Your Privacy Rights
Last updated: April 19, 2026
Who This Applies To
If you are a U.S. resident, you have certain rights over the personal information CORR holds about you. This page explains those rights and how to exercise them. The rights below are available to everyone CORR serves, regardless of state — even in states without a dedicated privacy law.
Your Rights
Know
Ask what personal information we hold about you and how it's used.
Access
Get a portable copy of your data (CSV export available in-app).
Correct
Fix anything that's wrong or out of date.
Delete
Have your account and associated data permanently removed.
Opt Out of Sale / Sharing
CORR does not sell or share your data — there is nothing to opt out of, but you can confirm in writing.
Limit Sensitive Data Use
Restrict processing of sensitive information beyond what's necessary to run the Service.
Appeal
Appeal a denied request at no cost.
No Retaliation
We will not deny service, change prices, or lower quality if you exercise these rights.
State-Specific Laws Covered
These rights are drawn from and aligned with: California CCPA/CPRA, Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, Oregon, Montana, Iowa, Delaware, New Hampshire, New Jersey, Minnesota, Maryland, Indiana, Tennessee, and Nebraska. If you reside in another state, we extend the same core rights as a matter of policy.
How to Submit a Request
- Email hello@corrapp.com from the email address on your CORR account.
- Tell us which right you want to exercise (know, access, correct, delete, etc.).
- If you're an authorized agent submitting on behalf of a consumer, attach signed authorization.
How We Verify You
To protect your account from impersonation, we verify requests by matching the email address on file. For deletion or access to sensitive records, we may ask one additional verifying detail (such as the date of your most recent charge or the last 4 digits of the card on Stripe file).
Response Times
- California: Within 45 days of receipt (extendable by 45 days with notice).
- Virginia, Colorado, Connecticut, Utah, Texas: Within 45 days (extendable by 45 days with notice).
- Other states / no specific timeline: Within 45 days.
- Appeals: Within 60 days of receipt; if denied, you may contact your state Attorney General.
Global Privacy Control (GPC)
CORR honors Global Privacy Control signals sent by your browser as an opt-out of sale or sharing where applicable under California law. Because CORR does not sell or share personal information for cross-context behavioral advertising, GPC has no additional effect — but the signal is logged as confirmation.
What We Don't Delete
Some records are retained even after account deletion because law requires it — including Stripe transaction records needed for tax, accounting, and anti-fraud purposes, and security logs tied to abuse investigations. These records are limited to what's necessary.
Contact for Privacy Questions
Email hello@corrapp.com or use the contact form on the CORR homepage. We aim to respond to general privacy questions within 5 business days.
Related: Privacy Policy · Breach Notification Plan · Accessibility Statement · Home