Privacy Policy for CoreCapacity

Last updated: 14.12.2025

1. About us

CoreCapacity AS (“we”, “us”, “our”) develops and offers an AI-driven training app and digital solutions for physical and mental health. We are committed to protecting your privacy and follow applicable regulations, including the Personal Data Act and the EU General Data Protection Regulation (GDPR).

2. What personal data we collect

When you use the CoreCapacity app or visit our website, we may collect the following types of information:

a. Identification information:

  • Name, email address, gender, date of birth

b. Health and training data:

  • Answers to screening questions
  • Training history and progression
  • User log and feedback
  • Selected workouts and preferences
  • Any free text answers related to physical or mental health

c. Technical data:

  • IP address, device type, operating system and language
  • App usage and feature interaction
  • Time spent in the app, clicks and navigation

d. AI-generated recommendations:

  • Personal training suggestions and automated adaptations created by our AI module

3. How we use your data

We use your data for the following purposes:

  • To provide and improve our services
  • To adapt training programs based on your needs
  • To develop and train our AI module (with pseudonymized data)
  • To communicate with you about new features and changes
  • To conduct internal analysis and research
  • To fulfill legal requirements

We use data minimization and only collect data that is necessary to deliver our services.

4. Legal basis for processing

We process personal data based on:

  • Consent (upon account creation and consent to storage of health information)
  • Contract (to deliver the service)
  • Legitimate interest (for product improvement and security)
  • Legal obligation (e.g. requirements from authorities)

5. Your rights

You have the following rights under GDPR:

  • Access to own data
  • Correction of incorrect information
  • Restriction or deletion of data
  • Data portability
  • Withdrawal of consent at any time
  • Complaint to the Data Inspectorate

Contact us via [email protected] to exercise your rights.

6. Storage and deletion

  • Your data is stored as long as it is necessary for the purpose, or until you request deletion.
  • We follow the principle of privacy by design & default, and regularly assess the need for storage.
  • Training data is anonymized and can be used in further research and development.

7. Third-party providers and data processors

We use serious and GDPR-compliant providers for storage and technical operation. These include (for example):

  • Amazon Web Services (AWS)
  • Firebase / Google Cloud
  • Paral Dynamics (development partner)
  • Statistics tools (e.g. Google Analytics)

All data processors have signed data processor agreements with us.

8. International data transfer

Some of our subcontractors are based outside the EU/EEA. In such transfers, we ensure that the transfers take place in line with GDPR, either through standard agreements (SCC) or to approved third countries.

9. Cookies

We use cookies on the website to analyze traffic and improve the user experience. You can change or withdraw consent to cookies at any time in your browser.

10. Security

  • We use SSL encryption and secure login
  • Data is stored encrypted and access is limited
  • Regular security audits are conducted

11. Changes to the privacy policy

In case of significant changes, we will inform users clearly in the app and/or via email. Updated version is always published on our website.

12. Contact information

Data controller:

CoreCapacity AS

Org.no: 831 848 472

Address: Kristiansand Teknologipark, Andøyfaret 3, 4623 Kristiansand

Email: [email protected]

Website: www.corecapacity.com