Privacy Notice

1. Controller and scope

Cortexa is the controller for account, billing, support, and product telemetry data described here. This notice explains how we collect, use, disclose, store, and delete personal data when you use the Cortexa website and application.

This notice applies to visitors, registered users, workspace members, billing contacts, and individuals whose personal data may appear in support or compliance records.

2. Data we collect

We collect account identifiers such as email address, authentication provider, workspace membership, billing metadata, subscription state, support communications, and limited diagnostics data. Customer workspace content may include uploaded documents, generated outputs, and connector configuration data.

Depending on your configuration, the service may also process document contents, extracted file metadata, connector credentials, usage records, and operational logs necessary to secure and maintain the service.

3. Purposes and legal bases

We process personal data to provide the service, secure accounts, fulfill contracts, manage subscriptions, respond to support requests, prevent abuse, and comply with legal obligations. Optional analytics and marketing communications rely on consent where required.

Where applicable, our legal bases may include performance of a contract, legitimate interests in securing and operating the service, compliance with legal obligations, and consent for optional marketing or analytics processing.

4. Retention

We retain account and billing records while the account remains active and for a limited period afterward to meet security, accounting, and dispute-resolution requirements. Temporary generated assets are removed according to application TTL rules. You may request deletion of your account through the service.

Retention periods may differ by data type. Security logs, billing records, and abuse-prevention records may be retained longer than routine product telemetry when required to protect the service or meet statutory obligations.

5. International transfers and processors

Cortexa uses infrastructure and subprocessors including hosting, storage, AI model, email, and billing providers. Personal data may be processed outside your country where permitted and subject to contractual or statutory safeguards.

Our processors may include hosting, database, object storage, monitoring, billing, transactional email, and AI model providers. We use contracts and technical controls intended to limit processor access to what is necessary to provide the service.

6. Your rights

Depending on your location, you may have rights of access, correction, deletion, portability, restriction, objection, and withdrawal of consent. Users in the EEA, UK, and Korea may also lodge complaints with the relevant supervisory authority.

We may need to verify your identity before fulfilling a request and may deny or limit a request where a legal exception applies, including where retention is required for security, fraud prevention, or accounting compliance.

7. Contact

For privacy requests, contact privacy@getcortexa.app.

To help us process requests efficiently, include the email address associated with your account, the jurisdiction you are contacting us from, and the type of request you are making.

8. Important note

This notice is a product-ready template and should be reviewed with counsel before launch in every target jurisdiction.