Privacy Policy

Last updated: January 28, 2026

1. Introduction

CortexMind Solutions Pvt. Ltd. ("CortexMind," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our website (cortexmindsolutions.com), our products (including CortexOne Portal, Cortex AI Platform, Cortex Studio, Enterprise AI Hub, Data Governance Platform, and Finance AI), and related services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of our Services.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, job title, and phone number when you create an account or request a demo.
  • Payment Information: Billing address and payment details processed securely through Stripe. We do not store credit card numbers on our servers.
  • Communications: Messages sent to us via email, WhatsApp, or contact forms.
  • Business Data: Data you upload, process, or generate through our products (documents, financial records, HR data, etc.).

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, timestamps, and interaction patterns.
  • Device Information: Browser type, operating system, IP address, and device identifiers.
  • Cookies: We use essential cookies for authentication and preferences. See Section 7 for details.

2.3 Information from Third Parties

  • Authentication Providers: Identity information from SSO providers when you use enterprise login.
  • Analytics Partners: Aggregated and anonymized usage analytics.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Services
  • Process transactions and manage subscriptions
  • Authenticate users and manage access permissions
  • Send transactional communications (account verification, billing, support)
  • Analyze usage patterns to improve user experience
  • Ensure security and prevent fraud
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your business data to train AI models.

4. AI and Data Processing

Our products use artificial intelligence and machine learning technologies. Here is how we handle data in the context of AI processing:

  • Your Data Stays Yours: Business data processed by our AI agents (documents, financial records, etc.) remains your property. We do not use customer data to train or improve our AI models.
  • LLM Providers: We integrate with third-party LLM providers (OpenAI, Anthropic, AWS Bedrock, Google Vertex AI) for AI capabilities. Data sent to these providers is governed by their respective data processing agreements and is processed in accordance with our contractual obligations.
  • RAG Processing: Documents processed through our RAG (Retrieval-Augmented Generation) pipelines are embedded and stored in isolated vector databases per tenant. No cross-tenant data access is possible.
  • Data Minimization: We send only the minimum necessary data to AI providers for processing and do not retain AI processing logs beyond what is needed for service delivery.

5. Data Security

We implement industry-standard security measures including:

  • Encryption: AES-256-GCM encryption for data at rest. TLS 1.3 for data in transit.
  • Access Control: Role-based access control (RBAC) with principle of least privilege.
  • Multi-Tenancy Isolation: Complete data isolation between organizations in our multi-tenant architecture.
  • Authentication: Enterprise-grade authentication with MFA support.
  • Infrastructure: Deployed on AWS with automated security patching, monitoring, and incident response.
  • Audit Logging: Comprehensive audit trails for all data access and modifications.

6. Data Sharing and Disclosure

We share information only in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist in operating our Services (cloud hosting, payment processing, analytics), under strict data processing agreements.
  • Legal Requirements: When required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections.
  • With Your Consent: When you explicitly authorize us to share information.

7. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for authentication, security, and core functionality. Cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with our website. You can opt out of these.

We do not use advertising cookies or third-party tracking pixels. We respect browser-level privacy signals including Global Privacy Control (GPC) and Do Not Track (DNT) headers.

8. Data Retention

We retain personal information for as long as necessary to provide our Services and fulfill the purposes described in this policy. Specifically:

  • Account Data: Retained while your account is active and for 90 days after deletion request.
  • Business Data: Retained as per your subscription plan. Permanently deleted within 30 days of account termination.
  • Usage Logs: Retained for 12 months for security and analytics purposes.
  • Financial Records: Retained for 7 years as required by applicable law.

9. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your personal data.
  • Portability: Request your data in a machine-readable format.
  • Withdraw Consent: Withdraw consent for optional processing activities.
  • Grievance Redressal: File a complaint with our Data Protection Officer or the relevant supervisory authority.

To exercise these rights, contact us at privacy@cortexmindsolutions.com.

10. Compliance

We comply with applicable data protection regulations including:

  • DPDP Act 2023 (India): Digital Personal Data Protection Act compliance for Indian users.
  • GDPR: General Data Protection Regulation for EU/EEA users.
  • IT Act 2000 (India): Information Technology Act compliance including reasonable security practices.

11. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify users of material changes via email or a prominent notice on our website. The "Last updated" date at the top reflects the most recent revision.

13. Contact Us

For privacy-related inquiries or to exercise your rights: