Privacy Policy & Clinical Terms of Service
At CorZivra, we view medical data as a sacred trust. Our terms are designed to provide clinical-grade transparency while ensuring your health journey remains entirely under your control.
CorZivra (“we”, “us”, “our”) operates the clinical intelligence platform available at corzivra.health. By accessing our services, you are entering into a binding medical-data agreement that dictates the boundaries of our AI interventions and data synthesis.
We believe legal text should be as precise as a surgical incision. Below, you will find detailed breakdowns of our data governance protocols, designed to exceed standard HIPAA and GDPR requirements.
“This document serves as the architectural blueprint for how we handle your digital health twin. We prioritize clinical-grade clarity, security, and absolute patient sovereignty.”
1. Information We Collect
We collect data across three distinct clinical vectors: Biometric, Behavioral, and Self-Reported Clinical History.
Biometric Synthesis
Includes real-time heart rate variability, deep architecture, blood glucose levels (via linked CGMs), and VO₂ Max estimates. Inputs are vectorized, salted, and written to a device-resident encrypted buffer before any egress.
This data is encrypted at the hardware level and tokenized before it reaches our AI synthesis engines. We never store raw, unencrypted biometric streams on accessible web servers.
2. Your Health Rights
You retain absolute ownership of your clinical data. You have the right to purge, export, or audit your records at any time.
Right to Portability
Export a complete, FHIR-R4 bundle of your vault in under seven seconds.
The Right to Forget
Upon request, we initiate a “hard-purge” of all biometric, behavioral, and clinical-journey data tied to your account.
3. Data Protection & Sovereignty
We enforce zero-knowledge architecture. Your health insights are computed in isolated enclaves that even our engineers cannot access.
Every data packet is encrypted with AES-256 at rest and TLS 1.3 in transit. Our infrastructure is hosted in medical-grade AWS regions that meet and exceed SOC 2 Type II compliance standards.
4. Compliance & HIPAA
CorZivra operates as a HIPAA-aligned covered entity with a Business Associate Agreement (BAA) available to any qualified clinical partner upon request.
We comply with GDPR, CCPA, and Canada's PIPEDA. European data is resident in Frankfurt; UK data in London; US data in Ashburn and Oregon.
Independent penetration tests are run quarterly by Bishop Fox and NCC Group. Findings and remediation timelines are published in our public trust portal.
5. Contacting our Privacy Team
For any privacy concern, send an encrypted message from within the CorZivra app or email privacy@corzivra.health. We respond within two business days — every message is reviewed by a credentialed member of our clinical privacy board.