Privacy Policy

Last updated: April 1, 2026

This Privacy Policy describes how Alexander Poletaev, sole proprietor ("Company", "we", "us", "our"), collects, uses, stores, and protects your personal data when you use Coresi OS ("Coresi", "the App", "the Service") — a Human Operational System for behavioral self-understanding.

We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

1. Data Controller

Data Controller: Alexander Poletaev (Individual Entrepreneur)
Email: hello@coresi.io
Website: https://coresi.io

For EU/EEA users, we are the data controller within the meaning of the GDPR.

2. What Data We Collect

2.1 Data You Provide Directly

• Account Data: Email address, name, password (stored in hashed form).
• Behavioral Wellbeing Data: Activities, thoughts, emotions, body sensations, impulses, self-assessments, approximate location, and personal notes.
• Day Summary Data: Daily reflections, key insights, overall day assessments.
• Goals Data: Personal goals, challenges, and role models.
• Payment Data: Subscription tier and purchase history. Payment processing is handled entirely by Apple/Google. We do not store credit card details.

2.2 Data Collected Automatically

• Device type, OS version, app version — for service delivery and debugging.
• Features used, session duration — for service improvement.
• Crash reports — for bug fixing.

2.3 Special Category Data (GDPR Article 9)

Coresi OS collects data about your emotions, physical sensations, impulses, and mental state. Under GDPR, this may constitute special category data. We process this data solely on the basis of your explicit consent (Article 9(2)(a) GDPR), which you provide during onboarding. You may withdraw consent at any time.

3. How We Use Your Data

• Provide the Service: Deliver Coresi OS features including reports, pattern detection, and recommendations.
• AI Analysis: Generate insights and detect behavioral patterns using AI processing.
• Pattern Alerts: Notify you of significant behavioral changes.
• Improve the Service: Using aggregated and anonymized data.
• Service Notifications: Essential communications about the service.

We NEVER:

• Sell your personal data to third parties.
• Use your data for advertising.
• Share your data with employers, insurers, or government entities (unless required by law).
• Train general AI models on your individual data.

4. AI Processing

Your data is processed by Anthropic (Claude) to generate reports and insights. Your data is sent encrypted, our agreement prohibits the provider from using your data for training, and data is not retained beyond the processing session (zero-retention API).

Automated outputs are advisory in nature and do not produce legal effects. You may request human review by contacting us.

5. Data Storage and Security

Storage: Supabase (PostgreSQL), US East (AWS).

Security: Encryption in transit (TLS 1.3) and at rest (AES-256), row-level security, hashed passwords, regular security reviews.

Retention: Account data until deletion + 30 days. Entry data until deleted by you. Usage analytics up to 24 months anonymized. Payment records up to 7 years per law.

6. Data Sharing

We share data only with: AI providers (Anthropic) under DPA, cloud infrastructure (Supabase) under DPA, payment processors (Apple, Google), and legal authorities when required by law.

7. International Transfers

Data may be transferred to the US. For EU/EEA users, we ensure protection through Standard Contractual Clauses, Data Processing Agreements, and encryption.

8. Your Rights

GDPR (EU/EEA): Access, correction, deletion, restriction, portability, objection, consent withdrawal. Response within 30 days.

CCPA (California): Know, delete, opt-out of sale (we do NOT sell data), non-discrimination, correction.

How to exercise: In the App (Settings → Privacy) or email hello@coresi.io.

9. Children's Privacy

Coresi OS is not intended for children under 16. We do not knowingly collect data from children.

10. Cookies

The Coresi OS mobile app does NOT use cookies. Our website uses only essential cookies.

11. Changes

We will notify you of material changes at least 30 days before they take effect.

12. Contact Us

Email: hello@coresi.io
Website: https://coresi.io
Company: Alexander Poletaev, Individual Entrepreneur