Privacy Policy

Last updated: February 27, 2026

Zero-Knowledge Architecture

Your journal entries are encrypted on-device before transmission. The platform cannot access your data — even under legal compulsion. You maintain exclusive key control.

The Short Version

Entries are encrypted with AES-256-GCM using keys derived from your recovery phrase via Argon2id
All AI processing happens on-device — including on-device language models and voice transcription. Your thoughts never touch our servers
We can't read your data — zero-knowledge means zero access
No ads, no tracking, no selling data — ever
You can delete everything at any time

Information We Collect

Information You Provide

Email address (optional) — For account recovery communication and purchase receipts
Payment information — Processed by your platform's payment system; we never see your card details

iOS (App Store)

Purchases are processed by Apple via In-App Purchase. Manage or cancel subscriptions at any time in Settings → Apple ID → Subscriptions. Refunds are handled by Apple at reportaproblem.apple.com.

Android (Google Play)

Purchases are processed by Google via Google Play Billing. Manage or cancel subscriptions in the Google Play app. Refunds are handled by Google Play.

Information We Never Collect

Your journal entries (encrypted, we can't read them)
Your recovery phrase or PIN
Voice recordings (processed on-device via Whisper, never uploaded)
Health data (stays on your device — see Health Data section below)
AI analysis results or reflection session conversations (language models run entirely on-device)
Sentiment, emotion, or mood data (computed locally on your device)
Your location or contacts

Anonymous Analytics (Optional)

If you opt-in, we collect anonymous usage metrics to improve the app:

App opens, feature usage patterns
Crash reports (no personal data included)
Device type and OS version

You can disable analytics entirely in Settings.

Health Data

CortexOS can optionally read health data from your device to generate correlations with your journal entries. This data is read-only, never transmitted off your device, and used solely within the app to surface personal wellness insights.

iOS (App Store)

CortexOS reads sleep duration, step count, and heart rate variability from Apple HealthKit. Revoke access at any time in iOS Settings → Privacy & Security → Health. No HealthKit data is ever uploaded to our servers.

Android (Google Play)

CortexOS reads sleep and activity data from Google Health Connect. Revoke access at any time in Android Settings → Health Connect → App Permissions. No Health Connect data is ever uploaded to our servers.

How We Protect Your Data

Encryption

AES-256-GCM encryption for all journal content, with 12-byte IV and 128-bit authentication tags
Argon2id key derivation from your recovery phrase + PIN (64MB memory, 3 iterations, 4 parallel lanes)
Unique encryption keys per user — we never store your keys
Canary verification system to detect unauthorized key access

iOS (App Store)

Encryption keys are protected using the iOS Secure Enclave and Keychain for hardware-backed key storage.

Android (Google Play)

Encryption keys are protected using the Android Keystore and hardware security module integration.

On-Device AI Processing

All AI analysis runs locally on your device. Your journal entries are never sent to a server for analysis.

iOS (App Store)

Apple's Natural Language framework and Neural Engine for sentiment analysis, emotion detection, and theme recognition — entirely on-device
On-device language models for guided reflection, pattern analysis, and insights — no cloud API calls
Whisper voice transcription runs entirely on your device — audio is never uploaded

Android (Google Play)

TensorFlow Lite models for sentiment analysis, emotion detection, cognitive distortion alerts, and personalized adaptation — all on-device
Llama 3.2 LLM (1B or 3B parameters) for guided reflection sessions, summaries, and pattern analysis — no cloud API calls
Whisper voice transcription runs entirely on your device — audio is never uploaded
USE-Lite embeddings (512-dimensional) for semantic similarity and throwback matching — computed locally

Cloud Vault (Optional)

If you enable the zero-knowledge cloud vault, your data is encrypted client-side with your derived keys before upload. Our servers only store encrypted blobs. We cannot decrypt your cloud backup — only your recovery phrase + PIN can unlock it. You can disable backup and delete cloud data at any time.

Notification Intelligence

CortexOS uses a smart notification system that prioritizes important alerts and respects quiet hours. All notification decisions are made on-device. We do not track or collect notification interaction data.

Third-Party Services

None of these services have access to your decrypted journal content, AI analysis results, or encryption keys.

All Platforms

Firebase (Google) — Anonymous analytics and crash reporting only (if opted-in). Cloud sync for encrypted vault data
RevenueCat — Subscription receipt validation only

iOS (App Store)

Apple In-App Purchase / StoreKit — Payment processing and subscription management
Apple HealthKit — Health data access controlled entirely by you. Data is read-only on-device; we never upload it

Android (Google Play)

Google Play Billing — Payment processing and subscription management
Google Health Connect — Health data access controlled entirely by you. Data is read-only on-device; we never upload it

Your Rights

Access — Export all your data anytime (Settings → Export)
Delete — Permanently delete all data (Settings → Danger Zone)
Portability — Your exports are in standard JSON format
Opt-out — Disable analytics, notifications, and cloud features independently

Children's Privacy

CortexOS is not intended for users under 13. We do not knowingly collect data from children.

Mental Health Disclaimer

CortexOS is a personal journaling tool, not a mental health service, therapy platform, or crisis intervention tool. It is not a substitute for professional mental health care. If you are in crisis, please contact the 988 Suicide & Crisis Lifeline (call or text 988 in the US) or your local emergency services.

Changes to This Policy

We may update this policy occasionally. Significant changes will be communicated via the app or email.

Contact Us

Questions about privacy? Email us at info@cortexos.app