This Privacy Policy explains what information Cortex collects, how that information is used, and what controls are available to you when using the product.
What Cortex Collects
Cortex collects information needed to run the service, including:
- Account information — Your email address, hashed password, and any profile data you choose to add such as display name, username, field of work, avatar, and personal preferences.
- Conversation data — Messages, generated outputs, titles, pinned state, sharing state, and related session metadata.
- Uploaded content — Files you upload, extracted text, and chunked source data used to help Cortex answer questions about those materials.
- Settings data — Preferences such as auto-delete choices and other account-level settings.
- Technical and security data — Basic logs, request metadata, rate-limit events, and authentication events needed to operate, secure, and troubleshoot the service.
Browser Storage
Cortex stores certain data locally in your browser to keep the product functional and convenient. This may include access tokens, refresh tokens, sidebar and UI preferences, and other small client-side state.
How Cortex Uses Data
- To create and secure user accounts
- To generate responses and maintain conversation history
- To process uploaded files and support source-aware answers
- To personalize output using your saved profile preferences
- To power sharing, export, and document-generation features
- To detect abuse, enforce rate limits, and keep the platform reliable
- To diagnose bugs and improve the product
When Data Is Shared
Cortex does not sell your personal data. Information may be shared only in limited cases necessary to run the service:
- AI processing — Prompts and relevant uploaded content may be sent to Anthropic so the model can generate responses.
- Infrastructure providers — Hosting, database, and delivery providers may process data on Cortex's behalf depending on how the deployment is hosted.
- Shared sessions — If you enable a share link, anyone with that link can view the shared session in read-only form.
- Legal or safety reasons — Data may be disclosed if required to comply with law, enforce terms, or protect users and the service.
Data Retention and Control
Cortex keeps your data for as long as it is needed to provide the service, unless you remove it sooner.
- You can delete sessions from the product interface.
- You can configure optional auto-delete windows for older sessions.
- You can export your chat data in JSON or Markdown and export document outputs as DOCX.
- You can delete your account, which removes the account record and associated user data stored for the hosted service.
Security
Cortex uses practical security controls such as bcrypt password hashing, JWT-based authentication, rate limiting, file validation, and access controls around user data. No system can guarantee absolute security, so you should avoid uploading information that you would not want processed by an online service.
Children's Privacy
Cortex is intended for students, researchers, and professional users. It is not designed specifically for children under 13.
Changes to This Policy
Cortex may update this Privacy Policy from time to time. The effective date at the top of the page will be updated when changes are posted.
Questions about privacy can be raised through GitHub.