Privacy & Information Security

Last updated: October 20, 2025

No ad tracking User data ownership Encryption in transit

While CoreMETRICS is a wellbeing product and not Software as a Medical Device, we treat your data with medical‑grade care. Most importantly: we will never track or even see a customer's personal health data.

We never see your data

CoreMETRICS does not collect, track, or access your personal biomarker data or private entries. Your information remains private to you and those you explicitly choose to share with.

No tracking, no ads

No ad-tech, fingerprinting, or cross‑site tracking in the app. We do not sell or monetise customer data.

Data ownership

You own your data. Sharing is opt‑in and purpose‑limited—for example, with a coach you select. Revoke access anytime.

Security by design

We follow industry best practices (least‑privilege access, auditability, encryption in transit, secure key handling) and align to frameworks such as SOC 2/ISO 27001.

What we don't collect

  • No ad tracking, fingerprinting, or cross‑site identifiers
  • No collection of biomarker results or private journal entries
  • No sale or monetization of customer data
  • No unnecessary personal information beyond what's required for service delivery
  • No behavioral profiling for advertising purposes

Data ownership & sharing

You own your data. Any sharing—such as with a trainer—is opt‑in, purpose‑limited, and revocable at any time.

  • All data sharing requires explicit user consent
  • Sharing permissions can be revoked at any time
  • Shared data is limited to what's necessary for the specific purpose
  • We provide clear controls for managing data access

Security measures

We follow industry best practices and are working toward alignment with frameworks like SOC 2 and ISO 27001:

  • Least‑privilege access controls
  • Comprehensive audit logging and monitoring
  • Encryption in transit and at rest
  • Secure key handling and management
  • Regular security assessments and updates
  • Employee security training and background checks

Cookies & analytics

We avoid ad‑tech completely. If we ever use privacy‑respecting analytics (aggregate‑only), they won't identify you or track you across sites. We'll clearly disclose any tools we use and provide opt-out mechanisms.

Legal compliance

We comply with applicable privacy laws and regulations:

  • GDPR compliance for European users
  • UK GDPR compliance for UK users
  • CCPA compliance for California residents
  • Regular privacy impact assessments

Your rights

You have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Delete your account and associated data
  • Export your data in a portable format
  • Object to processing of your data
  • Withdraw consent at any time

Contact & data protection

Questions about this policy or want to exercise your rights? Contact us at hello@coremetricslabs.com. We'll respond to all requests within 30 days or as required by applicable law.