Legal Privacy Policy
Privacy Policy
This policy explains what personal data we collect when you use Codasc and the apps published under it, why we collect it, who we share it with, and the rights you have over it.
1. Who we are
Codasc is operated by CODASC SOFTWARE PUBLISHING, a sole proprietorship (“Codasc”, “we”, “us”). We are the data controller responsible for the personal data described here. For any privacy question or to exercise your rights, contact us at [email protected].
This policy covers the Codasc website (codasc.dev) and the apps we publish under one account, including Workout, Bike Fit and Outage Watch. Some apps collect additional data specific to what they do, described in Section 3.
2. Data we collect for every account
- Account details — your name, email address and a securely hashed password. We never store your password in readable form.
- Sign-in with Google (optional) — if you choose Google sign-in, we receive your name, email address and profile picture from Google. We do not receive your Google password.
- Authentication & security records — a session token (stored in a cookie) that keeps you signed in, plus security event logs (sign-ups, log-ins, password resets) used to protect your account and prevent abuse.
- Usage analytics — aggregate, privacy-respecting analytics about how the website is used (see our Cookie Policy).
- Support communications — if you email us, we keep your message and our reply.
3. Data collected by specific apps
Workout
Exercises, routines and the workout log entries you create (sets, reps, weight, duration, notes and similar fields). This is fitness data you choose to record; it stays in your account.
Bike Fit
Body measurements you enter (such as height, inseam, torso, arm and shoulder lengths), your stated flexibility, and the bike-fit results generated from them. These are estimates for your own use — see our Disclaimers.
Outage Watch
- Subscriptions — the areas, sources and keywords you choose to follow.
- Telegram link — when you connect Telegram, we store your Telegram chat ID (and public handle/name, if any) so we can deliver alerts to you.
- Phone number (SMS tier, where offered) — if you opt into SMS alerts, your phone number is stored encrypted at rest and used only to deliver alerts you requested.
- Outage advisories shown in the app are gathered from publicly-posted sources and are not personal data about you.
4. Why we use your data (and our legal bases)
- To create and operate your account and provide the app features you use (performance of our contract with you).
- To keep accounts secure and prevent fraud and abuse (our legitimate interests).
- To send you the alerts, verification and service emails you ask for (consent / contract).
- To process payments for paid features (contract — see Section 6).
- To understand and improve how our products are used, in aggregate (legitimate interests / consent for analytics cookies).
- To comply with our legal obligations.
5. When we share data
We do notsell your personal data. We share it only with the service providers (“sub-processors”) we rely on to run the service, and only as needed for them to perform their function on our behalf:
| Provider | Purpose | Location |
|---|---|---|
| Google (Analytics 4) | Aggregate, privacy-respecting usage analytics for codasc.dev. | United States / global |
| Google (Sign-in / OAuth) | Optional social sign-in; receives your name, email and avatar only when you choose Google. | United States / global |
| Telegram (Bot API) | Delivering Outage Watch alerts to the chat you link. | Global |
| Apify | Collecting publicly-posted outage advisories that power Outage Watch (no personal data sent). | United States / EU |
| OpenAI | Reading text from public outage-advisory images for Outage Watch (no account data sent). | United States |
| Email / SMTP provider | Sending transactional email (verification, password reset, notifications). | Varies by provider |
| Object storage (S3-compatible) | Storing files you upload, where an app offers uploads. | Varies by provider |
We may also disclose data where required by law, to enforce our terms, or to protect the rights, safety and property of our users or others. If the business is ever transferred, your data may transfer with it under this policy.
6. Payments
Where an app offers paid features, payments are handled by our payment provider. Your full card details are entered on the provider’s secure pages and are tokenized by them — we never receive or store your card number. We keep a record of the transaction (amount, status, and a payment reference) for accounting, support and dispute resolution.
7. How long we keep data
We keep your account data for as long as your account is active. When you delete your account, we delete or anonymize the personal data associated with it within a reasonable period, except where we must keep certain records longer — for example transaction records for tax and accounting, or security logs needed to prevent abuse. Backups are overwritten on a rolling basis.
8. Your rights
Under the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) — and, where they apply to you, equivalent laws such as the EU/UK GDPR — you have the right to:
- access the personal data we hold about you and ask for a copy;
- correct data that is inaccurate or out of date;
- erase your data (“right to be forgotten”), subject to the retention exceptions above;
- object to or restrict certain processing, and withdraw consent at any time;
- receive your data in a portable, machine-readable form; and
- lodge a complaint with a data-protection authority — in the Philippines, the National Privacy Commission (privacy.gov.ph).
To exercise any of these, email [email protected]. We may need to verify your identity first, and we respond within the time required by law.
9. Security
We protect your data with measures appropriate to its sensitivity — including encrypted connections (HTTPS), hashed passwords, encryption of sensitive fields such as SMS phone numbers, access controls, and isolation of each app’s data. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security, but we work to protect your information and to notify you and the authorities of a breach where the law requires.
10. International transfers
Some of our sub-processors operate outside your country (see Section 5). Where data is transferred internationally, we rely on appropriate safeguards and on the providers’ own compliance frameworks to protect it.
11. Children
Codasc is not directed to children. You must be at least 18 years old (or the age of majority where you live) to create an account. We do not knowingly collect data from children; if you believe a child has provided us data, contact us and we will delete it.
12. Changes to this policy
We may update this policy as our products and the law evolve. We will change the “last updated” date above and, for material changes, take reasonable steps to notify you. Continuing to use Codasc after a change means you accept the updated policy.
Questions about this document? Email [email protected].