BACK TO CORTEX

LEGAL

Privacy Policy

Effective date: July 3, 2026

Cortex is a personal intelligence platform. You share deeply personal material — writing, voice, chat history, decisions, relationships — so we can build a faithful digital version of how you think and communicate. We take that responsibility seriously.

In short: your data is yours, your clone is private by default, we never sell your personal information, and you can delete your data or disconnect services at any time.

Our commitment to you

We built Cortex because people deserve a way to preserve and share their intelligence on their own terms — not because we wanted a data asset to monetize. Everything below follows from a few simple principles:

  • You own your content. Documents, recordings, exports, and answers you upload remain yours. We process them only to build and operate your Cortex.
  • Private by default. New accounts are not public. Nobody can query your clone until you explicitly turn on public access in Settings.
  • Purpose-limited use. We collect information to run the product you signed up for — not for unrelated advertising, resale, or profiling.
  • Transparency and control. You decide what to upload, whether to go public, and when to delete or reset your data.
  • Human support. Privacy questions go to a real person, not an automated black hole.

Information we collect

We collect only what is needed to provide Cortex. This falls into a few categories:

Account information

When you sign up, we collect basics like your name, email address, username, display name, and authentication identifiers from your login provider.

Content you choose to share

Cortex works by learning from material you deliberately provide. Depending on what you upload or connect, this may include:

  • Text, documents, notes, and file uploads (PDF, DOCX, Markdown, and similar formats)
  • Voice and video recordings, including transcripts and behavioral speech patterns derived from those recordings
  • AI chat exports (ChatGPT, Claude, Gemini, and similar) and social platform exports you upload
  • Questionnaire and onboarding answers, including adaptive follow-up responses
  • Feedback, corrections, and ratings you submit to improve your clone

Derived intelligence

From your uploads, we generate structured knowledge — profile summaries, knowledge nodes, wiki pages, reasoning patterns, style exemplars, and related artifacts — so your clone can answer accurately in your voice. This derived data stays tied to your account and is not shared with other users.

Usage and query data

When you or someone queries your public clone, we log questions, responses, retrieval traces, and usage counts to operate the service, prevent abuse, and help you improve fidelity. Anonymous visitors to public clones are rate-limited; we do not require them to create accounts.

Connected services (optional)

If you connect Google Calendar or use meeting features, we access only the calendar and meeting data you explicitly authorize — for example, event titles, times, attendees, and meeting transcripts needed to join or summarize a call. We do not read your Gmail, Drive, or other Google products unless you separately grant that access.

Billing and support

If you subscribe to a paid plan, our payment processor handles billing details. We store plan tier and subscription status, not full card numbers.

How we use your information

We use the information above to:

  • Authenticate you and maintain your account
  • Extract, structure, and retrieve knowledge to build your personal Cortex profile
  • Generate text and voice responses when you or authorized visitors query your clone
  • Power optional calendar and meeting-agent features you enable
  • Provide customer support and respond to your requests
  • Maintain security, detect abuse, and enforce rate limits
  • Improve product reliability and fix bugs (using aggregated, non-content analytics where possible)
  • Comply with legal obligations

We do not use your private uploads to train general-purpose AI models for other customers. Your content is processed through commercial AI APIs solely to deliver your Cortex.

What we do not do

We want to be explicit about practices we avoid:

  • We do not sell your personal information, Google user data, or clone content to data brokers, advertisers, or third parties.
  • We do not run ads targeted using the contents of your uploads or private clone conversations.
  • We do not make your clone public without your action. Public access is off until you enable it in Settings and pass readiness checks.
  • We do not share your private brain with other users. Each Cortex profile is isolated to its owner unless you choose to publish it.
  • We do not use your data for unrelated AI research or to build products for other people without your consent.

Your controls

You stay in charge of what Cortex knows and who can access it:

  • Choose what to upload. You decide which documents, recordings, exports, and answers to share. More signal improves fidelity, but nothing is required beyond what you are comfortable providing.
  • Public visibility toggle. In Settings, you can turn public clone access on or off at any time. When off, REST, MCP, and voice endpoints are not available to outside visitors.
  • API keys. You can issue API keys for programmatic access. Keys are tied to your account and can be revoked.
  • Corrections and review. You can edit your brain, queue corrections from feedback, and review pending changes before they apply.
  • Reset or delete. You can reset onboarding and delete your clone data from Settings, or email us to request full account deletion. We will honor verified deletion requests within a reasonable timeframe.
  • Disconnect Google. Revoke Cortex's Google access anytime from your Google Account permissions page. We stop receiving new calendar data immediately.

Google user data

If you connect Google services such as Google Calendar, Cortex's use of that data is limited to the features you request — importing upcoming meetings, joining calls you initiate, and syncing transcripts you choose to write back into your brain.

  • We access only the scopes you approve during OAuth consent.
  • We do not sell Google user data.
  • We do not use Google user data for advertising.
  • We do not transfer Google user data to third parties except infrastructure providers that help us operate the service under contract and confidentiality obligations.
  • Human access to Google user data is limited to what is necessary for support, security, or legal compliance.

You can disconnect Google access at any time. Previously imported meeting data already stored in your Cortex can be deleted through Settings or by contacting us.

How we protect your data

Personal intelligence deserves strong safeguards. We use industry-standard practices including:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Encrypted storage through our cloud infrastructure provider
  • Row-level security and access controls so each user's data is isolated in our database
  • Private storage buckets for uploaded audio and media — not publicly accessible URLs
  • Service-role authentication for server-side processing; browser clients use scoped, least-privilege keys
  • Rate limiting on public query endpoints to reduce abuse

No system is perfectly secure. If we become aware of a breach that affects your personal information, we will notify you and relevant authorities as required by law.

Service providers we use

We rely on trusted vendors to host and operate Cortex. They process data on our behalf under contractual terms and only for the purposes described in this policy. These include providers for:

  • Cloud hosting and database (Supabase)
  • AI processing and embeddings (OpenAI, Anthropic)
  • Voice synthesis and optional voice cloning (OpenAI, ElevenLabs, Smallest.ai)
  • Meeting participation when you enable it (Vexa)
  • Payment processing (Razorpay)
  • Email delivery for account and admin messages (Resend)
  • Product analytics to understand usage patterns (PostHog, Microsoft Clarity)

We do not authorize these providers to use your content for their own unrelated purposes.

Sharing and legal disclosure

We do not sell or rent your personal information. We may share information only in these limited situations:

  • With service providers who help us operate Cortex, under confidentiality and data-processing agreements
  • When you make your clone public, visitors can query it through the endpoints you enable — that is the product working as you intended
  • If required by law, regulation, legal process, or enforceable government request
  • To protect the rights, safety, and integrity of Cortex, our users, or the public
  • In connection with a merger, acquisition, or sale of assets — in which case we will notify you and continue to honor this policy unless you are given a choice to opt out

Data retention

We retain your information for as long as your account is active and as needed to provide the service. If you delete content, reset your brain, or close your account, we delete or anonymize associated data within a reasonable period, except where we must retain records for legal, security, or billing purposes.

Backups may persist for a limited time before being overwritten. Aggregated analytics that cannot identify you may be retained longer.

Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information. We will honor valid requests in accordance with applicable law.

  • Access and portability: Request a copy of the personal data we hold about you.
  • Correction: Update your profile in Settings or ask us to fix inaccurate data.
  • Deletion: Reset your clone, delete your account, or email us for full erasure.
  • Opt-out of public access: Turn off the public visibility toggle at any time.

California residents: we do not sell personal information as defined under the CCPA/CPRA. You may exercise your rights by contacting us below.

EEA, UK, and similar jurisdictions: our legal basis for processing is typically performance of our contract with you, your consent (for optional connections like Google Calendar), and our legitimate interests in securing and improving the service — balanced against your rights.

International transfers

Cortex is operated from the United States. If you access the service from another country, your information may be processed in the U.S. and other locations where our service providers operate. We use appropriate safeguards for cross-border transfers where required.

Children

Cortex is not intended for anyone under 16. We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us and we will delete it promptly.

Changes to this policy

We may update this Privacy Policy as Cortex evolves. When we make material changes, we will post the updated policy here with a new effective date and, where appropriate, notify you by email or in-app notice. Continued use after changes take effect means you accept the updated policy.

Contact us

Privacy questions, data requests, or concerns — we read every message:

aashwin@makecortex.com

We aim to respond to privacy requests within 30 days. For account deletion or export requests, include the email address associated with your Cortex account so we can verify your identity.

See also our Terms of Service.

v290