Cortyx Privacy Policy

1. Overview

This Privacy Policy describes how Cortyx ("Company," "we," "us," or "our") collects, uses, discloses, and safeguards your information when you use our AI-powered digital assistant services ("Services"). This policy applies to all users of our Services, including our website at getcortyx.com.

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with these practices, please do not use our Services.

2. Information We Collect

2.1 Account Information

We collect and maintain the following account-related information:

• Full name
• Email address
• Phone number (for voice calling features)
• Organization name (if applicable)
• Payment and billing information (processed securely by third-party providers)
• Profile preferences and settings

2.2 User Data

We store and process user data that is uploaded to or created within our Services, including:

• Voice recordings and transcriptions for personalizing your AI assistant
• Email content and metadata
• Documents and files uploaded by users
• AI-generated responses and suggestions
• Calendar events and scheduling data
• User-generated content and configurations

2.3 Connected Services Data

With your explicit consent, we access and store data from third-party services that you choose to connect, including:

• Google Workspace (Gmail, Google Calendar, Google Drive)
• Payment accounts and transaction data (if connected for money tracking features)
• Other productivity and communication services as authorized by you

2.4 Technical Information

We automatically collect technical data necessary for service operation and security, including:

• Authentication logs and session data
• Service access records and usage patterns
• System performance metrics
• API usage logs for connected services
• Device information and browser type
• IP addresses
• Geographic location data

3. How We Use Your Information

The information we collect is used for:

• Account creation and management
• Service authentication and access control
• Providing AI-powered voice calling and email management
• Configuring and operating your personalized AI assistant to act on your behalf
• Managing emails, calls, and follow-ups on your behalf
• Sending daily briefings and notifications
• Data storage, processing, and retrieval as requested by you
• Integration with third-party services as authorized by you
• Processing payments and managing subscriptions
• System security and operational maintenance
• Service improvement and feature development
• Compliance with legal obligations

4. Data Processing

4.1 User Content and Data

We store and process user data as part of our core service functionality. This includes data uploaded directly by you and data accessed from connected third-party services with proper authorization.

4.2 Third-Party Service Integration

You may authorize connections to external services such as Google Workspace and other productivity tools. Such integrations require:

• Explicit user consent for each service connection
• OAuth 2.0 or equivalent secure authorization
• Adherence to the connected service's terms and data handling requirements

Data accessed through these integrations is processed in accordance with your instructions and this Privacy Policy.

4.3 Third-Party AI Processing

When you elect to utilize artificial intelligence features (including voice transcription, email drafting, voice cloning, and AI-powered responses), content may be processed by third-party AI service providers, including OpenAI, ElevenLabs (for voice cloning), and other specialized AI services. Such processing occurs solely at your direction and for the purpose of delivering requested functionality.

5. Data Security

5.1 Encryption

We implement industry-standard security measures to protect your data:

• All data transmissions are protected using TLS/SSL encryption during transit
• Sensitive data at rest is encrypted using AES-256 encryption
• OAuth tokens are encrypted with user-specific keys

5.2 Infrastructure Partners

We utilize trusted third-party service providers for infrastructure operations:

• Supabase for database and authentication services
• Vercel for application hosting and deployment
• Stripe for payment processing
• Twilio for voice calling infrastructure
• OpenAI for AI processing

These providers are contractually bound to maintain appropriate security standards and data protection measures.

6. Data Sharing and Disclosure

We do not sell, rent, or otherwise commercially distribute your personal information. Information may be disclosed only in the following circumstances:

• To infrastructure service providers as necessary for service operation
• To third-party AI services when you elect to use AI features (including OpenAI for AI processing, ElevenLabs for voice cloning, and Twilio for phone calls)
• To connected third-party services as explicitly authorized by you (such as Google)
• To payment processors (Stripe) for billing purposes
• When required by applicable law or legal process
• To protect the rights, property, or safety of the Company or others
• In connection with a corporate transaction such as merger or acquisition

All third-party integrations and data sharing occur only with explicit user consent and authorization.

7. Google API Services

Cortyx's use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. We only access the minimum scopes necessary to provide our services. You can revoke access at any time through your Google Account settings.

7.1 Gmail Access

When you connect your Gmail account, we request permission to:

• Read your emails to display them in your dashboard and enable AI-assisted responses
• Send emails on your behalf when you approve draft responses

7.2 Google Calendar Access

When you connect your Google Calendar, we request permission to:

• View your calendar events to display your schedule and provide daily briefings
• Create and edit calendar events on your behalf for scheduling meetings and reminders

7.3 Data Usage

Data accessed from Google services is used solely to provide and operate the Cortyx service features you have enabled. We do not use Google user data for advertising, do not transfer it to third parties except as necessary to provide our service, and do not use it to train general-purpose AI models.

8. Data Retention and Deletion

Account information and user data are retained for the duration of the service relationship or as necessary to provide requested services. You maintain control over your data and may delete content through service interfaces.

Data from connected third-party services is retained according to your preferences and service requirements. You may disconnect third-party services at any time through the dashboard settings, which will stop future data synchronization. Previously synchronized data will be retained unless explicitly deleted by you.

You may request complete account and data deletion at any time by contacting us or using account deletion features in the dashboard. Data will be permanently deleted within 30 days, subject to legal retention requirements and technical processing timeframes.

9. Your Rights and Choices

Subject to applicable law, you may:

• Request access to your account information and stored data
• Request correction of inaccurate information
• Request deletion of your account and associated data
• Manage connected third-party service integrations
• Revoke authorization for third-party service connections
• Object to certain processing activities
• Request data portability where technically feasible
• Opt-out of marketing communications
• Download your data in common formats (JSON, CSV)

Requests should be submitted through our designated contact channels or dashboard settings.

10. Children's Privacy

Our Services are not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

11. International Data Transfers

Your information may be transferred to and processed in jurisdictions other than your country of residence, including the United States and other countries where our service providers operate. We implement appropriate safeguards to ensure adequate protection during such transfers, including standard contractual clauses where applicable.

12. Legal Compliance

This policy is designed to comply with applicable privacy and data protection laws, including:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• California Privacy Rights Act (CPRA)
• Children's Online Privacy Protection Act (COPPA)
• Other applicable federal, state, and international privacy laws

13. California Privacy Rights

If you are a California resident, you have specific rights under the CCPA/CPRA, including:

• The right to know what personal information we collect, use, and disclose
• The right to delete your personal information
• The right to opt-out of the sale or sharing of your personal information (note: we do not sell your personal information)
• The right to correct inaccurate personal information
• The right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us using the information provided below.

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service features. Material changes will be communicated through appropriate channels, including email notification to account holders or prominent notice within our Services. The "Effective Date" at the top of this policy indicates when it was last updated. We encourage you to review this Privacy Policy periodically.

15. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights under this policy, please contact us:

• Email: vansh3914@gmail.com
• Website: https://getcortyx.com/support