Privacy Policy

Effective Date: March 13, 2026 | 한국어로 보기

ABSquad Inc. ("we", "our", "us") operates lifeGmap, an AI-driven running coaching service. This Privacy Policy explains how we collect, use, and protect your personal data, including our obligations under the EU General Data Protection Regulation (GDPR) and South Korea's Personal Information Protection Act (PIPA).

1. Data Controller

Company: ABSquad Inc.

Representative: Jaehyun Shin (CEO)

Contact: jh.shin@ab-squad.com

2. Data We Collect

When you connect lifeGmap to your Garmin account, we collect:

Activity Data: GPS tracks, distance, pace, cadence, power
Health Data: Heart rate, HRV (Heart Rate Variability), sleep metrics
Account Info: Email address, basic identifiers for synchronization
Usage Logs: IP address, cookies, in-app behavior logs

3. Purposes & Lawful Basis (GDPR Art. 6 & Art. 9)

We process your data under the following lawful bases:

Purpose	Lawful Basis
AI injury risk analysis and personalized coaching	Contract performance (Art. 6(1)(b)) + Explicit consent for health data (Art. 9(2)(a))
Training load optimization and recovery suggestions	Contract performance (Art. 6(1)(b))
Service improvement and AI model enhancement	Legitimate interests (Art. 6(1)(f)), with opt-out available
Legal compliance	Legal obligation (Art. 6(1)(c))

4. Third-Party Sharing

We do not sell your data. We share data only with trusted sub-processors necessary to operate the service:

Anthropic, PBC — AI inference processing
Oracle Cloud — Infrastructure and data storage
Garmin — Data source integration

All sub-processors are bound by data processing agreements and may not use your data for their own purposes.

5. Data Retention & Deletion

We retain your data only as long as necessary:

Account and health data: deleted within 30 days of account deletion or Garmin disconnection
Access logs: 3 months (legal obligation)
Transaction records: 5 years (where applicable under law)

To request deletion, email jh.shin@ab-squad.com.

6. Your Rights

Depending on your location, you may have the following rights:

Access: Request a copy of your data
Rectification: Correct inaccurate data
Erasure: Request deletion ("right to be forgotten")
Restriction: Limit how we use your data
Portability: Receive your data in a machine-readable format
Objection: Object to processing based on legitimate interests
Withdraw consent: At any time, without affecting prior processing

EU/EEA users may also lodge a complaint with their local Data Protection Authority. A list of EU DPAs is available at edpb.europa.eu.

7. Cookies

We use cookies to maintain session state and improve service quality. You may disable cookies via your browser settings; doing so may limit certain features. We do not use cookies for advertising.

8. Security

We protect your data using SSL/TLS encryption, strict access controls, and minimal data handling practices. In the event of a data breach affecting your rights, we will notify you within 72 hours as required by GDPR.

9. International Transfers

Your data may be processed in South Korea and the United States (Oracle Cloud infrastructure). For transfers from the EU/EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Changes to This Policy

We may update this policy as our services evolve. We will notify you at least 7 days before material changes take effect via the app or websi