Summary: We collect minimal data necessary to provide our service. We don't sell your data to third parties. Your conversations with AI models are processed but not stored permanently.
1. Information We Collect
When you use CoreAI, we collect the following types of information:
Account Information: Email address for account verification and communication.
Device Information: Device identifier for app functionality and usage tracking.
Usage Data: Information about how you use our service, including prompts sent and features accessed.
Payment Information: Processed securely through our payment partners (Apple App Store, Google Play Store). We don't store your payment details.
2. How We Use Your Information
We use the collected information to:
Provide and maintain our AI services
Process your subscription and payments
Send important service updates and notifications
Improve our services and develop new features
Prevent fraud and ensure security
Comply with legal obligations
3. AI Conversations
When you interact with AI models through CoreAI:
Your prompts are sent to third-party AI providers (OpenAI, Anthropic, Google, OpenRouter, etc.) for processing. We act solely as a proxy — we do not read, review, or analyze the content of your conversations.
We do not use your prompts or AI responses to train any AI model. Our upstream providers are accessed via their paid API tiers, which by their policies do not train on API inputs.
AI providers may have their own data retention policies. We recommend reviewing their privacy policies (OpenAI, Anthropic, Google).
Generated images and videos may be temporarily cached for delivery purposes.
Do not share sensitive information in prompts. Avoid sending passwords, financial account numbers, government IDs, protected health information (PHI), or other sensitive personal data to the AI. Once sent, content is processed by third-party AI providers outside our control.
4. Data Sharing
We share the minimum information necessary with the following categories of service providers, each bound by contract to use the data only to perform services for us:
AI Service Providers: To process your requests (OpenRouter, OpenAI, Anthropic, Google).
Payment Processors: Apple App Store, Google Play, and RevenueCat handle subscription billing. We never see or store your payment card details.
Legal Authorities: Only when required by valid legal process or to protect our rights, users, or public safety.
We do not sell or share your personal information as those terms are defined by the California Consumer Privacy Act (CCPA/CPRA). We do not rent, trade, or disclose your personal information to third parties for their own marketing or advertising purposes. We have never sold personal information and do not intend to.
5. Data Security & Account Isolation
We implement industry-standard security measures to protect your data:
All data transmitted is encrypted using TLS/SSL.
Strict account isolation: you can only access data belonging to your own account. Authentication tokens and database row-level security enforce this boundary — no other user, including other CoreAI users on the same device, can access your chat history, images, or account details.
Access to production systems is limited to authorized personnel on a need-to-know basis.
Regular security reviews and dependency updates.
6. Your Rights (GDPR, CCPA & Others)
Depending on your location, you have the following rights over your personal data:
Right of access (GDPR Art. 15 / CCPA §1798.110): request a copy of the personal data we hold about you.
Right to rectification (GDPR Art. 16): request correction of inaccurate data.
Right to erasure (GDPR Art. 17 / CCPA §1798.105): delete your account and all associated data at any time, directly in the app or by email request.
Right to restrict or object to processing (GDPR Arts. 18, 21).
Right to data portability (GDPR Art. 20): receive your data in a machine-readable format.
Right to withdraw consent at any time where processing is based on consent.
Right to non-discrimination (CCPA §1798.125): we will not deny service or charge different prices for exercising your rights.
Right to lodge a complaint with your local data protection supervisory authority.
To exercise these rights, use the in-app deletion flow or contact us at [email protected]. We respond within 30 days.
"Do Not Sell or Share My Personal Information": We do not sell or share personal information, so no opt-out mechanism is required. If this ever changes, we will update this policy and provide a clear opt-out link.
6a. Health Information & HIPAA Disclaimer
CoreAI is a general-purpose consumer AI tool and is NOT HIPAA-compliant. It is not intended for, and must not be used to, store, transmit, or process Protected Health Information (PHI) as defined by the U.S. Health Insurance Portability and Accountability Act. We are not a covered entity or business associate, and we do not sign Business Associate Agreements (BAAs).
Do not share medical records, diagnoses, prescriptions, mental health details, or any other health information through the app. AI responses are not medical advice — always consult a licensed healthcare professional.
7. Data Retention
We retain your data only for as long as necessary to provide the service and meet legal obligations. Specific retention periods are:
Account information (email, device ID, authentication tokens): retained while your account is active. Deleted within 30 days of account deletion.
Chat conversations & message history: stored while your account is active so you can access your history. Deleted immediately when you delete a conversation, or within 30 days of account deletion.
Generated images & videos: retained while your account is active. Deleted within 30 days of account deletion.
Usage logs (API requests, token counts): retained for up to 90 days for debugging and abuse prevention, then automatically purged.
Subscription & payment records: anonymized financial records retained up to 7 years for legal and tax compliance.
Backup systems: deleted data may persist in encrypted backups for up to 90 days before being permanently purged.
Analytics data: anonymized and cannot be linked back to you; retained indefinitely in aggregated form.
You can delete your account at any time through the app (see Section 8 below).
8. How to Delete Your Data
You have the right to delete your data at any time. You can do this directly within the CoreAI app:
Open the CoreAI app
Go to Settings → Account → Delete Account
Confirm the deletion when prompted
Alternatively, you can request account and data deletion by emailing [email protected] from the email address associated with your account. We will process the request within 30 days.
What gets deleted:
Account information (email, device ID, authentication tokens)
All chat conversations and message history
Generated images and videos
App preferences and settings
Cloud-synced data
Usage statistics and history
Deletion timeline:
Immediate: Account deactivated; local data removed from the device.
Within 30 days: All personal data permanently deleted from our active production systems.
Up to 90 days: Data may remain in encrypted backup systems before being permanently purged.
Up to 7 years: Anonymized financial records may be retained for legal and tax compliance.
Third-party services: Some data may also be stored with third-party processors (RevenueCat for subscriptions, Mixpanel for anonymized analytics, Apple/Google for purchases). This data is subject to their respective retention policies. We will instruct these processors to delete your data where applicable upon your deletion request.
9. Children's Privacy
CoreAI is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.
11. Contact Us
If you have questions about this Privacy Policy, please contact us: