Privacy Policy

At CoreID, we believe privacy is a fundamental right. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

You are in control. We designed CoreID so that you decide what information to share, with whom, and for how long.

We collect only the information necessary to provide CoreID services:

• Account Information: Email address (for sign-in codes), optional display name
• Emergency Card Data: Information you choose to include (allergies, medical conditions, emergency contacts)
• Linked Apps Data: Only what you explicitly consent to share with connected services
• Technical Data: IP address, device information, session data (for security and service delivery)

We use your data solely to:

• Provide and maintain CoreID services
• Send you one-time sign-in codes (no passwords stored)
• Enable Emergency Card functionality when you choose to activate it
• Facilitate connections to linked apps (with your explicit consent)
• Ensure security and prevent fraud
• Comply with legal obligations

We do not sell your data. We do not share it with third parties except as you explicitly authorize (linked apps) or as required by law.

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Delete your CoreID account and all associated data
• Portability: Export your data in a machine-readable format
• Withdraw Consent: Revoke access to linked apps at any time
• Object: Object to certain processing of your data

To exercise these rights, contact us at privacy@coreid.app.

We implement industry-standard security measures including encryption at rest and in transit, secure authentication, and regular security audits. However, no method of transmission over the internet is 100% secure.

We retain your data only as long as necessary to provide services or as required by law. When you delete your account, we permanently delete your data within 30 days, except where retention is required for legal compliance.

If you are located outside the European Economic Area (EEA), please note that we may transfer your data to servers located in the EEA or other jurisdictions with adequate data protection laws.