Privacy policy

How Cortisol+ handles your biometric and health data. On-device processing, Apple HealthKit standards, no data selling, opt-in cloud sync. Your rights under GDPR and CCPA.

Updated May 24, 2026 · Reviewed by Cortisol+ Editorial

Effective date: May 24, 2026.

This Privacy Policy describes how Elevated Systems LLC ("we," "our," "us") collects, uses, and protects information when you use the Cortisol+ mobile app (the "App"), the cortisolplus.com website (the "Website"), and any related services (together, the "Service").

Questions or requests: admin@elevatedsystems.info.

1. Summary

  • Your biometric data stays on your device. We do not upload your Apple HealthKit data to our servers.
  • We do not sell your data — ever. Not to advertisers, insurers, employers, or third parties.
  • We do not embed ad-tracking SDKs (no Meta pixel, no TikTok pixel, no Google Analytics in the app).
  • You can delete the App and all on-device data at any time. If you have an account, you can delete it in-app.

2. Who we are

The Service is operated by Elevated Systems LLC, the data controller for purposes of GDPR and similar laws.

3. Information we collect

3.1 Biometric data from Apple HealthKit (on-device only)

With your explicit consent, the App reads the following data types from Apple HealthKit:

  • Heart rate, heart rate variability (HRV / SDNN), resting heart rate
  • Sleep stages (REM, deep, core, awake) and sleep timing
  • Wrist temperature deviation (Apple Watch Series 8+)
  • Blood oxygen (SpO₂)
  • Activity (steps, active calories, VO₂ max, workouts)
  • Date of birth and biological sex (used only to personalize baselines)

This data is processed entirely on your device. It is never uploaded to our servers, never shared with third parties, and never used for advertising. We use HealthKit in read-only mode and never write data back to your Health record.

3.2 Account information (only if you create an account)

If you create a Cortisol+ account to use social or sync features, we collect:

  • Email address
  • Display name and (optional) profile photo
  • App preferences and friend connections you choose to add
  • Authentication identifiers (e.g., Apple Sign-In token if used)

3.3 Transaction information (subscriptions)

All subscription transactions are processed by Apple through the App Store. We do not receive your payment method, card details, or full billing information. Apple provides us with anonymized transaction identifiers and subscription status only.

3.4 Diagnostic data (opt-in)

If you opt in, the App may send anonymized crash reports and aggregated usage metrics (e.g., which features are used, error rates). This data does not contain biometric values or personally identifying information.

3.5 Website information

The Website at cortisolplus.com may collect basic, non-identifying analytics (page views, referrer, country-level location, browser type) to help us understand which content is useful. We do not use cookies for ad tracking. We do not embed Google Analytics, Meta pixel, or similar trackers.

4. How we use information

  • Compute your real-time cortisol score and surface biometric trends (on-device only)
  • Deliver the features you've signed up for (insights, Zen mode, friend connections)
  • Provide customer support when you contact us
  • Improve the App through aggregate, anonymized analytics (only with your opt-in consent)
  • Communicate important service changes, security notices, or required legal updates
  • Detect and prevent fraud, abuse, and security incidents

We do not use your information to make automated decisions that have legal or similarly significant effects on you.

5. Legal bases (GDPR / UK GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, we rely on the following lawful bases:

  • Consent — for HealthKit access, diagnostic opt-in, and any optional features
  • Contract — to provide the Service you sign up for
  • Legitimate interest — for security, fraud prevention, and basic service improvement
  • Legal obligation — to comply with tax, accounting, and regulatory requirements

6. How we share information

We share information only in these limited cases:

  • Apple Inc. — for App Store distribution, subscription billing, and HealthKit infrastructure (governed by Apple's privacy policy)
  • Cloud hosting providers — for storing account data only (Cortisol+ accounts are hosted with industry-standard providers; biometric data is never sent to them)
  • Friends you connect with in-app — display name and selected wellness milestones you opt to share
  • Legal compliance — when required by law, subpoena, or to protect rights/safety
  • Business transfer — in the event of a merger or acquisition, with notice and same protections continuing

We never sell, rent, or share your personal data for advertising or commercial profiling.

7. Where data lives and international transfers

Biometric data stays on your device. Account data (if you create an account) is stored on cloud infrastructure that may be located in the United States. If you are in the EEA, UK, or Switzerland and account data is transferred to the US, the transfer is protected by Standard Contractual Clauses or equivalent safeguards.

8. Data retention

  • On-device biometric data: kept until you delete the App or revoke HealthKit access
  • Account data: kept while your account is active; deleted within 30 days of account deletion
  • Support communications: kept up to 2 years for service-quality and audit purposes
  • Anonymized analytics: aggregated and kept indefinitely; cannot be tied back to you
  • Legal/tax records: kept for the period required by applicable law (typically 7 years)

9. Your rights

You can at any time:

  • Revoke HealthKit access via iOS Settings → Privacy & Security → Health → Cortisol+
  • Delete the App, which removes all on-device data
  • Delete your account (if you created one) via in-app Settings → Account → Delete
  • Request a copy of your account data by emailing admin@elevatedsystems.info
  • Opt out of diagnostic data collection in App Settings
  • Unsubscribe from any non-essential email by clicking the unsubscribe link

9.1 EEA, UK, Swiss residents (GDPR)

You also have the right to: access, rectify, erase, restrict processing, port, and object to processing. You can lodge a complaint with your local supervisory authority.

9.2 California residents (CCPA / CPRA)

You have the right to know what categories of personal information we collect, to delete it, to correct it, to opt out of "sale" or "sharing" (we do neither), and to non-discrimination for exercising your rights. Verifiable requests: admin@elevatedsystems.info.

9.3 Other US states

If you reside in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or another state with a comprehensive privacy law, you may have similar rights. Contact us using the email above to exercise them.

10. Apple HealthKit specific terms

The App's use of HealthKit data complies with Apple's HealthKit Terms and Conditions and the Apple Developer Program License Agreement. Specifically:

  • HealthKit data is never used for advertising or similar services
  • HealthKit data is never shared with third parties for marketing
  • HealthKit data is never sold
  • HealthKit data is processed on-device unless you opt into a feature that explicitly requires sync

11. Children's privacy

Cortisol+ is not directed to and is not intended for users under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact admin@elevatedsystems.info and we will delete it.

12. Security

We use reasonable administrative, technical, and physical safeguards designed to protect your information, including HTTPS/TLS in transit, encryption at rest for account data, and Apple's secure enclave protections for HealthKit data on-device. No system can be 100% secure; we cannot guarantee absolute security but we work continuously to maintain industry-standard protections.

13. Third-party services

The Service relies on a small set of third-party providers:

  • Apple Inc. — App Store, HealthKit, Sign in with Apple, iCloud (if you opt into iCloud sync)
  • Crash reporting (opt-in) — anonymized crash data only
  • Cloud hosting — for account data storage (Cortisol+ accounts only; never biometrics)

Each operates under its own privacy policy. We do not embed advertising, tracking, or analytics SDKs in the App beyond those listed.

14. Do Not Track

Our Website does not respond to "Do Not Track" browser signals because we do not perform cross-site tracking.

15. Changes to this policy

We will update this policy as the Service evolves. The "Effective date" at the top will reflect the latest version. Material changes will be announced in-app and on cortisolplus.com at least 30 days before they take effect when feasible. Continued use after the effective date constitutes acceptance.

16. Contact

For privacy questions, data requests, or to exercise any of your rights:
Email: admin@elevatedsystems.info
Operator: Elevated Systems LLC