CoreOS is built on the principle that your health data belongs to you. We collect only what we need to make the app work, we never sell your data, and we give you full control over what you share with us.
Overview
This Privacy Policy explains how CoreOS ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use the CoreOS mobile application and related services.
By using CoreOS, you agree to the collection and use of information in accordance with this policy. This Privacy Policy is incorporated by reference into our Terms & Conditions.
We are committed to complying with applicable privacy laws including the California Consumer Privacy Act (CCPA) and, where applicable, the General Data Protection Regulation (GDPR).
Data We Collect
We collect the following categories of information to provide and improve CoreOS:
Information you provide
- Name and email address (via Sign in with Apple or account creation)
- Body metrics — height, weight, age, and target weight entered during onboarding
- Health and fitness goals you select
- Dietary preferences and meal logging information
- Sleep schedule preferences
- Workout frequency and gym access information
Information collected automatically
- App usage data — features used, screens viewed, session duration
- Device information — device model, OS version, unique device identifiers
- Crash reports and performance diagnostics
- Subscription and purchase history
Information from third-party integrations
- Apple Health data — steps, heart rate, sleep, workouts (only with your explicit permission)
- Apple Sign-In — name and email from your Apple ID (only what you choose to share)
| Data Type | Purpose | Stored |
|---|---|---|
| Body metrics | Calculate personalized calorie, protein, and sleep targets | Encrypted on our servers |
| Food photos | AI nutrition analysis | Processed and deleted — not retained |
| Location | Gym auto-detection | Not stored — processed on-device |
| Apple Health | Workout, sleep, and activity sync | On-device, not uploaded to our servers |
| Usage analytics | Improve features and fix bugs | Aggregated, anonymized |
How We Use Your Data
We use the information we collect for the following purposes:
- Personalization — to generate your sleep plan, workout split, and nutrition targets based on your specific inputs
- AI coaching — to adapt your plan over time based on your progress, consistency, and feedback
- Service delivery — to operate the app, process subscriptions, and provide customer support
- Notifications — to send reminders, coaching nudges, alarm alerts, and billing notifications
- Improvement — to analyze usage patterns, fix bugs, and develop new features
- Legal compliance — to comply with applicable laws and enforce our Terms
We do not use your data for advertising. We do not build advertising profiles. We do not share your personal data with advertisers.
Health Data
CoreOS handles health and fitness data with the highest level of care. Health data includes body metrics, sleep information, workout records, nutrition logs, and any data synced from Apple Health.
We never sell health data. Health data is never shared with third parties for marketing, advertising, or any purpose unrelated to delivering the CoreOS service to you.
Apple Health data is accessed only with your explicit permission through Apple's HealthKit framework. You can revoke this access at any time through iOS Settings → Privacy & Security → Health → CoreOS.
Body metrics and goal data entered during onboarding are stored encrypted on our servers and used solely to generate and maintain your personalized plan. You can delete this data at any time by deleting your account.
Location Data
CoreOS requests access to your location to power the automatic gym detection and check-in feature. When enabled, the app uses geofencing to detect when you arrive at a gym location you have set up.
Location data is processed on-device and is not uploaded to or stored on our servers. We do not track your location continuously. Location is accessed only when the app is actively monitoring a gym geofence you have configured.
You can disable location access at any time through iOS Settings → Privacy & Security → Location Services → CoreOS. Disabling location will turn off the automatic gym check-in feature but will not affect other app functionality.
Camera & Photos
CoreOS requests camera access to power the AI food scanning feature. When you scan a meal, the image is sent to our AI processing service to identify the food and estimate nutritional information.
Food photos are processed and immediately deleted. We do not store, retain, or use food photos for any purpose other than generating the nutritional analysis returned to you.
We do not access your photo library. Camera access is only used when you actively initiate a food scan. You can disable camera access at any time through iOS Settings → Privacy & Security → Camera → CoreOS.
Data Sharing
We do not sell your personal information. We share data only in the following limited circumstances:
- Service providers — trusted third-party vendors who help us operate CoreOS (e.g., cloud hosting, analytics, payment processing). These providers are contractually bound to protect your data and may not use it for their own purposes.
- Apple — subscription and payment processing is handled by Apple through the App Store. Apple's privacy policy governs their data practices.
- Legal requirements — we may disclose information if required to do so by law, court order, or governmental authority.
- Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is subject to a different privacy policy.
We do not share personal health data with employers, insurance companies, advertisers, or data brokers under any circumstances.
Data Retention
We retain your personal data for as long as your account is active or as needed to provide you with the Service. Specifically:
- Account and profile data is retained until you delete your account
- Food scan photos are deleted immediately after processing
- Location data is not retained on our servers
- Workout and nutrition logs are retained to power your progress tracking and are deleted when your account is deleted
- Anonymized, aggregated usage data may be retained indefinitely for product improvement purposes
When you delete your account, we will delete your personal data within 30 days, except where retention is required by law.
Security
We implement industry-standard security measures to protect your data including encryption in transit (TLS) and at rest, access controls limiting who within CoreOS can access personal data, regular security audits, and secure authentication via Sign in with Apple.
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at security@coreos.app.
Children's Privacy
CoreOS is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from anyone under 18.
If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we may have information about a child, please contact us at privacy@coreos.app.
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Correction — request that we correct inaccurate or incomplete data
- Deletion — request that we delete your personal data (right to be forgotten)
- Portability — request your data in a machine-readable format
- Objection — object to certain types of processing of your data
- Restriction — request that we restrict processing of your data in certain circumstances
- Withdraw consent — withdraw previously granted consent at any time
To exercise any of these rights, contact us at privacy@coreos.app. We will respond to all requests within 30 days. We may need to verify your identity before processing your request.
California Residents (CCPA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):
- The right to know what personal information we collect and how it is used
- The right to delete personal information we have collected from you
- The right to opt out of the sale of your personal information — we do not sell personal information
- The right to non-discrimination for exercising your privacy rights
To submit a CCPA request, contact us at privacy@coreos.app with the subject line "CCPA Request." We will respond within 45 days.
International Users
CoreOS is operated from the United States. If you are accessing CoreOS from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your data on the basis of legitimate interests, contract performance, and where required, your explicit consent. You have the right to lodge a complaint with your local data protection authority.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via in-app notification or email at least 14 days before the changes take effect.
We encourage you to review this policy periodically. Continued use of CoreOS after changes take effect constitutes your acceptance of the updated policy.
Contact
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Privacy — privacy@coreos.app
- Security — security@coreos.app
- General — legal@coreos.app
We aim to respond to all privacy-related inquiries within 5 business days.
Also see our Terms & Conditions for the full legal agreement governing your use of CoreOS.