Security

CoreID uses one-time codes sent to your email for authentication. We never store passwords. This eliminates password-related security risks like breaches, reuse, or weak passwords.

• Each sign-in requires a unique, time-limited code
• Codes expire after a short period
• Your email account remains your primary security layer

All data is encrypted both in transit and at rest:

• In Transit: TLS 1.3 for all communications
• At Rest: AES-256 encryption for stored data
• End-to-End: Sensitive data encrypted before storage

Our infrastructure follows security best practices:

• Hosted on secure, compliant cloud infrastructure
• Regular security audits and penetration testing
• Automated vulnerability scanning
• Strict access controls and monitoring
• Regular backups with encrypted storage

We collect only the data necessary to provide CoreID services. You control what information is shared:

• Emergency Card data is optional and user-controlled
• Linked app permissions are explicit and revocable
• You can delete your account and all data at any time

You can view and manage all active sessions:

• See where you're signed in
• Revoke access from any device or browser
• Sessions expire after periods of inactivity

We maintain an incident response plan and will:

• Notify affected users promptly if a security incident occurs
• Work to remediate issues quickly
• Provide transparent communication about impacts
• Learn and improve from incidents

While we secure CoreID, you play a crucial role:

• Protect your email account (use strong passwords and 2FA)
• Don't share your sign-in codes
• Review active sessions regularly
• Report suspicious activity immediately

We continuously improve our security practices. This page is updated to reflect current security measures.