Data Practices

Your health data,
handled with care.

We built Corro to answer your health questions, not to profit from your data. Here's exactly what we collect, how we protect it, and what you control.

Transparency

What we collect

Corro reads the following categories of data from Apple Health, with your explicit permission:

  • Workout metrics Duration, distance, calories, and heart rate for each workout — used to answer training load and progress questions.
  • Steps & activity Daily step count, active energy, and stand hours — used to assess overall movement patterns.
  • Heart rate & HRV Resting heart rate, average HR, and heart rate variability — used to assess cardiovascular fitness and recovery.
  • VO₂ Max Cardiorespiratory fitness estimate from Apple — used to contextualize aerobic performance questions.
  • Sleep analysis Sleep duration and stage breakdown — used to answer sleep quality and recovery questions.
  • Body metrics Weight, body fat percentage, and BMI — used to track body composition trends when asked.
  • Blood pressure & glucose If recorded in Apple Health — used to provide context when you ask about cardiovascular or metabolic health.
  • Nutrition Calories, macros (protein, carbs, fat), and water intake — used to answer nutrition and fueling questions.

We only request what we actually use. You can revoke any category at any time in iOS Settings → Health → Corro.

Security

How we protect it

Your health data is stored in a PostgreSQL database on Supabase, hosted on AWS US infrastructure. Every table has Row Level Security (RLS) enabled — a Postgres feature that enforces, at the database level, that every query can only return rows where user_id = your ID. No Corro employee can query your rows without bypassing that constraint.

All data is transmitted over TLS. Corro has no internal analytics tools connected to health tables — no dashboards, no data exports, no employee access to individual health records.

Why name the infrastructure? Vague claims like "industry-standard security" are unfalsifiable. Naming Supabase and AWS means you can independently verify their security certifications (SOC 2 Type II, ISO 27001) and hold us accountable if we change providers.

AI processing

What goes to the AI

When you ask Corro a question, an anonymized summary of your health metrics is assembled and sent to an AI language model (OpenAI GPT-4o by default) to generate a response. This summary:

  • Contains aggregated health statistics (e.g. "avg resting HR: 58 bpm over last 30 days")
  • Uses your first name for personalization (e.g. "Based on your data, Joe…")
  • Does not include your Apple ID email, date of birth, or any raw identifiers
  • Does not include specific timestamps or location data

OpenAI's API data usage policy applies to data sent to GPT-4o. OpenAI does not use API inputs to train their models. You can review their policy at openai.com/policies/api-data-usage-policies.

Control

Your controls

Delete all your data Settings → Data & Privacy → Delete My Account. This permanently removes every health record, chat message, and profile row associated with your account from Corro's servers. No archives. No backups retained.
Revoke Apple Health access iOS Settings → Health → Corro → toggle off any or all data categories. Corro will stop reading that data at next sync.
Export your data Want a copy of everything Corro holds about you? Email privacy@askcorro.com and we'll send you a machine-readable export within 5 business days.

Commitments

What we never do

  • Sell your health data to any third party
  • Share your data with advertisers or data brokers
  • Build advertising profiles from your health metrics
  • Use your data to train AI models
  • Retain your data after you request deletion
  • Access your health rows without your explicit consent

Questions about your data?

We're a small team and we respond to every privacy inquiry personally.

privacy@askcorro.com