Last updated: January 1, 2026
Account information: When you register, we collect your name and email address. If you sign up via Google or GitHub, we receive your email and public profile from those providers.
Conversation metadata: If you enable cloud sync, we store metadata about your conversations (titles, timestamps, platform, folder/tag assignments). We do not store conversation content on our servers by default. Content is stored in encrypted form on your device using IndexedDB and only synced if you opt into E2E sync.
Usage analytics: We collect anonymized product usage events (e.g., feature usage, error rates) to improve the product. You can opt out in your account settings.
Billing: Payment processing is handled by Stripe. We do not store credit card numbers.
Conversation content is stored locally on your device and never sent to our servers unless you enable E2E encrypted cloud sync. When E2E sync is enabled, your data is encrypted on-device before transmission using XSalsa20-Poly1305 (via libsodium). Only you hold the encryption key.
Account data is stored in a PostgreSQL database hosted on infrastructure that complies with SOC 2 Type II. All data is encrypted at rest and in transit.
We do not sell your personal data. We share data only with:
You have the right to:
The Cortex web app uses only essential session cookies. We do not use tracking or advertising cookies.
Cortex is not directed to children under 13. We do not knowingly collect data from children.
We will notify you of material changes via email. Continued use of the service after changes constitutes acceptance of the updated policy.
For privacy inquiries, email privacy@cortexapp.app.