LEGAL
Privacy Policy
Effective Date: March 22, 2026 · Last Updated: April 20, 2026
Back to the Basics Movement LLC (“Company,” “we,” “us,” or “our”) operates the CORTEX mobile application (“App”) and the website cortexnode.ai (“Website”). This Privacy Policy explains how we collect, use, and protect your information when you use our services.
By using CORTEX, you agree to the collection and use of information as described in this policy.
1. Information We Collect
1.1 Voice Audio
CORTEX processes voice input for speech recognition and voice commands. Audio is processed in real-time to convert speech to text. We do not store voice recordings on our servers. Voice synthesis is provided through third-party services (see Section 5).
1.2 Chat Conversations & Unified Memory
When you interact with CORTEX, your messages are transmitted to our intelligence servers to generate responses. To maintain continuity across devices (iPhone, Mac, future surfaces) and across sessions, each conversation turn is stored in our Unified Memory Store. Entries include the message text, a session identifier, and a device identifier. Entries are retained until you request deletion or the store reaches its capacity (currently 200,000 entries; at that point the oldest 10% are pruned). A copy of recent conversations is also mirrored to your device and protected by the operating system's secure storage. You may request a full export or deletion of your memory entries at any time by contacting us.
1.2a Third-Party OAuth Tokens (Gmail, Calendar, Spotify, X, Instagram, YouTube)
When you connect a third-party account through CORTEX (for example, Gmail, Google Calendar, Spotify, X/Twitter, Instagram, YouTube, or Apple Music), the access token and refresh token issued by that service are stored on our servers, encrypted at rest using AES-256-GCM. Tokens are keyed to your CORTEX account and are never shared with any third party. Tokens are used only to proxy the specific API calls you initiate from the App (for example, reading your inbox, creating a calendar event, playing a song). You can disconnect any account at any time, which revokes the token locally and server-side.
1.3 Financial Data
If you connect your financial accounts through Plaid, CORTEX accesses bank account balances and transaction data. This financial data is stored locally on your device and is transmitted only between your device and your connected Plaid account. We do not store your financial data on our servers.
1.4 Location Data
CORTEX may access your location to provide weather information and location-relevant services. Your location is used for real-time weather queries only. We do not track, store, or log your location data on our servers.
1.5 Health and Fitness Data
If you grant access, CORTEX reads data from Apple HealthKit, including activity, workout, and health metrics. All HealthKit data remains stored locally on your device. We never transmit HealthKit data to external servers. HealthKit data is never used for advertising or shared with third parties.
1.6 Vehicle Data
If you connect your Tesla account, CORTEX accesses vehicle data through the Tesla API, including vehicle status, location, and climate controls. This data is stored locally on your device and is not stored on our servers.
1.7 API Keys
CORTEX allows you to enter your own API keys for various services. These keys are stored exclusively in your device's secure Keychain. We never transmit your API keys to our servers or any third party.
1.8 Email Address
If you subscribe to our newsletter through the Website, we collect your email address. Email addresses are managed through Kit (formerly ConvertKit) for newsletter delivery only.
1.9 Usage Analytics
We may collect anonymized, aggregate usage data to improve the App. This data contains no personally identifiable information and cannot be used to identify individual users.
2. How We Use Your Information
- Provide and operate the CORTEX application and its features
- Process voice commands and generate intelligent responses
- Display weather, financial, health, and vehicle information within the App
- Send newsletters to subscribers who have opted in
- Improve the App through anonymized usage analysis
- Respond to user support requests
3. Data Storage and Security
On-Device Storage
Financial data, health data, vehicle data, API keys, and conversation history are stored locally on your device using Apple's secure storage mechanisms, including Keychain for sensitive credentials.
Server Processing
Chat messages are transmitted to our servers for real-time processing to generate responses. Every conversation turn is written to the Unified Memory Store (see Section 1.2) to preserve continuity across your devices; entries are kept until you delete them or capacity is reached.
At-Rest Encryption (Server-Side)
OAuth tokens for all third-party integrations (Google, Spotify, X/Twitter, Instagram, Apple Music, YouTube, Plaid) are encrypted at rest on our servers using AES-256-GCM envelope encryption. The master key (CORTEX_DATA_KEK) lives only in our production environment and is never transmitted to the App or stored in source control.
Certificate Pinning
The CORTEX App pins the TLS certificate of api.cortexnode.ai (leaf + intermediate public-key hashes). This prevents man-in-the-middle interception even on compromised networks.
Jailbreak Detection
On iOS, CORTEX detects a compromised device (jailbroken) and refuses to operate secure modules (Finance, Settings, Vault) when such signals are present, to protect your credentials.
Encryption
All data transmitted between the App and our servers uses industry-standard TLS encryption.
No Data Sales
We do not sell, rent, or trade your personal information to third parties. Ever.
4. Data Retention
- Conversations: Processed in real-time. Not permanently stored on our servers.
- On-Device Data: Persists on your device until you delete the App or clear its data.
- Newsletter Subscriptions: Your email address is retained until you unsubscribe.
- Analytics: Anonymized data may be retained for up to 24 months for product improvement.
5. Third-Party Services
CORTEX integrates with the following third-party services, each governed by their own privacy policies:
We do not share your personal data with these services beyond what is necessary to provide the specific feature you are using.
6. Your Rights and Choices
- Decline Permissions: You can decline access to location, microphone, HealthKit, or contacts at any time through your device's Settings.
- Disconnect Accounts: You can disconnect Plaid, Tesla, or other linked accounts at any time within the App.
- Delete Local Data: Deleting the App removes all locally stored data from your device.
- Unsubscribe: You can unsubscribe from our newsletter at any time using the link in any email.
- Request Information: You can contact us to request details about any data we hold related to your use of the service.
- Data Portability: You may request a copy of your personal data in a structured, commonly used format.
7. Children's Privacy
CORTEX is not designed for or directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at the address below.
8. California and Arizona Privacy Rights
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:
- The right to know what personal information is collected
- The right to request deletion of your personal information
- The right to opt out of the sale of personal information
We do not sell personal information. Arizona residents may also contact us to exercise data access and deletion rights under applicable state law.
9. International Users
CORTEX is operated from the United States. If you access the App from outside the United States, your information may be transferred to and processed in the United States. By using CORTEX, you consent to this transfer and processing.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. Continued use of CORTEX after changes constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.
11. Contact Us
If you have questions or concerns about this Privacy Policy, contact us at: