Privacy Policy

Last updated: April 2, 2026

Data Controller

The data controller is m12k GmbH, Seligerstrasse 47, 89537 Giengen, Germany. For any privacy-related questions, contact m@maakle.com.

What We Collect

We collect the following data to provide personalized fitness coaching:

  • Account information: name, phone number, Telegram chat ID, locale, timezone
  • Body data (optional): weight, height, age, gender
  • Fitness data: workout type, name, duration, distance, heart rate, calories, and timestamps synced from Strava
  • Meal data: photos you send for analysis, along with estimated calories and macronutrients
  • Chat messages: messages exchanged with Cody via Telegram for coaching purposes

How We Use Your Data

  • Generate personalized coaching messages, check-ins, and workout feedback
  • Analyze meal photos to estimate calories and macronutrients
  • Track workout activity and progress toward your goals
  • Send scheduled reminders and coaching messages via Telegram

AI Processing

Cody uses AI (powered by Anthropic's Claude) to generate coaching messages and analyze meal photos. When you log a workout or send a meal photo, relevant data (e.g., workout type, duration, distance, or meal image) is sent to Anthropic's API for processing. Only the data needed for coaching is shared โ€” not your full profile or raw API data. Anthropic does not use this data to train their models.

Strava Data

When you connect Strava, we access your activity data (workouts) via the Strava API with your explicit OAuth consent. This data is used solely for tracking your fitness progress and generating coaching feedback. When you disconnect Strava or delete your account, we revoke API access and delete all synced workout data. If you revoke access from Strava's side, we are notified via webhook and clear your connection automatically.

Third-Party Services

  • Strava โ€” fitness data sync (OAuth-authorized, activity:read_all scope)
  • Anthropic (Claude) โ€” AI-powered coaching message generation and meal photo analysis
  • Telegram โ€” messaging platform for coaching interactions
  • Railway โ€” hosting infrastructure (EU region) for database, API, and file storage

Data Storage & Security

Your data is stored in a PostgreSQL database hosted on Railway. Meal images are stored in S3-compatible storage. All data is transmitted over HTTPS. We apply commercially reasonable security measures to protect your data from unauthorized access.

Data Retention

Your data is retained for as long as your account is active. When you delete your account, all personal data is permanently removed โ€” including your profile, workout history, meal data, chat history, and stored images. Strava access is revoked and all synced data is deleted.

Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access โ€” request a copy of the personal data we hold about you
  • Rectification โ€” correct inaccurate or incomplete data
  • Erasure โ€” request deletion of your data (you can also delete your account directly from the app)
  • Portability โ€” receive your data in a structured, machine-readable format
  • Restriction โ€” request that we limit processing of your data
  • Objection โ€” object to processing of your data

To exercise any of these rights, contact m@maakle.com. We will respond within 30 days.

Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you via Telegram or email. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact

For any questions about this privacy policy or your data, contact m12k GmbH at m@maakle.com.