Privacy Policy
Effective date: April 4, 2026
1. Introduction
Cortex AIF (cortex-aif.com) is an AI-powered business analysis platform. We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
This policy explains what data we collect, how we use it, how long we keep it, and what rights you have over your data.
2. Data We Collect
We collect only the data necessary to provide our service:
- Email address — provided via Stripe during payment, used to deliver your analysis report and communicate about your order
- Business analysis inputs — URLs and text descriptions you submit for analysis
- Usage analytics — only if you accept cookies via our consent banner (page views, session duration, geographic region)
- Payment data — processed entirely by Stripe. We do not store credit card numbers, CVVs, or other payment card details on our servers
We do not sell, rent, or share your personal data with third parties for marketing purposes.
3. How We Use Your Data
Your data is used for the following purposes:
- To deliver analysis reports you purchased
- To send weekly observations if you subscribe to monitoring
- To improve our analysis algorithms and service quality
- Analytics data (if consented) to understand site usage patterns
- Responding to support requests
4. Data Retention
We retain your data for the following periods:
- Analysis reports — stored indefinitely. They are your purchased product and remain accessible to you.
- Account and payment data — retained while the service is active. Deleted within 30 days after cancellation or upon your request.
- Business analysis inputs — retained alongside the report for your reference. Deleted upon request.
- Analytics cookies — expire per Google Analytics defaults (2 years), but only set if you consented via the cookie banner.
5. Your Rights (GDPR Articles 15-22)
If you are located in the European Economic Area (EEA), the United Kingdom, or any jurisdiction with equivalent data protection laws, you have the following rights:
| Right | Article | Description |
|---|---|---|
| Right of Access | Art. 15 | You can request a copy of all personal data we hold about you. |
| Right to Rectification | Art. 16 | You can request correction of any inaccurate or incomplete personal data. |
| Right to Erasure | Art. 17 | You can request deletion of your personal data ("right to be forgotten"). We will delete your data within 30 days unless retention is required by law. |
| Right to Restriction | Art. 18 | You can request that we limit processing of your data while a dispute is being resolved. |
| Right to Data Portability | Art. 20 | You can request to receive your data in a structured, machine-readable format (JSON or CSV). |
| Right to Object | Art. 21 | You can object to processing of your data based on legitimate interests, including analytics profiling. |
| Automated Decision-Making | Art. 22 | Our analysis uses AI to generate reports, but all final business decisions are always yours. You may request human review of any automated assessment. |
To exercise any of these rights, email [email protected]. We will respond within 30 days as required by GDPR.
6. Cookies
We categorize cookies on our site as follows:
Essential Cookies
We do not use essential cookies for site functionality. No cookies are set until you interact with the cookie consent banner or initiate a payment.
Analytics Cookies (optional, consent-based)
Google Analytics 4 (GA4) via Google Tag Manager (GTM) tracks page views, session duration, and geographic region. These cookies are only loaded after you click "Accept" on the cookie consent banner. If you decline, no analytics cookies are set and no tracking data is collected.
Payment Cookies
Stripe may set cookies during the checkout process. These are necessary for payment processing and fall under the lawful basis of contract performance (GDPR Art. 6(1)(b)).
Security
Cloudflare Turnstile sets a security cookie to verify you are a real user and protect against bots. This is a functional security measure, not used for tracking or advertising.
7. Third-Party Services
We use the following third-party services to operate the platform:
- Stripe — payment processing (Stripe Privacy Policy)
- Google Analytics — website usage analytics, if consented (Google Privacy Policy)
- SendGrid — email delivery (Twilio/SendGrid Privacy Policy)
- Cloudflare — CDN, security, and bot protection (Cloudflare Privacy Policy)
- DeepSeek / Anthropic Claude — AI analysis engines. Your input text is processed to generate analysis reports. These services do not retain your data beyond the request lifecycle.
8. Data Security
We implement the following security measures to protect your data:
- HTTPS encryption for all data in transit
- JWT-based authentication for account access
- Rate limiting to prevent abuse
- Server-side input sanitization
- Cloudflare DDoS protection and WAF
9. Children
Cortex AIF is not intended for users under the age of 18. We do not knowingly collect data from minors. If you believe a minor has submitted data to us, please contact us and we will delete it promptly.
10. Contact for Data Requests
For privacy-related questions, data requests, or to exercise your GDPR rights:
- Email: [email protected]
- Response time: within 30 days as required by GDPR
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Your continued use of the Platform constitutes acceptance of the updated policy.
Last updated: April 2026