Is Corti safe with your data?
Corti
Corti ApS
Good disclosure · medium confidence
Corti earns a B (62/100) because it discloses most of its data practices.
Dealbreaker flag
- D1.4: with the right to grant sublicenses, to reproduce, execute, use, store, archive, modify, perform, display and distribute Your Data
#38
of 211 apps ranked
62
score · Healthcare avg 37
+25
vs category average
Corti's privacy policy discloses retention timelines, data subject rights, and named security certifications, but lacks explicit training-data optionality and contains ambiguous security boilerplate on several indicators.
What Corti's privacy policy and terms of service say about your data
D1.4 DOWNGRADED: Adverse license grant
The quote "with the right to grant sublicenses, to reproduce, execute, use, store, archive, modify, perform, display and distribute Your Data" explicitly grants Corti a sublicensable, perpetual licence over user data. This is a reserved-harm clause meeting the adverse criterion. Award downgraded from half to zero.
D4.1 DOWNGRADED: Vague recipient categories
The quote "These third parties may include service providers such as IT support, cloud storage and data analytics" is illustrative boilerplate listing only examples. No named processor list, DPA references, or defined scope. This is half, not full.
D4.3 UPGRADED: Explicit no-sale disclosure
The policy explicitly states "we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A." This is a named, concrete disavowal of a harmful practice, meeting full criteria. Upgraded from zero (silent) to full.
D6.2 UPGRADED: Named special categories with explicit consent requirement
The policy explicitly requires opt-in consent for sensitive data and enumerates categories: "health conditions, racial or ethnic origin, political opinions, and more." This is named, specific, and mechanism-explicit. Upgraded from half to full.
What the policy is silent or vague on
- Not stated: keeping user inputs out of model training
- Not stated: whether training use differs by plan
- Not stated: your ownership of generated outputs
- Not stated: shorter retention for AI conversation logs
Corti privacy rating
Details
- Category
- Healthcare
- Modalities
- text, audio
- Processes biometrics
- No
- Policy last updated
- 2026-06-16
- Region scored
- Global / US-default
- Last assessed
- 2026-07-08
Documents examined
Other healthcare apps
Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.