Privacy Policy

Last updated: April 22, 2026

1. Who we are

Corpus Health (“Corpus”, “we”, “us”) operates the Corpus personal health intelligence platform. If you have questions about this policy, email privacy@mycorpus.life.

2. What we collect

We collect only the information you give us or authorize your devices to send us:

  • Health data you connect: signals from wearables, health apps, continuous monitors, and files (e.g., Apple Health exports, lab PDFs).
  • Subjective entries: notes, events, and tags you log through the Corpus app.
  • Account information: the email address and profile details you provide when joining.
  • Session and device information: browser type, operating system, IP address (we store only a salted hash of the IP, never the raw IP), and a minimal cookie set required to keep you signed in.

We do not collect data from third parties, data brokers, or ad networks.

3. How we use it

  • To produce the personalized AI analysis and insights that are the core of the service.
  • To enable the physicians, coaches, and physiologists matched to your engagement to review your data and meet with you.
  • To keep the service running: account management, service notifications, security monitoring.
  • We do not use your health data to train general-purpose AI models, and we do not sell it.

4. Who sees it

  • You.
  • The experts matched to your engagement. Their access is scoped to your account and is logged.
  • Corpus personnel who need access to operate the service (engineering, support), under confidentiality obligations.
  • Processors we rely on to run the service (see §5). No other third parties.

5. Processors

We use a limited set of service providers under data-processing agreements:

  • Anthropic: for AI analysis (processed under Anthropic’s enterprise data-processing terms; no training on your data).
  • Cloud infrastructure providers: for hosting the database and application.
  • Email delivery: for transactional notifications (e.g., session reminders).

We review processors periodically and will update this list if it changes materially.

6. Security

  • All data is transmitted over TLS.
  • Databases are encrypted at rest.
  • Access is scoped to least privilege and audit-logged.
  • Nightly encrypted backups are retained for disaster recovery.
  • Corpus is not a HIPAA-covered entity, and the service is not sold as a HIPAA-compliant product today. See the Terms for the medical scope of the service.

7. Retention

We keep your data for as long as your Corpus engagement is active, plus a 90-day grace period after termination so you can re-engage without re-onboarding. After the grace period, we delete or anonymize it unless a legal obligation requires otherwise.

8. Your rights

You can at any time:

  • Access: export the full dataset we hold about you.
  • Correct: ask us to fix inaccuracies.
  • Delete: request deletion of your data; we will confirm once complete.
  • Withdraw consent: disconnect any connected source; the previously ingested data is preserved or deleted at your direction.
  • Object or restrict: contact us if you want to limit how we process your data.

Email privacy@mycorpus.life to exercise any of these. We respond within 30 days.

9. Children

Corpus is intended for adults (18+). We do not knowingly collect data from children. If you believe we have, contact privacy@mycorpus.life and we will delete it.

10. Changes to this policy

We will update this page and revise the “Last updated” date at the top. Material changes will be communicated by email to active members at least 14 days before taking effect.

11. Contact

Questions or requests about this policy: privacy@mycorpus.life.