CoreTell Privacy Policy

How we protect your health data with transparency

Last updated: January 15, 2024

Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Data Sharing and Disclosure
  4. Data Security
  5. Your Rights and Choices
  6. Children's Privacy
  7. International Data Transfers
  8. Changes to Privacy Policy
  9. Contact Information

1 Information We Collect

CoreTell is designed to help you track and understand your health while maintaining the highest standards of privacy and security. We collect only the information necessary to provide our health tracking and AI insight services.

Account Information

  • Email Address: For account creation, authentication, and important health-related communications
  • Name: To personalize your experience (optional)
  • Date of Birth: For age-appropriate health insights and recommendations
  • Authentication Data: Secure tokens for app access and account verification

Health Data You Input

  • Symptom Logs: Symptoms, severity ratings, duration, notes, and associated photos
  • Wellness Metrics: Mood, energy levels, stress ratings, and custom health metrics
  • Manual Health Data: Blood pressure, weight, medication logs, and other manually entered health information
  • Health Goals: Personal health objectives and tracking preferences
  • Notes and Observations: Personal health insights and observations you choose to record

HealthKit Data (With Your Permission)

  • Activity Data: Steps, exercise minutes, active calories, distance walked
  • Vital Signs: Heart rate, heart rate variability, blood pressure, respiratory rate
  • Sleep Data: Sleep duration, sleep stages, time in bed
  • Body Measurements: Weight, BMI, body fat percentage
  • Nutrition Data: Calories consumed, water intake, nutritional information
  • Mindfulness Data: Meditation sessions, mindful minutes

Device Information and Usage Analytics

  • Device Information: Device type, operating system version, app version
  • Usage Patterns: Features used, session duration, frequency of use
  • Performance Data: Crash reports, error logs, app performance metrics
  • Interaction Data: Which insights you view, features you access, settings preferences

Your Health Data Stays Yours

All health data you enter or grant access to through HealthKit remains under your complete control. We process this data solely to provide you with personalized health insights and never use it for advertising or marketing purposes.

2 How We Use Your Information

We use your information exclusively to provide, improve, and secure CoreTell's health tracking and AI insight services.

Provide App Functionality and Insights

  • Generate personalized health insights and pattern recognition
  • Create trend visualizations and health analytics
  • Provide AI-powered recommendations with transparent logic chains
  • Sync and organize your health data across devices
  • Generate PDF health reports for sharing with healthcare providers

Improve AI Recommendations

  • Train and refine our machine learning models using anonymized, aggregated data
  • Improve pattern recognition accuracy for health correlations
  • Enhance the quality and relevance of health insights
  • Develop new health tracking features based on user needs

Customer Support

  • Respond to your questions and provide technical assistance
  • Help troubleshoot app issues and data syncing problems
  • Provide guidance on using CoreTell's features effectively
  • Address account-related concerns and subscription issues

App Performance Analytics

  • Monitor app performance and identify technical issues
  • Understand which features are most valuable to users
  • Optimize app speed and reliability
  • Plan future feature development based on usage patterns

Transparent AI Processing

Our AI systems process your health data to identify patterns and provide insights. All AI processing includes transparent logic chains that show exactly how conclusions are reached, giving you full visibility into our analytical process.

3 Data Sharing and Disclosure

Your health data is private and personal. We do not sell your personal health information and only share data in very limited circumstances with your explicit consent.

We Do Not Sell Personal Health Data

CoreTell never sells, rents, or trades your personal health information to third parties for any purpose. Your health data is not a product - it's private information that belongs to you.

Healthcare Provider Sharing (With Your Explicit Consent)

  • PDF Reports: You can generate and share comprehensive health reports with your healthcare providers
  • User-Controlled: All sharing is initiated and controlled entirely by you
  • Selective Sharing: Choose exactly which data to include in shared reports
  • No Automatic Sharing: We never automatically share your data with healthcare providers

Aggregated, Anonymized Research Data (Opt-In Only)

  • Completely Anonymous: Data is aggregated and anonymized so it cannot be linked back to you
  • Opt-In Only: You must explicitly choose to contribute to health research
  • Research Purpose: Contribute to advancing health technology and understanding
  • No Personal Identifiers: No names, emails, or other identifying information is included
  • Easy Opt-Out: You can withdraw from research participation at any time

Legal Compliance When Required

  • We may disclose information if required by law, court order, or government regulation
  • We will notify you of such requests unless legally prohibited from doing so
  • We challenge overly broad requests and seek to minimize disclosure
  • Emergency situations where disclosure may prevent serious harm

Service Providers

We work with trusted service providers who help us operate CoreTell:

Service Provider Purpose Data Access
Firebase (Google) Secure data storage and authentication Encrypted health data, account information
Apple App Store Subscription payment processing Purchase receipts only
Analytics Services App performance monitoring Anonymized usage data only

Your Data Never Leaves Your Control

Even when working with service providers, your health data remains encrypted and under your control. Service providers cannot access your raw health information and are bound by strict data protection agreements.

4 Data Security

We implement multiple layers of security to protect your health data, using medical-grade encryption and security practices.

AES-256 Encryption

  • End-to-End Encryption: Your data is encrypted on your device before transmission
  • At Rest Encryption: All stored data uses AES-256 encryption with unique keys
  • In Transit Protection: TLS 1.3 encryption for all data transmission
  • Key Management: Secure key rotation and management practices

Secure Cloud Storage with Firebase

  • Google Cloud Security: Data stored in SOC 2 Type II compliant data centers
  • Access Controls: Strict role-based access controls and authentication
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Backup Protection: Encrypted backups with geographic redundancy

Regular Security Audits

  • Third-Party Security Assessments: Regular independent security audits
  • Penetration Testing: Quarterly testing to identify vulnerabilities
  • Code Reviews: Comprehensive security code reviews for all updates
  • Compliance Monitoring: Ongoing monitoring for security best practices

Biometric App Lock Options

  • Face ID/Touch ID: Optional biometric authentication for app access
  • Passcode Protection: Alternative passcode-based app locking
  • Auto-Lock: Automatic app locking after periods of inactivity
  • Local Processing: Sensitive operations processed locally on your device when possible

Data Minimization and Local Processing

  • AI insights are processed locally on your device whenever possible
  • We collect only the minimum data necessary for functionality
  • Temporary data is automatically deleted after processing
  • Photos and sensitive data are stored with additional encryption layers

Medical-Grade Security Standards

CoreTell's security practices meet or exceed medical industry standards, including HIPAA-equivalent protections, even though we are not a covered entity. Your health data deserves the highest level of protection.

5 Your Rights and Choices

You have complete control over your health data and privacy settings in CoreTell.

Data Access and Export

  • View All Data: Access all personal information stored in your account
  • Export Health Data: Download your health data in standard formats (CSV, PDF)
  • Data Portability: Transfer your data to other health apps or services
  • Insight History: Access all AI insights and recommendations generated for you

Account Deletion

  • Complete Deletion: Permanently delete your account and all associated data
  • Selective Deletion: Delete specific types of data while keeping your account
  • Immediate Effect: Account deletion takes effect immediately
  • 30-Day Guarantee: All data permanently removed from our systems within 30 days

HealthKit Permission Management

  • Granular Control: Choose exactly which HealthKit data types to share
  • Easy Revocation: Remove HealthKit permissions anytime in iOS Settings
  • Read-Only Access: CoreTell only reads from HealthKit, never writes data
  • Automatic Sync Stop: Data syncing stops immediately when permissions are revoked

Analytics Opt-Out

  • Usage Analytics: Disable app usage analytics in Settings → Privacy
  • AI Improvement: Opt out of contributing anonymized data to AI model improvements
  • Research Participation: Control participation in health research studies
  • Marketing Communications: Manage email preferences and notifications

Regional Privacy Rights

Depending on your location, you may have additional rights:

  • GDPR (EU): Right to data portability, rectification, and erasure
  • CCPA (California): Right to know, delete, and opt-out of data sales
  • Other Regional Laws: We comply with applicable local privacy regulations

Exercise Your Rights

To exercise any of these rights or for privacy-related questions:

Email: privacy@coretell.app

In-App: Settings → Privacy → Manage Data Rights

Response Time: We respond to privacy requests within 30 days

6 Children's Privacy

CoreTell is designed for users aged 13 and older. We take children's privacy seriously and comply with applicable children's privacy laws.

Age Requirement (13+)

  • CoreTell requires users to be at least 13 years old
  • Age verification is part of the account creation process
  • Users under 18 should have parental guidance when tracking health data
  • We recommend family discussion about health privacy for minor users

No Collection from Children Under 13

  • We do not knowingly collect personal information from children under 13
  • If we discover we have collected information from a child under 13, we will delete it immediately
  • Parents can contact us to review or delete their child's information

Parental Rights

  • Parents can request access to their minor child's data
  • Parents can request deletion of their child's account
  • Parents can contact us with privacy concerns regarding minor users

Health Privacy Education

We encourage families to discuss health privacy and the importance of protecting personal health information. CoreTell can be a tool for teaching responsible health data management to teenagers.

7 International Data Transfers

CoreTell operates globally while maintaining strong data protection standards regardless of where your data is processed.

Data Storage Locations

  • Primary Storage: United States (Google Cloud Platform)
  • Backup Storage: Multiple geographic regions for redundancy
  • Local Processing: On-device processing when possible to minimize data transfer

International Transfer Protections

  • Adequate Protection: All transfers include appropriate safeguards
  • Standard Contractual Clauses: EU-approved data transfer mechanisms
  • Encryption in Transit: All international transfers use end-to-end encryption
  • Limited Transfers: Only necessary data is transferred internationally

Regional Compliance

  • GDPR compliance for European users
  • Privacy Act compliance for Australian users
  • PIPEDA compliance for Canadian users
  • Local data protection law compliance as applicable

8 Changes to Privacy Policy

We may update this privacy policy periodically to reflect changes in our practices, technology, or legal requirements.

Notification of Changes

  • Material Changes: 30-day advance notice via email and in-app notification
  • Minor Updates: Notice in the app and updated "Last Updated" date
  • Emergency Changes: Immediate notification for security-related updates

What Constitutes Material Changes

  • Changes to data collection practices
  • New uses of health data
  • Changes to data sharing policies
  • Modifications to security practices
  • Changes to user rights and controls

Your Options

  • Continue Using: Acceptance of changes by continued app use
  • Delete Account: Remove your account if you disagree with changes
  • Export Data: Download your data before making a decision

9 Contact Information

We're committed to transparency and are here to answer any questions about your privacy and data protection.

Privacy Team

Email: privacy@coretell.app

Subject Line: "Privacy Policy Question"

Response Time: Within 48 hours for general questions

Formal Requests: Within 30 days for data access/deletion requests

Data Protection Officer

Email: dpo@coretell.app

Purpose: GDPR and formal privacy compliance matters

Availability: For European users and formal privacy inquiries

For general support questions about CoreTell's features and functionality, please visit our Support Center or contact support@coretell.app.

Security Concerns

If you discover a security vulnerability or have urgent security concerns, please contact us immediately at security@coretell.app. We take all security reports seriously and respond promptly to protect user data.