Terms of Use

Privacy Policy

Effective date: July 24, 2025. View change history.

At Cortex Flex, Inc. (“Cortex”, “Cortex Flex”, “we”, “us”, or “our”), we take your privacy seriously. Please read this Privacy Policy to understand how we handle your personal data. By using or accessing our Services in any manner, you acknowledge that you accept the practices and policies described below, and you consent to our collection, use, and sharing of your information as described in this Privacy Policy.

Your use of Cortex’s Services is at all times subject to our Terms of Service, which incorporates this Privacy Policy. Capitalized terms not defined here have the meanings given to them in the Terms of Service.

You may print a copy of this Privacy Policy by clicking here.

Summary of our Privacy Policy

We aim to collect only what we need, use it only to operate and improve the Services, and share it only with third parties that help us provide the Services. We do not sell your personal information.

Privacy Policy Table of Contents

What this Privacy Policy Covers

This Privacy Policy explains how we treat “Personal Data” that we gather when you access or use our Services. “Personal Data” means information that identifies or relates to a particular individual, including information defined as “personally identifiable information” or “personal information” under applicable laws. This Policy does not apply to the practices of companies we do not own or control, or to people we do not manage.

Personal Data

Categories of Personal Data We Collect

The chart below describes the categories of Personal Data we may collect and may have collected in the last 12 months. Many categories are collected only if you choose to provide them.

Category of Personal Data Examples of Personal Data We Collect Categories of Third Parties With Whom We Share this Personal Data
Profile or Contact Data Display name; email address; phone number; profile photo Service Providers; Parties You Authorize, Access or Authenticate
Device/IP Data IP address; host name; device/OS/browser information used to access the Services Service Providers; Analytics Partners
Web Analytics Page interactions; referring URL/source; statistics on interactions with the Services Service Providers; Analytics Partners
Social Network Data Email address; username (if you choose to connect via a social network) Service Providers
Geolocation Data Coarse location derived from IP address Service Providers; Analytics Partners
Other Identifying Information You Voluntarily Provide Messages, uploaded files, channel/stream descriptions, and other content you submit; values of certain profile fields configured (e.g., name, location) Service Providers; Parties You Authorize, Access or Authenticate
Other Identifying Information Another User Provides About You Messages or other content that other users send to you or about you; information organization administrators upload via APIs or import tools Service Providers; Parties You Authorize, Access or Authenticate

Categories of Sources of Personal Data

We collect Personal Data from these sources:

  • You
  • Directly provided: Account creation; use of interactive tools; survey responses; support requests; other communications.

  • Automatically collected when you use the Services:

    • Cookies (see Tracking Tools and Opt-Out).
    • When you use our mobile or web applications, we may receive device and network information (e.g., IP address).
    • We may receive information from your device to provide the Services (e.g., online status, availability for updates/notifications).

  • Third Parties

  • Vendors
    • Analytics providers that help us understand usage.
    • Customer support tools.
  • Social Networks
    • If you connect a social account or sign in via a third-party service, we may receive certain information from that account.
  • Integrations
    • You or other users may connect integrations that send third-party data into Cortex.
  • Other Users
    • Other users may send you messages or upload content about you.
    • Organization administrators may import or export data pertaining to you.
    • By uploading Personal Data about others, you represent that you have authority to do so.

Our Commercial or Business Purposes for Collecting Personal Data

  • Providing, Customizing, and Improving the Services
  • Account creation and management.
  • Processing orders/transactions; billing.
  • Delivering products, services, or information you request.
  • Supporting and assisting you with the Services.
  • Improving and developing the Services (testing, analytics, research).
  • Personalizing the Services and communications.
  • Fraud/security/abuse prevention and debugging.

  • Other business purposes disclosed at collection or permitted by law.

  • Marketing the Services

  • Marketing and selling our Services.

  • Corresponding with You

  • Responding to your communications.

  • Sending emails, notifications, and other messages according to your preferences.

  • Meeting Legal Requirements and Enforcing Legal Terms

  • Complying with legal obligations.
  • Protecting rights, property, or safety of you, Cortex, or others.
  • Enforcing agreements.
  • Responding to claims and resolving disputes.

We will not collect new categories of Personal Data or use your Personal Data for materially different purposes without providing notice.

How We Share Your Personal Data

We disclose your Personal Data to the categories of service providers and other parties listed below. We do not sell Personal Data.

  • Service Providers who help us provide the Services or operate our business, including:
  • Hosting, technology, and communications providers
  • Analytics providers
  • Security and fraud prevention consultants

  • Support and customer service vendors

  • Parties You Authorize, Access or Authenticate

  • Other Cortex users. Messages or data you provide may be visible to other users in your organization. Some channels/rooms may be publicly accessible, depending on your organization’s configuration.
  • Organization Administrators. Admins may export all organization data for backup, migration, or other purposes consistent with our Terms of Service. (Password hashes are not included in exports.)

  • Third-party clients/services to which you grant access (e.g., using your API key).

  • Analytics Partners

  • Parties that analyze traffic or usage or track referrals/interactions.

  • Business Partners

  • Third-party services that you or your organization integrate with our Services.

We may share Personal Data with third parties to meet legal requirements, protect rights and safety, enforce agreements, respond to legal process, or investigate potential violations.

Business Transfers

Your Personal Data may be transferred to a third party in connection with a merger, acquisition, bankruptcy, or other transaction. We will make reasonable efforts to notify you before your information becomes subject to a different privacy policy.

Data that is Not Personal Data

We may create aggregated, de-identified, or anonymized data from Personal Data and use or share it for lawful business purposes, provided it cannot reasonably identify you.

Tracking Tools and Opt-Out

We use cookies and similar technologies to recognize your browser, understand how you use our Services, improve them, and run analytics. Because of our use of cookies, the Services do not respond to the “Do Not Track” setting in some browsers.

Types of cookies we use:

  • Essential Cookies Required for core features (e.g., login). Disabling them may break parts of the Services.

  • Performance/Analytical Cookies Help us understand usage, measure campaigns, and improve content. For example, we may use Google Analytics. Google’s use of your data is governed by the Google Analytics Terms of Service and the Google Privacy Policy. You can opt out via the Google advertising opt-out page or the Google Analytics Opt-out Browser Add-on.

Managing cookies: You can configure your browser to reject or delete cookies. If you do, you may need to reconfigure preferences on each visit, and some features may not work.

For more on cookies, visit http://www.allaboutcookies.org/ or (EU residents) https://ico.org.uk/for-the-public/online/cookies/.

Data Security and Retention

We use appropriate physical, technical, organizational, and administrative safeguards to protect your Personal Data, based on the type of data and processing we undertake. However, no method of transmission or storage is 100% secure.

You are responsible for protecting your password and other sign-on credentials, limiting access to your devices, and signing off when finished.

We retain Personal Data for as long as your account is active or as needed to provide the Services. We may retain Personal Data longer where necessary to comply with legal obligations, resolve disputes, collect fees, or as otherwise permitted by law. We may retain de-identified or aggregated data indefinitely.

Personal Data of Children

As stated in our Terms of Service, we do not knowingly collect Personal Data from children under thirteen (13) years of age, or under the minimum age of consent in their country. If you are under the applicable age, please do not register or send us Personal Data. If we learn that we have collected such data, we will delete it as quickly as possible. If you believe a child under the applicable age provided us Personal Data, contact us at privacy@cortexflex.org.

California Resident Rights under CCPA

If you are a California resident, you have certain rights under the California Consumer Privacy Act (“CCPA”). If we process your Personal Data as a service provider on behalf of a customer, please contact that customer first to exercise your rights.

Where the CCPA applies, and to the extent of any conflict with other portions of this Policy, the more protective terms control.

Access

You may request information about our collection, use, and disclosure of your Personal Data over the past 12 months, including: - Categories of Personal Data collected. - Categories of sources. - Business or commercial purposes for collection or disclosure. - Categories of third parties with whom we’ve shared Personal Data. - The specific pieces of Personal Data collected about you.

Deletion

You may request deletion of Personal Data we collected from you, subject to statutory exceptions (e.g., to provide the Services, complete transactions, comply with law). We cannot delete messages/content you sent to other users; if your account is deleted, those items may be attributed to a “Deleted User.” Others may also have already downloaded or copied your content.

Exercising Your Rights

To exercise your rights, you or your Authorized Agent must submit a request that: 1. Provides sufficient information for us to verify your identity (which may include proving ownership of the email address associated with your account); and 2. Describes your request with sufficient detail to allow us to respond.

We will respond to Valid Requests within 45 days. We do not charge fees unless requests are excessive, repetitive, or manifestly unfounded.

Submit requests via: - Email: nate@cortexflex.org

You may authorize an agent to act on your behalf by providing them written permission and confirming that authorization with us.

Personal Data Sales Opt-Out and Opt-In

We do not sell Personal Data and have not done so in the last 12 months.

Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

Other State Law Privacy Rights

California “Shine the Light”

Under California Civil Code §§ 1798.83–1798.84, California residents may request information regarding disclosure of Personal Data to third parties for their direct marketing. Cortex does not disclose Personal Data to third parties for their direct marketing. Within your organization, your display name, email, avatar, and other profile information may be visible to other users, depending on the settings.

Nevada Resident Rights

We do not sell Personal Data. Nevada residents may still opt out of any future sale of “covered information” by emailing privacy@cortexflex.org with the subject line “Nevada Do Not Sell Request”.

European Union Data Subject Rights

EU/UK/EEA Residents

If you are in the EU, UK, Lichtenstein, Norway, or Iceland, you may have additional rights under the GDPR (and UK GDPR). Cortex is the controller of Personal Data processed in connection with the Services (unless otherwise stated where we act as a processor on behalf of a customer).

If there is any conflict between this section and other parts of this Policy, the more protective provision controls. If we process your Personal Data as a processor, please contact the controller (e.g., your organization) first.

Personal Data We Collect

See Categories of Personal Data We Collect.

See Our Commercial or Business Purposes for Collecting Personal Data. We process Personal Data under the following legal bases:

  • Contractual Necessity: Needed to perform the contract (Terms of Service) with you, e.g.:
  • Profile/Contact Data
  • Payment Data
  • Other Identifying Information You Voluntarily Provide

  • Other Identifying Information Another User Provides to You

  • Legitimate Interests: We process, for example:

  • Device/IP Data
  • Web Analytics
  • Geolocation Data

  • Other Identifying Information Another User Provides to You For purposes such as providing and improving the Services, marketing, corresponding with you, meeting legal requirements, and completing corporate transactions. We may also de-identify/anonymize data to further these interests.

  • Consent: In certain cases (e.g., Social Network Data), we rely on your consent, which you may withdraw at any time.

  • Legal Obligation / Vital Interests / Public Task: We may also process data to comply with law, protect vital interests, or perform a task in the public interest.

Sharing Personal Data

See How We Share Your Personal Data.

Your Rights

Subject to applicable law, you may have the right to: - Access your Personal Data. - Rectify inaccurate or incomplete Personal Data. - Erase your Personal Data (with limitations similar to those described above). - Withdraw Consent where processing is based on consent. - Portability of your Personal Data in a machine-readable format. - Object to processing for certain purposes (e.g., direct marketing). - Restrict processing in certain circumstances. - Lodge a Complaint with your local supervisory authority. A list is available at https://edpb.europa.eu/about-edpb/board/members_en.

To exercise these rights, contact us at nate@cortexflex.org.

International Transfers

Our Services are hosted in the United States. If you reside outside the U.S., your data may be transferred to, stored, and processed in the U.S. and possibly other countries, where laws may differ. By using the Services, you consent to these transfers.

Changes to this Privacy Policy

We’re always improving our Services, so we may update this Privacy Policy from time to time. When we do, we’ll notify you by posting a notice on our website, emailing you, and/or by other reasonable means. We generally aim to provide notice at least 14 days before the updated policy takes effect. If you use the Services after changes take effect, you agree to the revised policy. The policy in effect at the time we collect information governs our use of that information.

Contact Information

If you have questions or comments about this Privacy Policy, how we collect and use your Personal Data, or your choices and rights, please contact us at:

If you are located in the EU or UK, you may contact us at the email above regarding GDPR/UK GDPR matters. We may designate an EU/UK representative and will update this policy with their contact details if/when appointed.

Last updated: July 24, 2025

Don't see an answer to your question? Contact the administrators for support.