Privacy Policy
1. Overview
Kora Training ("Kora", "we", "our") builds a triathlon training app for iPhone and Apple Watch. This Privacy Policy explains what data we collect, how we use it, and the choices you have. We wrote it to be short, honest, and easy to read.
2. Data we collect
2.1 Account data
- Email address (from Apple Sign-In or Google Sign-In)
- Name and avatar image URL (provided by your sign-in provider, optional)
2.2 Profile and training data
- Body weight and age (self-reported, used for zone math)
- Sport preferences and weekly hour availability
- Threshold values for swim, bike, and run
- Workout completion history (planned and actual durations, distances, averages)
- Race goals and target dates
2.3 Health data (Apple HealthKit)
With your permission, Kora reads the following from Apple Health on your device:
- Heart rate (resting and workout)
- Heart rate variability (HRV)
- VO₂ max
- Workout records for running, cycling, and swimming — including activity type, duration, distance, and the source app
With your permission, Kora writes the following to Apple Health:
- Completed strength and mobility sessions (cardio workouts are NOT written, since your Watch already recorded them)
2.4 Device and app metrics
- App version, iOS version, device model
- Crash reports (no personal data in crash payloads)
3. How we use data
- To personalize your training plan week-over-week
- To match workouts completed on your Watch to the correct day in your plan
- To show you your zones, thresholds, and progress
- To diagnose crashes and bugs
4. Health data specifics
Kora does not use health or fitness data for advertising.We do not sell, rent, or share health data with advertisers, ad networks, data brokers, or any third party for marketing purposes. Health data is not used to train machine-learning models. Health data is not stored in iCloud. You can revoke Kora's access to Health at any time in iOS Settings → Privacy & Security → Health → Kora Training.
5. Third parties
Kora relies on the following service providers. Each has its own privacy policy linked below.
- Supabase — database, authentication, file storage. Data stored in US data centers. Policy
- Apple Sign-In — authentication. Policy
- Google Sign-In — authentication. Policy
- Apple HealthKit — stored on your device, transmitted only when you choose to sync.
- Expo / EAS Updates — over-the-air app updates and crash reporting. Policy
- Vercel — hosts this website and its web analytics (cookieless, aggregate). Policy
- Resend — sends transactional email from kora.training addresses. Policy
We confirm each of these providers maintains privacy protections at least as strong as this policy for the data we share with them.
6. Data retention and deletion
We retain your account and training data for as long as your account is active. When you request account deletion (in-app or via kora.training/account/delete), we delete account-identifiable data within 30 days. Aggregate, anonymized workout analytics may be retained beyond that for product improvement.
7. Your rights
You can, at any time:
- Revoke Kora's access to Apple Health in iOS Settings
- Delete your account — in-app, or via the web form above
- Request a copy of your data by emailing support@kora.training
If you are in the EU, UK, or California, you additionally have the right to object to processing, to portability, and to lodge a complaint with your supervisory authority.
8. Children
Kora is not directed at children under 13 and we do not knowingly collect data from them.
9. International users
Kora stores data in the United States. By using Kora you consent to this transfer. EU users retain their GDPR rights as described above.
10. Changes
If we update this policy, we will change the effective date at the top and notify you in-app for material changes before they take effect.
11. Contact
Questions about this policy: support@kora.training.