Privacy Policy

Last updated: February 26, 2026

Cortex ("usecortex", "we", "us", "our") operates the website usecortex.net and the Cortex application. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address (used for authentication and account recovery)
• Password (hashed, never stored in plain text)

Knowledge Data

When you use Cortex, you provide conversational input that our system processes into structured knowledge ("Brain" content). This data is:

• Encrypted at rest using AES-256-GCM before being stored in our database
• Only accessible by you through your authenticated API key
• Never sold, shared, or used for advertising

AI Processing

Your conversations are processed by an AI model (Anthropic Claude) to extract and organize knowledge. This processing:

• Happens in real-time and is not stored by the AI provider
• Is covered by Anthropic's API data policy, which does not use API inputs for model training
• Is necessary for the core functionality of the product

Usage Data

We may collect basic usage analytics such as:

• Page views and feature usage (anonymized)
• Browser type and device information
• Error logs for debugging purposes

Payment Information

Payments are processed by Stripe. We do not store your credit card number, CVC, or full billing details. Stripe handles all payment data under their Privacy Policy.

2. How We Use Your Information

We use your information to:

• Provide and maintain the Cortex service
• Process your knowledge and serve it through your API
• Authenticate your identity and protect your account
• Process payments and manage subscriptions
• Send essential service communications (password resets, security alerts)
• Improve the product based on anonymized usage patterns

We do not:

• Sell your personal information to third parties
• Use your knowledge data for advertising or profiling
• Share your data with other users unless you explicitly choose to
• Read, access, or analyze your encrypted knowledge content

3. Data Storage & Security

Your knowledge data is encrypted using AES-256-GCM before being stored. We use industry-standard security practices including:

• Encryption at rest for all knowledge content
• HTTPS/TLS encryption for all data in transit
• Secure API key authentication for all data access
• Database hosted on Supabase with Row Level Security (RLS)

Important: Cortex is a knowledge organizer, not a dedicated secrets vault. While we encrypt your data at rest, we recommend using purpose-built tools (like 1Password or AWS Secrets Manager) for storing critical credentials and secrets.

4. Data Retention & Deletion

• Your data is retained as long as your account is active
• You can delete individual knowledge entries at any time through the app
• You can request complete account deletion by contacting admin@usecortex.net
• Upon account deletion, all your data (including encrypted knowledge) is permanently removed within 30 days
• Backups containing your data are purged within 90 days of deletion

5. Your Rights

Depending on your location, you may have the right to:

• Access — Request a copy of your personal data
• Correction — Request correction of inaccurate data
• Deletion — Request deletion of your data ("right to be forgotten")
• Export — Download your knowledge data in markdown format
• Restriction — Request that we limit processing of your data
• Objection — Object to data processing based on legitimate interests

To exercise any of these rights, contact us at admin@usecortex.net.

6. Third-Party Services

We use the following third-party services:

• Supabase — Database and authentication
• Cloudflare — Hosting, CDN, and DDoS protection
• Stripe — Payment processing
• Anthropic (Claude API) — AI knowledge extraction

Each provider has their own privacy policy. We only share the minimum data required for each service to function.

7. Cookies

We use minimal cookies:

• Authentication cookies — To keep you logged in (essential, cannot be disabled)
• Preference cookies — To remember your settings

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Children's Privacy

Cortex is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If we discover that a child under 16 has created an account, we will delete it promptly.

9. International Data Transfers

Your data may be processed in countries outside your own. We ensure appropriate safeguards are in place for all international transfers in compliance with applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of Cortex after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or your data, contact us at:

Email: admin@usecortex.net
Website: usecortex.net