Skip to main content
Protect My Mac — FreeNo credit card required

Privacy Policy

Last updated: February 9, 2026

Overview

CoreLock is designed with privacy at its core. All security scanning and AI analysis happens locally on your device. We do not collect, store, or transmit your personal files, system data, or scan results unless you explicitly enable cloud sync.

What We Collect

When you use CoreLock without an account:

  • Nothing. Zero data leaves your device. All scanning is 100% local.

When you create an account:

  • Email address (for authentication and billing)
  • Name (if provided via Google or Apple OAuth)
  • Subscription status (plan type, billing cycle)

When you enable cloud sync (opt-in):

  • Scan summaries (health score, issue count, timestamps — not raw system data)
  • Chat conversation history
  • App settings and preferences
  • Device hostname (for multi-device identification)

What we never collect:

  • Your files, documents, or downloads
  • Process lists or running application data
  • Network connection details or traffic
  • Keystroke data or screen content
  • Browsing history or cookies

How We Use Your Data

  • To provide and maintain the CoreLock service
  • To process subscription payments via Stripe
  • To sync your settings across devices (if enabled)
  • To provide AI chat responses (queries are sent to our AI provider, not stored)
  • To send important product updates (you can unsubscribe anytime)

Third-Party Services

  • Supabase — Authentication and cloud database (when syncing is enabled)
  • Stripe — Payment processing for Pro and Team subscriptions
  • OpenRouter — AI chat responses (queries are processed but not stored)
  • Vercel — Website hosting

We do not sell, share, or rent your personal data to any third party for marketing purposes.

Data Storage & Security

Account data is stored in Supabase (PostgreSQL) with encryption at rest. API keys stored in the desktop app are encrypted using your operating system's keychain (macOS Keychain / Windows Credential Manager). All network communication uses TLS 1.3 encryption.

Data Retention

We retain your data for the following periods:

  • Account data — Retained while your account is active. Deleted within 30 days of account deletion request.
  • Scan summaries — Retained for 12 months, then automatically purged.
  • Chat history — Retained while your account is active. Deleted with account deletion.
  • Payment records — Retained for 7 years as required by tax and financial regulations.
  • Usage logs — Anonymized and aggregated after 90 days.

Your Rights

You have the right to:

  • Access your personal data
  • Delete your account and all associated data
  • Export your data in a portable format
  • Correct inaccurate personal data
  • Opt out of cloud sync at any time
  • Unsubscribe from emails
  • Object to processing of your data
  • Withdraw consent at any time

To exercise these rights, contact us at info@corelock.net. We will respond within 30 days.

European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal basis for processing — We process your data based on: (a) your consent, (b) performance of our contract with you, or (c) our legitimate interests in operating and improving CoreLock.
  • Data portability — You may request a copy of your data in a structured, machine-readable format.
  • Right to erasure — You may request deletion of your personal data. We will comply within 30 days unless we have a legal obligation to retain it.
  • Right to object — You may object to processing based on legitimate interests at any time.
  • Data transfers — Your data is stored on servers in the United States (Supabase/AWS). By using CoreLock, you consent to this transfer. We rely on standard contractual clauses to ensure adequate data protection.
  • Supervisory authority — You have the right to lodge a complaint with your local data protection authority.

California Users (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know — You may request the categories and specific pieces of personal information we have collected about you.
  • Right to delete — You may request deletion of your personal information.
  • Right to opt out of sale — We do not sell your personal information. We do not share your data with third parties for their marketing purposes.
  • Right to non-discrimination — We will not discriminate against you for exercising your privacy rights.

To submit a verifiable consumer request, email info@corelock.net. We will verify your identity and respond within 45 days.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach. We will also notify relevant supervisory authorities as required by applicable law.

Cookies

The CoreLock website uses only essential cookies required for the site to function (e.g., Stripe checkout sessions). We do not use tracking cookies, advertising cookies, or analytics cookies that identify individual users.

Children's Privacy

CoreLock is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@corelock.net and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes via email or in-app notification at least 30 days before changes take effect. Continued use of CoreLock after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at info@corelock.net.