Corvis Web

Privacy Policy

Effective date: 1 December 2025

This Privacy Policy explains how Corvis ("we", "us", "our") collects, uses and protects your personal data when you use:

  • the Corvis mobile applications (iOS and Android), and
  • the Corvis website: https://corvisapp.com

(collectively, the "Service").

We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

1. Who we are

  • Controller: Corvis
  • Country: Belgium
  • Contact email for privacy matters: corvis.app@gmail.com
  • Website: https://corvisapp.com

Corvis is the data controller for the personal data processed through the Service. We use Google Firebase as a cloud service provider and backend. For most Firebase services, Google acts as a data processor/service provider under specific data processing and security terms.

2. What the Service does

Corvis allows gyms and coaches to create training programs, assign them to their clients, and track the clients' workout sessions and progress over time. Clients log their workouts and optionally their body weight and other fitness objectives so that they and their coach can follow their progress.

3. Personal data we collect

3.1 Data you provide directly

When you create an account (client or coach):

  • Email address
  • Password (hashed and stored by Firebase Authentication)
  • Name
  • Date of birth
  • Gym / training objectives

When you use the app:

  • Workout data: exercises, sets, reps, weight, duration, perceived effort, notes, etc.
  • Progress data: body weight entries, personal records, and other performance metrics you choose to log.
  • Gym/coach information: if you are a coach or gym, we may store your gym name, contact details and information about the training programs you create.

3.2 Data collected automatically (usage & device data)

When you use the app or website, certain data is collected automatically through Firebase Analytics and related Firebase services, such as:

  • Device information (model, operating system, app version)
  • General location based on IP address (country or region, not precise GPS)
  • Usage data (screens you view, buttons you tap, session duration, crash reports, performance data)
  • Identifiers such as Firebase installation IDs or instance IDs

This data helps us understand how the app is used and improve stability and performance.

3.3 Data visible to gyms and coaches

If you are a client linked to a gym or coach on Corvis, the following data is visible to your coach/gym within their Corvis account:

  • Your name and email
  • Your training objectives
  • Your assigned training programs
  • Your logged workouts and performance metrics
  • Your logged body weight and similar fitness progress data

We do not share your data with coaches or gyms that you are not linked to.

4. Why we process your data (purposes & legal bases)

Under the GDPR, we must have a legal basis for processing your data. For Corvis, we mainly rely on:

1. Performance of a contract (Art. 6(1)(b) GDPR)

  • To create and manage your account
  • To allow you to log workouts and track progress
  • To allow coaches/gyms to assign programs and view their clients' performance
  • To provide customer support

2. Legitimate interests (Art. 6(1)(f) GDPR)

  • To maintain and improve the Service (analytics, crash reports, debugging)
  • To prevent fraud or misuse
  • To secure our systems and data

3. Consent (Art. 6(1)(a) GDPR)

  • Where we present you with specific choices (e.g. optional communications or certain analytics/cookie settings on the website)
  • When you create an account, you confirm that you have read and accept this Privacy Policy.

4. Legal obligations (Art. 6(1)(c) GDPR)

  • To comply with applicable laws, court orders, or requests from competent authorities.

5. How we use your data

We use personal data for the following purposes:

  • To register and authenticate users
  • To create and manage links between clients, gyms and coaches
  • To generate and display workout histories, statistics and progress over time
  • To show coaches how their clients are performing based on logged data
  • To send necessary service communications (e.g. onboarding information, password reset emails)
  • To analyze usage and improve features using Firebase Analytics
  • To detect and fix bugs or crashes (e.g. via Firebase Crashlytics)
  • To protect the security and integrity of the Service

We do not currently use advertising networks to show targeted ads inside the app.

6. Data storage locations & international transfers

6.1 Firebase infrastructure

We use Google Firebase, which runs on Google Cloud Platform. Cloud Firestore and other databases can be configured to use EU-based regions, meaning the main database storage is located in European data centers.

However, some Firebase services (such as Firebase Authentication, Hosting and some Analytics processing) are only run from specific or global data centers, and their data may be processed in the United States or other countries where Google operates infrastructure.

6.2 GDPR safeguards

When Firebase processes personal data as our processor, the processing is governed by Google's Data Processing and Security Terms and related privacy commitments, which include standard contractual clauses and other safeguards for international data transfers under GDPR.

By using the Service, your data may therefore be transferred to and processed in countries outside the EU/EEA. We take steps to ensure that such transfers comply with applicable data protection laws and that adequate protections are in place.

7. Data retention

We keep personal data only as long as necessary for the purposes described in this policy, or as required by law.

In practice:

  • Account data (email, name, birth date, objectives): kept while your account is active.
  • Workout and progress data: kept while your account is active so you and your coach can view your history.
  • If you delete your account or request deletion: we delete or irreversibly anonymize your personal data within a reasonable period (subject to any legal obligations to keep certain records).
  • Analytics data: retained according to Firebase / Google Analytics retention settings, after which only aggregated data is kept.

We may keep anonymized or aggregated statistics (which no longer identify you) for longer to improve our Service.

8. How we protect your data

We rely on Google Cloud/Firebase's security measures, which include:

  • Encryption of data in transit using HTTPS/TLS
  • Encryption of stored data at rest in Google's data centers
  • Access controls, logging and monitoring as described in Google's security documentation

In addition, we:

  • Restrict access to personal data to authorised personnel and service providers who need it for their tasks
  • Use authentication and authorisation rules in Firebase to ensure that only the right users and coaches can access the relevant data
  • Regularly review our security rules and configurations

No system can be 100% secure, but we work to protect your data against accidental or unlawful destruction, loss, alteration, and unauthorised disclosure or access.

9. Sharing of personal data

We do not sell your personal data. We share it only in the following situations:

1. Within the Corvis ecosystem

  • Coaches and gyms can see the performance and progress data of their clients, as described above.
  • Clients can see their own data.

2. Service providers (processors)

  • Google Firebase and related Google Cloud services (database, authentication, analytics, crash reporting, hosting).
  • Other IT or cloud providers we might use for logging, monitoring or communication (if any). These providers only process data on our behalf and under our instructions.

3. Legal or compliance reasons

  • If required by law, regulation, legal process, or government request
  • To protect the rights, property or safety of Corvis, our users or others
  • To investigate suspected fraud or security issues

4. Business transfers

  • If we are involved in a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction, subject to this Privacy Policy or a substantially similar one.

We will only share the minimum data necessary and, where required, we will use contracts to ensure appropriate protections are in place.

10. Your rights under GDPR

If you reside in the EU/EEA, you have the following rights regarding your personal data:

  • Right of access – to obtain confirmation whether we process your data and to receive a copy.
  • Right to rectification – to have inaccurate data corrected and incomplete data completed.
  • Right to erasure ("right to be forgotten") – to have your personal data deleted in certain circumstances.
  • Right to restriction of processing – to limit how we use your data in specific cases.
  • Right to data portability – to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.
  • Right to object – to object at any time to processing based on our legitimate interests, including certain types of profiling.
  • Right to withdraw consent – where processing is based on consent, you can withdraw it at any time (this does not affect processing done before withdrawal).

You can exercise many of these rights directly in the app (for example, viewing, editing or deleting certain data, and deleting your account). For any request, you can also contact us at:

Email: corvis.app@gmail.com

Please clearly indicate which right you wish to exercise and provide enough information to identify your account.

Right to lodge a complaint

If you believe your rights have not been respected, you also have the right to lodge a complaint with your local data protection authority. In Belgium, this is the Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit):

Data Protection Authority

Rue de la Presse 35, 1000 Brussels, Belgium

Website: https://www.dataprotectionauthority.be

Email: contact@apd-gba.be

11. Children's privacy

Our Service is designed for adults and is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16.

  • If you are under 16, you should only use Corvis with the permission of your parent or legal guardian and according to applicable local law.
  • If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete that information.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in the Service, in our data practices, or in applicable laws.

  • When we make material changes, we will notify you in the app, for example through a pop-up notification or similar, and/or update the "Effective date" at the top of this page.
  • We encourage you to review this Privacy Policy periodically.

13. Contact us

If you have any questions, concerns, or requests about this Privacy Policy or our data practices, you can contact us at:

Corvis

Email: corvis.app@gmail.com

Website: https://corvisapp.com