Privacy Policy

1. Overview

This Privacy Policy explains how Corsa (“we”, “us”, or “our”) collects, uses, and protects your personal data when you use our service at corsa.app. We are committed to protecting your privacy and handling your data transparently.

Controller responsible for data processing:

Marko Jankovic
Kantstr. 59
10627 Berlin, Germany
Email: support@corsa.app

2. Data We Collect

2.1 Account Data

• Email address: Used for account creation, login, and communication.
• Password: Stored securely using hashing.
• Profile information: Optional data you provide to enhance your profile.

2.2 Health and Fitness Data

• Health data: Information you provide about your health, fitness, and wellness.
• Fitness data: Data related to your physical activities, workouts, and progress.
• Workout data: Completed workout data imported from platforms like Strava, Garmin, or Coros, which may include details such as running pace, heart rate, cadence, and workout duration.
• Data sharing: This data may be shared anonymously with our LLM (Large Language Model) partner to provide personalized plans, coaching, and analytics.

2.3 Chat Data

• Chat messages: Conversations you have with our AI coach, including questions, answers, and feedback.
• Data retention: Chat data is stored to improve service quality and user experience.

2.4 Technical Data

• API keys: Encrypted keys used to connect to third-party services such as Strava, Garmin, and Coros.
• Log data: Information automatically collected about your interactions with our service, such as IP address, browser type, and access times.
• Usage statistics: Aggregated data about how you use our service to help us improve functionality and user experience.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Contract fulfillment (Article 6(1)(b) GDPR)
• Legal obligations (Article 6(1)(c) GDPR)
• Legitimate interests (Article 6(1)(f) GDPR)
• Your consent (Article 6(1)(a) GDPR)

4. Data Sharing

We share your data with:

• OpenAI: for processing personalized plans, coaching, analytics, and chat interactions.
• Cloud infrastructure providers: To securely store and manage data, ensuring high availability and reliability of our services.
• Third-party service providers: To facilitate functionality, such as payment processing and data storage.

5. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes.

6. Your Rights

Under GDPR, you have the following rights:

• Right to access your data
• Right to rectification
• Right to erasure (“right to be forgotten”)
• Right to restrict processing
• Right to data portability
• Right to object
• Right to withdraw consent

To exercise these rights, please contact us at support@corsa.app

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. This includes encryption, secure storage, and regular security assessments.

8. International Data Transfers

Some of our service providers may process your data outside the EU/EEA. We ensure adequate safeguards through standard contractual clauses and appropriate security measures.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the effective date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: support@corsa.app

Last updated: July 21, 2025