Privacy Policy

Last updated: April 14, 2026

Summary: We collect minimal data necessary to provide our service. We don't sell your data to third parties. Your conversations with AI models are processed but not stored permanently.

1. Information We Collect

When you use CoreAI, we collect the following types of information:

Account Information: Email address for account verification and communication.
Device Information: Device identifier for app functionality and usage tracking.
Usage Data: Information about how you use our service, including prompts sent and features accessed.
Payment Information: Processed securely through our payment partners (Apple App Store, Google Play Store). We don't store your payment details.

2. How We Use Your Information

We use the collected information to:

Provide and maintain our AI services
Process your subscription and payments
Send important service updates and notifications
Improve our services and develop new features
Prevent fraud and ensure security
Comply with legal obligations

3. AI Conversations

When you interact with AI models through CoreAI:

Your prompts are sent to third-party AI providers (OpenAI, Anthropic, Google, OpenRouter, etc.) for processing. We act solely as a proxy — we do not read, review, or analyze the content of your conversations.
We do not use your prompts or AI responses to train any AI model. Our upstream providers are accessed via their paid API tiers, which by their policies do not train on API inputs.
AI providers may have their own data retention policies. We recommend reviewing their privacy policies (OpenAI, Anthropic, Google).
Generated images and videos may be temporarily cached for delivery purposes.

Do not share sensitive information in prompts. Avoid sending passwords, financial account numbers, government IDs, protected health information (PHI), or other sensitive personal data to the AI. Once sent, content is processed by third-party AI providers outside our control.

4. Data Sharing

We share the minimum information necessary with the following categories of service providers, each bound by contract to use the data only to perform services for us:

AI Service Providers: To process your requests (OpenRouter, OpenAI, Anthropic, Google).
Payment Processors: Apple App Store, Google Play, and RevenueCat handle subscription billing. We never see or store your payment card details.
Analytics Services: Mixpanel receives anonymized, aggregated usage metrics that cannot identify you.
Legal Authorities: Only when required by valid legal process or to protect our rights, users, or public safety.

We do not sell or share your personal information as those terms are defined by the California Consumer Privacy Act (CCPA/CPRA). We do not rent, trade, or disclose your personal information to third parties for their own marketing or advertising purposes. We have never sold personal information and do not intend to.

5. Data Security & Account Isolation

We implement industry-standard security measures to protect your data:

All data transmitted is encrypted using TLS/SSL.
Strict account isolation: you can only access data belonging to your own account. Authentication tokens and database row-level security enforce this boundary — no other user, including other CoreAI users on the same device, can access your chat history, images, or account details.
Access to production systems is limited to authorized personnel on a need-to-know basis.
Regular security reviews and dependency updates.

6. Your Rights (GDPR, CCPA & Others)

Depending on your location, you have the following rights over your personal data:

Right of access (GDPR Art. 15 / CCPA §1798.110): request a copy of the personal data we hold about you.
Right to rectification (GDPR Art. 16): request correction of inaccurate data.
Right to erasure (GDPR Art. 17 / CCPA §1798.105): delete your account and all associated data at any time, directly in the app or by email request.
Right to restrict or object to processing (GDPR Arts. 18, 21).
Right to data portability (GDPR Art. 20): receive your data in a machine-readable format.
Right to withdraw consent at any time where processing is based on consent.
Right to non-discrimination (CCPA §1798.125): we will not deny service or charge different prices for exercising your rights.
Right to lodge a complaint with your local data protection supervisory authority.

To exercise these rights, use the in-app deletion flow or contact us at [email protected]. We respond within 30 days.

“Do Not Sell or Share My Personal Information”: We do not sell or share personal information, so no opt-out mechanism is required. If this ever changes, we will update this policy and provide a clear opt-out link.

6a. Health Information & HIPAA Disclaimer

CoreAI is a general-purpose consumer AI tool and is NOT HIPAA-compliant. It is not intended for, and must not be used to, store, transmit, or process Protected Health Information (PHI) as defined by the U.S. Health Insurance Portability and Accountability Act. We are not a covered entity or business associate, and we do not sign Business Associate Agreements (BAAs).

Do not share medical records, diagnoses, prescriptions, mental health details, or any other health information through the app. AI responses are not medical advice — always consult a licensed healthcare professional.

7. Data Retention

We retain your data only for as long as necessary to provide the service and meet legal obligations. Specific retention periods are:

Account information (email, device ID, authentication tokens): retained while your account is active. Deleted within 30 days of account deletion.
Chat conversations & message history: stored while your account is active so you can access your history. Deleted immediately when you delete a conversation, or within 30 days of account deletion.
Generated images & videos: retained while your account is active. Deleted within 30 days of account deletion.
Usage logs (API requests, token counts): retained for up to 90 days for debugging and abuse prevention, then automatically purged.
Subscription & payment records: anonymized financial records retained up to 7 years for legal and tax compliance.
Backup systems: deleted data may persist in encrypted backups for up to 90 days before being permanently purged.
Analytics data: anonymized and cannot be linked back to you; retained indefinitely in aggregated form.

You can delete your account at any time through the app (see Section 8 below).

8. How to Delete Your Data

You have the right to delete your data at any time. You can do this directly within the CoreAI app:

Open the CoreAI app
Go to Settings → Account → Delete Account
Confirm the deletion when prompted

Alternatively, you can request account and data deletion by emailing [email protected] from the email address associated with your account. We will process the request within 30 days.

What gets deleted:

Account information (email, device ID, authentication tokens)
All chat conversations and message history
Generated images and videos
App preferences and settings
Cloud synced data
Usage statistics and history

Data retention after deletion:

Immediate: Your account will be deactivated and local data removed
Within 30 days: All personal data will be permanently deleted from our active systems
Up to 90 days: Data may remain in backup systems before being permanently purged
Up to 7 years: Anonymized financial records may be retained for legal compliance

Third-party services: Some data may also be stored with third-party services (RevenueCat for subscriptions, Mixpanel for analytics, Apple/Google for purchases). This data is subject to their respective data retention policies. Analytics data is anonymized and cannot identify you.

For questions about account deletion, contact us at [email protected]

9. Children's Privacy

CoreAI is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, please contact us:

Email: [email protected]
Website: ask-coreai.com