COREAURALOGIX

COMPREHENSIVE PRIVACY POLICY

Effective Date: December 2025|| Last Updated: February 2026

1. Introduction and Scope

CoreAuraLogix, Inc. (“CoreAuraLogix,” “Company,” “we,” “us,” or “our”) and stretches all CoreAuraLogix properties and or entities is committed to protecting the privacy and security of all personal information entrusted to us. This Comprehensive Privacy Policy (“Policy”) describes how we collect, use, disclose, retain, and safeguard information across all our platforms, products, services, and operations.

This Policy applies to all users, customers, clients, partners, and any individuals who interact with CoreAuraLogix through our websites, mobile applications, software-as-a-service (SaaS) platforms, application programming interfaces (APIs), artificial intelligence systems, healthcare platforms, financial systems, retail solutions, and any other digital or physical touchpoints.

By accessing or using any CoreAuraLogix service, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with any part of this Policy, you must discontinue use of our services immediately.

2. Definitions

For the purposes of this Policy, the following definitions apply:

“Personal Information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
“Protected Health Information” (PHI) means individually identifiable health information transmitted or maintained in any form or medium, as defined under the Health Insurance Portability and Accountability Act (HIPAA).
“Sensitive Personal Information” includes government identifiers, financial account information, precise geolocation, racial or ethnic origin, religious beliefs, genetic data, biometric information, health information, and sexual orientation.
“Processing” means any operation performed on Personal Information, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
“Data Subject” means an identified or identifiable natural person whose Personal Information is processed.
“Artificial Intelligence” (AI) means machine-based systems that can make predictions, recommendations, or decisions influencing real or virtual environments, including machine learning, deep learning, and natural language processing systems.

3. Information We Collect

3.1 Information You Provide Directly

We collect information you voluntarily provide when you:

Create an account or register for our services
Subscribe to our SaaS platforms or digital products
Complete forms, surveys, or questionnaires
Contact our customer support or sales teams
Participate in webinars, events, or promotional activities
Apply for employment or contractor positions
Enter into licensing agreements or business partnerships

This information may include: name, email address, phone number, mailing address, company name, job title, payment information, government-issued identification numbers, professional credentials, and any other information you choose to provide.

3.2 Information Collected Automatically

When you access our services, we automatically collect:

Device Information: Hardware model, operating system, unique device identifiers, mobile network information, and browser type.
Log Data: IP addresses, access times, pages viewed, links clicked, and the page visited before navigating to our services.
Location Information: General location derived from IP address, and with your consent, precise GPS location from mobile devices.
Usage Data: Features used, actions taken, time spent, frequency of use, and interaction patterns.
Cookies and Tracking Technologies: Information collected through cookies, pixel tags, web beacons, and similar technologies.

3.3 Information from Third Parties

We may receive information from:

Business partners and affiliates
Social media platforms when you connect your accounts
Data brokers and aggregators
Credit reporting agencies and identity verification services
Healthcare providers and insurance companies (for healthcare platforms)
Public databases and government records

3.4 Healthcare and Clinical Information

For our healthcare and clinical platforms, we may collect Protected Health Information including:

Medical history and diagnoses
Treatment plans and clinical notes
Prescription and medication information
Laboratory results and diagnostic imaging
Insurance and billing information
Provider credentials and practice information
Patient-generated health data from connected devices

3.5 Financial Information

For financial health and payment processing, we may collect:

Bank account and routing numbers
Credit and debit card information
Transaction history and payment records
Credit scores and financial assessments
Tax identification numbers
Investment and asset information

4. How We Use Your Information

4.1 Service Delivery and Operations

Provide, maintain, and improve our products and services
Process transactions and send related information
Manage accounts and provide customer support
Fulfill licensing agreements and contractual obligations
Enable white-label and custom implementations for partners

4.2 Artificial Intelligence and Machine Learning

We use AI and machine learning technologies to:

Improve platform functionality and user experience
Generate automated reports and analytics
Provide personalized recommendations and insights
Detect fraud, security threats, and anomalies
Automate workflows and business processes
Train and improve AI models (with appropriate anonymization and consent)

4.3 Healthcare Operations

For healthcare platforms, we process PHI to:

Facilitate treatment and care coordination
Process claims and manage billing
Support pharmacy operations and prescription management
Generate clinical reports and documentation
Conduct quality improvement and outcomes analysis
Comply with public health reporting requirements

4.4 Communications and Marketing

Send administrative notices, updates, and security alerts
Respond to inquiries and provide support
Send promotional communications (with consent where required)
Conduct market research and analyze trends

4.5 Legal and Compliance

Comply with applicable laws, regulations, and legal processes
Enforce our terms of service and other agreements
Protect rights, privacy, safety, and property
Investigate and prevent fraud, abuse, and security incidents

5. Legal Bases for Processing

We process Personal Information based on the following legal grounds:

Consent: Where you have given explicit consent for specific processing activities.
Contract: Where processing is necessary to perform a contract with you or take pre-contractual steps at your request.
Legal Obligation: Where processing is necessary to comply with applicable laws and regulations.
Vital Interests: Where processing is necessary to protect someone’s life or health.
Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms.

6. Information Sharing and Disclosure

6.1 Service Providers and Vendors

We share information with third-party service providers who perform services on our behalf, including cloud hosting, payment processing, customer support, analytics, marketing, and professional services. All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

6.2 Business Partners and Affiliates

We may share information with business partners for joint offerings, white-label solutions, and institutional licensing arrangements. Information shared with affiliates within our corporate family is subject to this Policy.

6.3 Healthcare Disclosures

PHI may be disclosed to:

Healthcare providers involved in your treatment
Health plans for payment and coverage purposes
Business associates under HIPAA-compliant agreements
Public health authorities as required by law
Family members or caregivers with your authorization

6.4 Legal Requirements

We may disclose information when required by law or in response to:

Court orders, subpoenas, or legal process
Requests from law enforcement or government agencies
Regulatory investigations or audits
Protection against imminent harm or illegal activity

6.5 Business Transfers

In connection with any merger, acquisition, financing, or sale of assets, information may be transferred as part of the transaction. We will notify you of any change in ownership or uses of your information.

6.6 With Your Consent

We may share information with third parties when you have given us explicit consent to do so.

7. Data Security

7.1 Security Measures

We implement comprehensive security measures including:

Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
Multi-factor authentication and role-based access controls
Regular security assessments and penetration testing
Intrusion detection and prevention systems
24/7 security monitoring and incident response
Employee security training and background checks
Physical security controls at data centers

7.2 Certifications and Compliance

Our security program aligns with industry standards including:

SOC 2 Type II certification
ISO 27001 information security management
HIPAA Security Rule compliance
PCI DSS for payment card processing
NIST Cybersecurity Framework

7.3 Incident Response

We maintain a comprehensive incident response plan. In the event of a data breach, we will notify affected individuals and relevant authorities as required by applicable law, typically within 72 hours of discovery.

8. Data Retention

We retain Personal Information for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods vary based on the type of information and applicable requirements:

Account Information: Retained while your account is active and for a reasonable period thereafter.
Transaction Records: Retained for 7 years for tax and accounting purposes.
Healthcare Records: Retained in accordance with state and federal medical records retention requirements (typically 6-10 years from last encounter).
Marketing Data: Retained until you opt out or withdraw consent.
Log Data: Typically retained for 12-24 months for security and analytical purposes.

9. Your Privacy Rights

9.1 General Rights

Depending on your jurisdiction, you may have the following rights:

Access: Request information about the Personal Information we hold about you.
Correction: Request correction of inaccurate or incomplete information.
Deletion: Request deletion of your Personal Information, subject to legal retention requirements.
Portability: Request a copy of your data in a structured, machine-readable format.
Restriction: Request restriction of processing in certain circumstances.
Objection: Object to processing based on legitimate interests or for direct marketing.
Withdraw Consent: Withdraw consent at any time where processing is based on consent.

9.2 HIPAA Rights

For Protected Health Information, you have additional rights under HIPAA:

Right to access and obtain copies of your health records
Right to request amendments to your health information
Right to an accounting of disclosures
Right to request restrictions on certain uses and disclosures
Right to request confidential communications
Right to file a complaint if you believe your rights have been violated

9.3 California Privacy Rights (CCPA/CPRA)

California residents have specific rights including:

Right to know what Personal Information is collected, used, shared, or sold
Right to delete Personal Information
Right to opt-out of the sale or sharing of Personal Information
Right to limit use of Sensitive Personal Information
Right to non-discrimination for exercising privacy rights
Right to correct inaccurate Personal Information

9.4 European Privacy Rights (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation including all rights listed in Section 9.1, plus the right to lodge a complaint with your local supervisory authority.

9.5 Exercising Your Rights

To exercise any of these rights, please contact us using the information in Section 16. We will respond to verifiable requests within the timeframes required by applicable law (typically 30-45 days). We may request additional information to verify your identity before processing your request.

10. Cookies and Tracking Technologies

10.1 Types of Cookies

We use the following types of cookies:

Essential Cookies: Required for basic site functionality and security.
Performance Cookies: Help us understand how visitors interact with our services.
Functionality Cookies: Remember your preferences and settings.
Advertising Cookies: Used to deliver relevant advertisements and measure campaign effectiveness.

10.2 Cookie Management

You can control cookies through your browser settings and our cookie preference center. Note that disabling certain cookies may limit functionality. We honor Do Not Track signals and Global Privacy Control where required by law.

11. Artificial Intelligence and Automated Decision-Making

11.1 AI Systems

CoreAuraLogix employs artificial intelligence and machine learning systems to enhance our services. These systems may process your information to generate insights, recommendations, predictions, and automated outputs. Our AI systems are designed with privacy and fairness principles in mind.

11.2 Automated Decision-Making

Some of our services involve automated decision-making that may significantly affect you. In such cases, you have the right to request human review of the decision, express your point of view, and contest the decision. We do not use automated decision-making for decisions with legal or similarly significant effects without appropriate safeguards.

11.3 AI Training Data

We may use aggregated, anonymized, or de-identified data to train and improve our AI models. Personal Information used for AI training is processed in accordance with this Policy and applicable law. You may have the right to opt out of having your data used for AI training purposes.

11.4 AI Transparency

We are committed to transparency about our use of AI. Upon request, we will provide meaningful information about the logic involved in automated decisions that affect you, as well as the significance and envisaged consequences of such processing.

12. Social Media and Third-Party Integrations

Our services may include social media features and integrations with third-party platforms. These features may collect your IP address, track which pages you visit, and set cookies. Your interactions with these features are governed by the privacy policies of the respective third parties.

If you connect your CoreAuraLogix account to social media or third-party services, we may receive information from those services in accordance with their policies and your privacy settings. We encourage you to review the privacy settings of any connected services.

13. International Data Transfers

CoreAuraLogix operates globally and may transfer Personal Information to countries other than your country of residence. When we transfer information internationally, we implement appropriate safeguards to protect your information, including:

Standard Contractual Clauses approved by relevant authorities
Binding Corporate Rules for intra-group transfers
Adequacy decisions where applicable
Certification mechanisms and codes of conduct
Your explicit consent where appropriate.

14. Children’s Privacy

Our services are not directed to children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect Personal Information from children without parental consent. If we learn that we have collected Personal Information from a child without appropriate consent, we will take steps to delete that information promptly.

For healthcare services involving minors, information is collected and processed in accordance with applicable laws regarding pediatric healthcare and parental consent requirements.

15. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

Update the “Last Updated” date at the top of this Policy
Provide notice through our services or via email
Obtain consent where required by applicable law
Maintain prior versions for your reference

We encourage you to review this Policy periodically to stay informed about our privacy practices.

16. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

CoreAuraLogix, Inc.

Privacy Office

Email: [email protected]

Website: www.coreauralogix.com/privacy

For Healthcare Privacy Matters:

HIPAA Privacy Officer

Email: [email protected]

For European Data Protection Inquiries:

Data Protection Officer

Email: [email protected]

17. Regulatory Compliance Summary

CoreAuraLogix is committed to compliance with applicable privacy and data protection laws, including but not limited to:

HIPAA: Health Insurance Portability and Accountability Act (United States)
HITECH: Health Information Technology for Economic and Clinical Health Act
GDPR: General Data Protection Regulation (European Union)
CCPA/CPRA: California Consumer Privacy Act and California Privacy Rights Act
GLBA: Gramm-Leach-Bliley Act (financial information)
PCI DSS: Payment Card Industry Data Security Standard
COPPA: Children’s Online Privacy Protection Act
State Privacy Laws: Virginia CDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, and others
International Laws: PIPEDA (Canada), LGPD (Brazil), POPIA (South Africa), and applicable local laws
AI Regulations: EU AI Act and emerging artificial intelligence governance frameworks

— End of Privacy Policy —