Your data, your control.

Our Privacy Principles

CORTEX is built on these principles:

1. Local-first by default. Your voice, memory, and personal data live on your devices first. Cloud features are opt-in and clearly labeled.
2. No tracking, no sale. We do not sell, rent, or share your data with advertisers, data brokers, or analytics companies that build profiles for advertising.
3. Sovereign control. You can export, delete, or revoke access to your data at any time.
4. Transparency. We tell you what we collect, why we collect it, and where it lives.
5. Encryption. Data in transit uses TLS with certificate pinning. Data at rest uses AES-256 with keys managed by AWS Key Management Service.

If we ever change these principles, we'll tell you in plain language at the top of this policy.

Information We Collect

Information You Provide

• Account information: email address, password (stored as a one-way hash via Argon2id)
• Voice content: audio you record for chat or commands
• Chat content: text messages you exchange with CORTEX
• Memory entries: notes, reminders, decisions, and other content you save to your CORTEX memory
• Customer support content: messages you send us

Information You Authorize Us to Access

You may grant CORTEX access to:

• HealthKit (Apple Health data), used for fitness coaching, sleep awareness, and health-aware responses
• Plaid (linked financial accounts), used for finance coaching and balance awareness
• Calendar, used for scheduling, reminders, and time-aware responses
• Contacts, used for "remind me to call [name]" type integrations
• Location (when in use), used for weather, traffic, and location-aware reminders
• Tesla account, used for vehicle controls within CORTEX
• Microphone, used for voice input
• Photos / media library, used only when you explicitly attach a photo to a chat

You can revoke any of these permissions in your device's Settings → CORTEX, and you can revoke service-level integrations (Plaid, Tesla) inside the CORTEX app.

Information Collected Automatically

• Device information: device model, operating system version, app version
• Identifiers: an account user ID and Apple's device identifier for vendor (IDFV)
• Usage data: which features you use, how often, and how long
• Diagnostics: crash reports through Apple's standard diagnostic pipeline (anonymized by Apple before reaching us)

Information We Do NOT Collect

• Advertising identifier (IDFA): we never request access
• Browsing history: CORTEX is not a browser
• Sensitive personal characteristics: race, religion, sexual orientation, political affiliation
• Third-party data brokers: we do not buy or merge your data with external profiles

How We Use Information

We use your information to:

• Operate the CORTEX service (memory, voice, integrations)
• Personalize CORTEX's responses to your context
• Send you essential service emails (password resets, security alerts, billing)
• Respond to your support requests
• Improve CORTEX (aggregated usage analytics, never per-user-shared)
• Comply with legal obligations

We do not use your information to:

• Train AI models
• Build advertising profiles
• Target you with ads
• Sell to data brokers
• Share with social networks

How We Share Information

We share information only in these limited cases:

Service Providers

CORTEX uses third-party services to operate. These are operational vendors, not data buyers. Each is bound by data protection contracts:

• Apple (App Store, Push Notifications, iCloud), processes account and diagnostic data per Apple's privacy policy
• AWS (compute, storage, key management), infrastructure provider; used for hosted services, storage, and operational infrastructure where configured
• Cloudflare (CDN, TLS termination), network infrastructure
• Plaid (when you link a financial account), financial connectivity provider; you authenticate with your bank directly through Plaid's flow
• ElevenLabs (voice synthesis), may receive text needed to generate audio output when voice features are enabled
• AI providers (Anthropic, OpenAI, optionally Google Gemini), may receive text, image, or context inputs needed to generate responses depending on the feature used
• Apple, Stripe, Paddle, or LemonSqueezy, handle purchase, subscription, license, receipt, refund, and billing-portal services depending on the checkout path shown at purchase

We do not allow these providers to use your information for their own marketing or to share it with their other clients.

Legal Requirements

We may disclose information if required by law (subpoena, court order, regulatory request). We will notify you of any such request unless legally prohibited.

Business Transfers

If CORTEXNODE Inc. is sold or merged, your information may transfer to the acquiring company under a privacy commitment at least as protective as this policy.

Your Rights and Choices

You can:

• Access your data: Settings → Privacy → Download My Data (provides a JSON export of your account, memory, and chat history)
• Delete your account: Settings → Privacy → Delete Account, the account deletion page, or email privacy@cortexnode.ai (removes personal data within 30 days; backups purged within 90 days where technically feasible)
• Revoke integrations: Settings → Connected Services → [service name] → Disconnect
• Opt out of analytics: Settings → Privacy → Analytics → Off (keeps your usage local, sends nothing to our servers)
• Export your memory: Settings → Memory → Export (JSON or markdown)
• Bring your own AI keys: Settings → AI Providers → Bring Your Own Key (CORTEX uses your Anthropic / OpenAI / Gemini key, bypassing our routing entirely)

If you live in a jurisdiction with additional rights (California's CCPA, the EU's GDPR, Brazil's LGPD), those rights also apply. Email us to exercise them.

Data Retention

• While your account is active: we retain your data to provide the service
• After account deletion: we delete personal data within 30 days; backups purged within 90 days; anonymized diagnostic data may be retained where permitted for security, fraud prevention, legal compliance, and service reliability
• Legal hold: if subject to legal proceedings, we may retain data as required by law

Security

We protect your data with:

• TLS 1.3 with certificate pinning for all network requests
• AES-256-GCM encryption at rest
• AWS KMS for cryptographic key management
• Argon2id password hashing
• Account-level isolation in our databases (no cross-user data leakage)
• Session security controls for authenticated account access
• Audit logging of administrative actions
• Regular security review by the operating team

We will notify affected users within 72 hours of any data breach that involves personal information.

Children's Privacy

CORTEX Babies may be used by minors only with parent, guardian, or authorized adult consent and supervision. CORTEX Babies are digital companion characters for entertainment, encouragement, and age-appropriate support only; they are not childcare, medical, mental health, education, emergency, safety monitoring, legal, or financial services.

Do not submit a child's full name, home address, school name, phone number, email address, password, exact location, medical details, or private family information into public demos. If you are a parent or guardian and believe a child provided personal information without consent, contact us and we will delete it promptly.

International Users

CORTEX is operated from the United States. By using the service, you consent to your data being processed in the United States, where privacy laws may differ from your home jurisdiction. We comply with applicable cross-border data transfer requirements.

AI-Generated Content

Changes to This Policy

We may update this Privacy Policy as the service evolves. Material changes will be communicated via in-app notice and email at least 30 days before taking effect. The "Last updated" date at the top reflects the most recent revision.

Contact Us

For privacy questions, data requests, or concerns:

You may also contact your local data protection authority if you believe we are not handling your data appropriately.