Privacy Policy
Last Updated: March 20, 2026
Welcome to CoRegulateAI ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.
1. Information We Collect
1.1 Personal Information
When you create an account, we collect:
- Email address - Used for account authentication and communication
- Password - Encrypted and securely stored
- Display name (optional) - For personalization
1.2 Wellness Data
As you use the app, we collect:
- Mood entries - Your recorded moods and emotional states
- Journal entries - Any notes or reflections you choose to record
- Chat conversations - Your interactions with our AI wellness coach
- Activity data - Timestamps and frequency of app usage
- Wellness preferences - Your selected wellness goals and preferences
1.3 Technical Information
We automatically collect certain technical information:
- Device information - Device type, operating system version
- Usage analytics - App performance metrics and crash reports
- IP address - For security and authentication purposes
2. How We Use Your Information
We use the collected information for the following purposes:
- Provide Services - To operate and maintain the CoRegulateAI app
- Personalization - To customize your wellness experience and AI coach responses
- Analytics - To generate insights about your wellness journey
- Improvement - To improve our app features and user experience
- Communication - To send important updates about your account or our services
- Security - To protect against fraud, abuse, and security threats
3. Data Storage and Security
3.1 Data Storage
Your data is stored securely using:
- Database encryption - All sensitive data is encrypted at rest
- Secure servers - Hosted on Railway.app with enterprise-grade security
- HTTPS/TLS - All data transmission is encrypted in transit
3.2 Security Measures
- Password hashing using industry-standard bcrypt algorithm
- JWT token-based authentication
- Regular security audits and updates
- Access controls and monitoring
3.3 Data Retention
We retain your data for as long as your account is active. You may request deletion of your account and data at any time.
4. Third-Party AI Service (OpenAI)
Important: AI Data Sharing Disclosure
CoRegulateAI uses OpenAI's API to power our AI Wellness Coach feature.
What Data We Share with OpenAI:
- Your messages - The text you type in AI coach conversations
- Emotional context - Your current emotional state if provided
- Conversation history - Recent messages (up to 10 exchanges) for context
What We Do NOT Share with OpenAI:
- Your email address or name
- Your account password
- Your exact location
- Your payment information
Your Consent:
Before using the AI Wellness Coach, you will be asked to explicitly consent to this data sharing. You can use all other features of the app without sharing data with OpenAI.
How OpenAI Handles Your Data:
- Data is transmitted securely via HTTPS encryption
- OpenAI processes your data according to their API data usage policies
- OpenAI does not use API data to train their models (as of March 2023)
- Learn more: OpenAI Privacy Policy
- API data usage: OpenAI API Data Usage Policy
5. Other Third-Party Services
5.1 Hosting Services
- Railway.app - Backend API hosting
- Vercel - Web application hosting
5.2 Error Monitoring (Sentry)
We use Sentry for error monitoring and crash reporting to improve app stability:
- Automatically collects crash reports and error logs
- May include device information, app state, and stack traces
- Does not collect personal wellness data or mood entries
- Learn more: Sentry Privacy Policy
5.3 In-App Purchases (RevenueCat)
We use RevenueCat to process in-app purchases and manage subscriptions:
- Processes subscription purchases through Apple App Store
- Stores anonymous purchase history and subscription status
- Does not have access to your payment details (handled by Apple)
- Learn more: RevenueCat Privacy Policy
6. Data Sharing and Disclosure
We do not sell your personal information.
We may share your information only in these limited circumstances:
- With your consent - When you explicitly authorize sharing (e.g., AI coach feature)
- Legal requirements - When required by law or to protect rights and safety
- Service providers - With trusted partners who help operate our services (under strict confidentiality agreements)
- Business transfers - In connection with a merger, acquisition, or sale of assets
7. Your Rights and Choices
You have the following rights regarding your data:
7.1 Access and Portability
- View all your personal data within the app
- Request a copy of your data in a portable format
7.2 Correction and Update
- Update your profile information at any time
- Correct inaccurate data
7.3 Deletion
- Delete your account and all associated data
- Delete specific entries or conversations
7.4 Opt-Out
- Opt out of promotional communications
- Disable certain data collection features
- Revoke AI data sharing consent in Settings → Privacy
To exercise these rights, contact us at the email address below.
8. Children's Privacy
CoRegulateAI is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.
9. International Users
Your information may be transferred to and processed in countries other than your own. By using CoRegulateAI, you consent to the transfer of your information to the United States and other countries where our servers are located.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy in the app
- Updating the "Last Updated" date
- Sending an email notification (for significant changes)
Your continued use of CoRegulateAI after changes constitutes acceptance of the updated policy.
10. Important Disclaimers
10.1 Not Medical Advice
CoRegulateAI is not a substitute for professional medical or mental health care. Our AI coach provides general wellness guidance and support, not medical diagnosis or treatment. If you are experiencing a mental health crisis, please contact:
- Emergency Services - 911 (US) or your local emergency number
- National Suicide Prevention Lifeline - 988 (US)
- Crisis Text Line - Text HOME to 741741
10.2 Data Security Limitations
While we implement robust security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.
10.3 Health Breach Notification
FTC Health Breach Notification
CoRegulateAI collects wellness and health-related information as described in this policy. In accordance with the FTC Health Breach Notification Rule (16 CFR Part 318), we will notify you in the event of a security breach involving your health-related data:
What Constitutes a Breach:
- Unauthorized acquisition of identifiable health information
- Unauthorized access to mood, wellness, or emotional data
- Security incidents affecting AI chat conversation data
How We Will Notify You:
- Email notification - Sent to your registered email address
- In-app notification - Alert displayed upon app login
- Website notice - Posted on our website if warranted
Notification Timeline:
- We will notify affected users within 60 calendar days of discovering a breach
- Notification includes: description of breach, types of data involved, steps we're taking, steps you can take, and contact information
Regulatory Notifications:
If a breach affects 500 or more individuals, we will also notify:
- The Federal Trade Commission (FTC)
- Prominent media outlets in affected states (as required by law)
11. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to know what personal information is collected
- Right to know if personal information is sold or shared
- Right to opt-out of sale of personal information (we do not sell data)
- Right to deletion of personal information
- Right to non-discrimination for exercising CCPA rights
12. European Privacy Rights (GDPR)
If you are in the European Economic Area, you have rights under the General Data Protection Regulation:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
Effective Date: February 18, 2026
Version: 1.2
This privacy policy governs your use of the CoRegulateAI mobile application and related services.