Menu

Privacy Policy

Last update: 04/16/2026

At COR Health, your privacy is not just a promise — it’s a foundational principle of how we operate. We believe that your health data belongs to you, and we’re committed to protecting it with transparency, integrity, and industry-leading safeguards.

This policy explains, in plain language, exactly what we collect, how we use it, and the limited circumstances in which de-identified information derived from your use of our Services may be used to support health research and the development of improved health technology.

1. Overview

This Privacy Policy describes how COR Health Inc. (“COR”, “we”, “our”, or “us”) collects, uses, stores, and shares information when you use our website, mobile app, COR One™ device, or other services (collectively, the “Services”). By creating an account or using our Services, you agree to the practices described in this policy.

2. Information We Collect

We may collect the following categories of information:

a. Personal Information
Name, email address, shipping address, payment details, and any information you provide during account creation or purchase.

b. Health Data
Information generated by your use of the COR One™ device and app, including ESR measurement values, sedimentation process image sequences captured by the device during testing, lifestyle tags, notes, and self-reported behavioral inputs (such as diet, sleep, supplements, and exercise), test timestamps, usage trends, and any additional context you choose to record alongside a measurement.

c. Technical Data
Device type, IP address, browser type, operating system, and usage data collected via cookies or analytics tools.

d. Support Interactions
Messages or correspondence with our support team.

3. How We Use Your Information

We use the information we collect to:

  • Deliver and maintain our Services
  • Personalize your experience and the insights we present to you
  • Respond to support requests
  • Process transactions and fulfill orders
  • Analyze de-identified data to improve our Services, advance health research, and develop new products and features
  • Create de-identified datasets that may be used internally or shared with qualified research partners, clinical investigators, and developers of health technology, including artificial intelligence and machine learning systems, in order to advance the science of inflammation, personalized health, and human physiology

Section 5 explains how de-identified data is produced and used, and the rights you have to opt out.

4. How We Protect Your Personal Data

Your privacy matters to us. Here’s how we protect your personal data:

  • Encryption: All your information is encrypted both in transit and at rest using industry-standard protocols.
  • Secure Cloud Infrastructure: We use reputable cloud services that operate under HIPAA-aligned security controls to store and process your data.
  • We Do Not Sell Your Personal Information: We do not sell your personal information (as that term is defined under the CCPA and similar state laws), and we do not share your personally identifiable health data with third parties for their own marketing purposes.
  • Sharing With Care Partners Only With Your Permission: Any sharing of your identifiable health data with a clinician, wellness provider, or other care partner only happens with your explicit permission.
  • You’re in Control: You can delete your account and associated personal data at any time through your COR account or by contacting support@corhealth.com.

5. De-Identified Data, Research, and AI/ML Development

We believe the health insights generated through COR are more valuable when they can be safely and responsibly used to advance the broader understanding of human health. This section explains how we do that without compromising your privacy.

What “de-identified” means
Before any of your information is used outside of the context of providing you the Services — for example, for research, publication, or sharing with research partners or AI/ML developers — it is first de-identified. This means we remove or obscure information that could reasonably be used to identify you, applying standards consistent with the HIPAA Safe Harbor method (45 CFR § 164.514(b)(2)). Specifically, we remove:

  • Names
  • Email addresses, phone numbers, and physical addresses
  • Account identifiers and device serial numbers (replaced with random, non-reversible tokens)
  • Exact dates (converted to relative day offsets)
  • Geographic information more specific than a broad region
  • Any other direct or indirect identifier specified under HIPAA Safe Harbor

Where free-text notes are retained, they are reviewed and redacted to remove names, locations, clinicians, employers, or family members before external use.

How de-identified data may be used
Once data has been de-identified as described above, it may be:

  • Used internally to improve our products, train our own models, and develop new features
  • Aggregated with other de-identified data to produce statistical findings, published research, or summary reports
  • Shared with or licensed to qualified research institutions, clinical investigators, and developers of health technology — including companies developing artificial intelligence and machine learning systems — under agreements that prohibit any attempt to re-identify individuals

Image data
Image sequences captured during sedimentation testing are treated as health data. They are de-identified to the same standard as numerical measurements before any external use, including removal of any embedded metadata that could link an image to an individual.

Your choice
You can opt out of having your de-identified data included in external research datasets and third-party data sharing at any time by emailing privacy@corhealth.com or adjusting your preferences in your COR account. Opting out does not affect data already contained in datasets that have been shared or licensed before your request, because once data is de-identified and distributed it cannot be recalled; however, we will exclude your contributions from all future datasets and datasets we continue to maintain.

What never leaves
Your name, email, address, payment information, account credentials, and any direct identifiers are never included in a de-identified research dataset, are never sold, and are never licensed to third parties.

6. Your Rights and Choices

Depending on your location, you may have rights under privacy laws such as the California Consumer Privacy Act (CCPA/CPRA), the Washington My Health My Data Act, other U.S. state consumer health privacy laws, and the European Union’s General Data Protection Regulation (GDPR). These may include:

  • Right to know what personal information we collect and how it is used
  • Right to access your data
  • Right to correct inaccuracies
  • Right to delete your data
  • Right to opt out of the sale or sharing of personal information
  • Right to opt out of inclusion in de-identified research datasets (see Section 5)
  • Right to object to or restrict processing
  • Right to receive a copy of your data in a portable format
  • Right to withdraw consent where processing is based on consent

To exercise any of these rights, email privacy@corhealth.com. We will respond within the timeframes required by applicable law. We will not discriminate against you for exercising any of your privacy rights.

7. Consumer Health Data (Washington MHMDA and Similar Laws)

If you are a resident of Washington, Nevada, or another state with a consumer health data privacy law, you have additional rights with respect to information that constitutes “consumer health data” under those laws. This includes a right to know what consumer health data we collect, a right to withdraw consent to its collection and sharing, and a right to have it deleted.

We do not share, sell, or license your identifiable consumer health data without your explicit consent. Inclusion of de-identified data in research datasets, as described in Section 5, is conducted under the de-identification exemptions provided by those laws, and you may opt out of such inclusion at any time.

8. Cookies and Analytics

We use cookies and similar technologies to improve your experience and understand how our Services are used. You can manage cookie preferences in your browser settings.

9. Children’s Privacy

Our Services are not intended for children under 13 (or the age defined by your local law), and we do not knowingly collect information from them. If you believe a child has provided us personal information, contact us at privacy@corhealth.com and we will delete it.

10. Data Retention

We retain your personal information only as long as necessary to provide our Services and fulfill legal obligations. You may request deletion at any time. De-identified data, once created, no longer relates to an identifiable individual and may be retained indefinitely for research and product development purposes, subject to your right to opt out of future inclusion as described in Section 5.

11. Third-Party Services

We use third-party services (such as payment processors, e-commerce platforms, and cloud infrastructure providers) to operate the Services. Their use of your data is governed by their respective privacy policies and by data protection agreements we maintain with them.

12. International Transfers

If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States. Where required by law, we put appropriate safeguards in place to protect international transfers.

13. Policy Updates

We may revise this policy as our Services evolve. When we do, we will update the “Last update” date at the top and post the new policy on our website. For material changes — including any expansion of how de-identified data is used or shared — we will notify registered users by email and, where required by law, will request renewed consent before applying the change to your data.

14. Contact Us

If you have questions or concerns about your privacy or this policy, or if you wish to exercise any of your rights, contact us at:

COR Health Inc.
Email (general): hi@corhealth.com
Email (privacy requests and opt-outs): privacy@corhealth.com
504 South 4th St., Laramie, WY  82070

Shopping Cart (0)

No products in the shopping cart

Tax & Shipping calculated at checkout.