Privacy & Data

What CorosLink stores locally, what it sends to third parties, and why.

CorosLink is local-first: there is no CorosLink cloud backend, and the app does not run its own servers or upload your files.

DataWhere it livesSent to
Music and downloadsLocal SQLite database + MP3 files in the Electron user data directoryNowhere
Spotify tokensLocal SQLite, after OAuthOnly Spotify
Google OAuth tokensLocal SQLite, after OAuthOnly the YouTube Data API (playlist reads)
YouTube Music / Apple Music headersLocal storageOnly the respective service, to read library metadata
Apple PodcastsNot stored — public catalogue and RSS requests onlyApple's public podcast endpoints
Map cacheA local folder you chooseCopied to the watch over USB only
OpenRouteServiceYour API key stored locallyOpenRouteService, when you generate a route
Training HubNot stored beyond sessionYour COROS email and password authenticate with COROS servers

Training Hub credentials:

Your COROS email and password are used to authenticate with COROS servers when you use Training Hub. Activity data is fetched on demand and not synced to any third-party service.

Rights to media:

Only download media you have the rights or permission to download.