentation, API data is not used to train OpenAI models by default unless the customer explicitly opts in, and OpenAI may retain limited abuse-monitoring logs for a short period under its platform policy.

8. Connected Health Platforms

CoreWod currently supports Apple Health on iOS.

When a supported health integration is enabled:

  • CoreWod may write completed workouts and related workout metadata to the connected platform
  • CoreWod may read only the specific metrics or records you authorize for training features
  • CoreWod does not use connected health data for advertising, data brokerage, or unrelated profiling

Disabling the integration in CoreWod stops future syncing and future reads, but does not automatically delete records already stored in the external platform. Historical records must usually be managed inside the relevant platform, such as Apple Health.

9. Community Visibility

If you use community features, some information becomes visible to other users. This may include your username, display name, avatar, bio, follower and following counts, public activity feed events, public custom workouts, challenge participation, and leaderboard rankings.

Your private progress photos, body measurements, joint sensitivities, connected health metrics, and similar health inputs are not public by default unless you explicitly share them outside the app.

10. How We Share Data

We share personal data only as needed to run CoreWod, comply with law, or protect rights. Categories of recipients include:

  • Supabase: authentication, database hosting, storage, signed media access, and backend infrastructure
  • OpenAI: limited coaching context for AI features you request
  • Amplitude: product analytics, feature usage, and event measurement
  • Sentry: crash reporting, diagnostics, performance monitoring, low-sample masked error replays, and technical troubleshooting
  • OneSignal: push notifications, push subscription identifiers, and segmentation tags such as training level, preferred style, premium status, and recent activity
  • RevenueCat: subscription entitlement management, purchase restoration, webhook processing, and billing-provider records
  • Apple / Google: sign-in, Apple Health permissions, and in-app purchase processing and restoration
  • Supported connected health platform providers: only if you enable such a connection and only for the purposes described in this policy
  • Professional advisers, legal authorities, or transaction counterparties: where reasonably necessary for legal compliance, security, fraud prevention, or a merger, acquisition, financing, or asset transfer

We do not sell your personal data. We do not share personal data for cross-context behavioral advertising.

11. International Data Transfers

CoreN Digital Ltd. and its service providers may process personal data outside your country of residence. Where required, we use appropriate legal, technical, and organizational safeguards for cross-border transfers. Depending on the transfer route and applicable law, these safeguards may include adequacy decisions or regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, the EU Standard Contractual Clauses, supplementary technical and organizational safeguards, or other lawful transfer mechanisms recognized by applicable law.

12. Data Retention

We retain personal data for as long as reasonably necessary for the purposes described above, including:

  • Account, profile, workout, and program data while your account remains active and for a reasonable period afterward to handle support, security, and legal obligations
  • Community records, AI insight caches, and progress data until they are deleted, refreshed, or no longer needed
  • Progress photos until you delete the related check-in or account data, subject to backup and security retention cycles
  • Analytics, crash, and audit logs for the period reasonably necessary to monitor, secure, and improve the Service
  • Billing, tax, anti-fraud, and legal records for the period required by law or legitimate operational need

Connected health platform records written outside CoreWod remain in the relevant external platform until removed there.

13. Security

We use reasonable technical and organizational measures designed to protect personal data, including encrypted network transport, secure authentication storage, row-level access controls in our database, signed URLs for private progress photo access, and role-based restrictions for internal systems. No security measure is perfect, so we cannot guarantee absolute security.

14. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete personal data
  • Delete certain personal data or request erasure
  • Restrict or object to certain processing
  • Receive a portable copy of personal data you provided to us where applicable
  • Withdraw consent at any time for consent-based processing, including connected health platform access
  • File a complaint with a supervisory authority or regulator

You can manage many choices in the app, including notification permissions, Apple Health permissions, workout preferences, public profile choices, and account deletion. To exercise formal privacy rights, contact us at info@corewod.com. We may ask for information needed to verify your identity before completing a request.

Turkey (KVKK)

Under Article 11 of KVKK, data subjects may request information about whether personal data is processed, why it is processed, who receives it, correction of inaccurate data, deletion or destruction where conditions are met, notification of those corrections or deletions to recipients, objection to certain automated analyses, and compensation for unlawful processing damage. We will respond within the period required by applicable Turkish law, generally within 30 days after a valid request.

United Kingdom

If the UK GDPR applies to you, you may have rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. You may also complain to the UK Information Commissioner's Office. We generally respond within one month of a valid request, subject to lawful extensions.

EEA and Switzerland

If the EU GDPR or similar rules apply to you, you may have rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. You may also lodge a complaint with your local data protection authority. We generally respond within one month of a valid request, subject to lawful extensions.

California and Similar U.S. State Laws

If applicable to you, you may have rights to know, access, delete, correct, portability, non-discrimination, and to opt out of the sale or sharing of personal information. CoreWod does not sell or share personal information for cross-context behavioral advertising. We use sensitive data only for the limited purposes needed to provide requested fitness and wellness features and operate the Service.

15. Children's Privacy

CoreWod is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us, contact us and we will take appropriate steps to delete it.

16. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last Updated" date and may notify you through the app, by email, or by other appropriate means.

17. Contact Us

For privacy questions or formal rights requests, contact:

CoreN Digital Ltd.
Unit 501 Leroy House, 434-436 Essex Road, London, United Kingdom, N1 3FY
info@corewod.com
https://corendigital.com