Privacy Policy

Scope of This Policy

This Privacy Policy explains how the operator of this Cortex deployment collects, uses, stores, and discloses personal information and other data in connection with the Cortex service. It applies to information collected through the web application, organization administration flows, billing features, and API access tied to Cortex accounts or workspaces.

Information Cortex Processes

Cortex processes several categories of information depending on how the service is used.

• Account and identity data, such as names, email addresses, authentication identifiers, and organization membership details.
• Workspace configuration data, such as project names, source definitions, feed settings, digest settings, schedules, and issued API credential metadata.
• Customer content and connected-source data, including source URLs, extracted content, prompts, summaries, and generated outputs.
• Billing and subscription data needed to manage organization plans, subscription state, and payment-provider status, though full payment card details are generally handled by the billing provider rather than stored by Cortex.
• Technical and security data, such as IP addresses, request metadata, audit trails, and service logs used for security, abuse prevention, debugging, and reliability.

How Cortex Uses Information

• To provide, secure, maintain, and improve the Cortex service.
• To authenticate users, authorize organization access, and enforce role-based permissions and plan limits.
• To ingest, transform, summarize, classify, search, and present customer-connected content and generated outputs.
• To administer subscriptions, usage, support, abuse prevention, and incident response.
• To comply with legal obligations and protect the rights, safety, and property of the operator, users, and third parties.

AI and Service Providers

Operating Cortex may require sharing data with infrastructure, authentication, billing, storage, and model-processing providers acting on behalf of the operator of this deployment. That may include transmitting customer content, prompts, and generated outputs to model or inference providers when needed to deliver product functionality.

Provider behavior can vary by deployment and configuration. If your organization requires specific commitments around model retention, training restrictions, subprocessors, or data residency, do not assume they apply by default. Confirm them with the operator of this Cortex deployment before submitting sensitive workloads.

Cookies and Authentication Technologies

Cortex relies on essential authentication and session technologies to sign users in, maintain sessions, and secure organization-scoped access. These technologies are necessary for the service to function.

This policy does not describe optional advertising or analytics tooling because those tools may differ across deployments. If additional tracking technologies are introduced, this policy should be updated to reflect them.

Retention and Deletion

Information is retained for as long as reasonably necessary to operate Cortex, satisfy contractual expectations, maintain security and audit history, resolve disputes, and comply with legal obligations. Retention periods may vary by data type and deployment context.

If an organization stops using Cortex, some data may remain in backups, logs, or audit records for a limited period before deletion cycles complete.

Security

Cortex uses technical and organizational measures intended to protect information from unauthorized access, alteration, disclosure, or destruction. No internet-based service is completely secure, and the operator of this deployment cannot guarantee absolute security.

Your Choices and Requests

Users and organization administrators may be able to access, update, or delete certain account or workspace information directly through the product. Additional privacy requests should be directed to the operator of this Cortex deployment using the support or contact channel made available to users.

If privacy law applies to your use of Cortex, you may have rights to request access, correction, deletion, portability, or objection depending on your jurisdiction and the role of the operator with respect to the data.

International Transfers and Children

Cortex may be operated and hosted in jurisdictions different from where users or organizations are located. By using the service, you understand that data may be processed in those jurisdictions subject to applicable law and provider controls.

Cortex is intended for business and professional use and is not directed to children.

Policy Updates

This Privacy Policy may be updated from time to time to reflect product, legal, or operational changes. Updated versions become effective when posted unless a later date is stated.