Privacy Policy

Scope and controller

This Privacy Policy applies to the Cortonex website at https://cortonex.com/, contact forms, demo requests, cookie preferences, security inquiries, business communications, authenticated demo portals, evaluation workspaces, client-access environments, and Cortonex-controlled subdomains.

Cortonex Technologies Inc. is based in St. John's, Newfoundland and Labrador, Canada. For the purposes of this policy, "Cortonex", "Company", "we", "us", and "our" refer to Cortonex Technologies Inc. "You" refers to a website visitor, demo requester, authorized demo user, client representative, or the organization on whose behalf that person acts.

Where Cortonex processes information under a separate customer, pilot, proof-of-concept, data processing, business associate, confidentiality, or enterprise agreement, that agreement may contain additional terms that apply to the relevant data and environment.

Key definitions

• Personal information means information about an identifiable individual, including business contact details when they identify a person.
• Website data means information collected through the public website, including forms, cookies, logs, diagnostics, and page interactions.
• Demo environment means an authenticated Cortonex-hosted demo, evaluation workspace, proof-of-concept workspace, or client-access portal.
• Workspace content means files, records, prompts, source context, operational data, model context, logs, metadata, notes, evidence records, or other materials submitted, uploaded, connected, or generated inside a demo environment.
• Authorized user means a person approved by Cortonex or by a client organization to access a demo environment or client-access subdomain.

Information we collect

When you contact us or request a demo, we may collect your name, email address, phone number, job title, company name, message, and related business context you choose to provide.

When Cortonex provides authenticated access to a demo environment, we may collect account and access information such as user name, business email, organization, role, workspace membership, permissions, authentication events, session activity, IP address, device and browser information, access timestamps, support requests, and audit logs.

If you or your organization provides workspace content, we process that information to provide, secure, support, evaluate, and improve the requested demo or workspace experience. Workspace content may include documents, records, controls, operational data, digital or spatial context, exception logs, source metadata, prompts, model context, analysis results, evidence paths, and review notes.

We may also collect technical and usage data needed to operate and protect the website and demo environments, including browser type, device type, referring page, approximate location derived from network information, page interactions, error events, performance data, system logs, and security logs.

Sensitive and regulated data

Public website forms are not intended for regulated production data, protected health information, sensitive personal information, trade secrets, export-controlled materials, or other highly sensitive operational data. Do not submit that information through a public form.

Demo environments are intended for controlled evaluation and demonstration unless a separate written agreement states otherwise. If Cortonex agrees to receive sensitive or regulated data for a specific pilot, deployment, or enterprise workflow, the applicable written agreement may define additional confidentiality, security, retention, access, and compliance obligations.

How we use information

• To respond to inquiries, demo requests, security reviews, procurement requests, and business communications.
• To provision, authenticate, operate, support, and secure demo portals, evaluation workspaces, client-access subdomains, and related product experiences.
• To assemble and display demo outputs, intelligence records, audit views, evidence paths, validation states, confidence indicators, governance routes, and other requested Cortonex functionality.
• To maintain authentication records, workspace permissions, audit logs, release gates, support records, and security logs.
• To monitor reliability, diagnose errors, prevent abuse, detect suspicious activity, protect against unauthorized access, and preserve service integrity.
• To improve website performance, documentation, demonstrations, user experience, product workflows, and operational processes.
• To send requested communications, respond to support issues, manage demos, and follow up on business discussions.
• To comply with legal obligations, enforce terms, preserve rights, and protect Cortonex, users, customers, systems, and data.
• To evaluate or carry out a financing, acquisition, restructuring, merger, sale of assets, or similar business transaction involving Cortonex.

AI, model context, and workspace outputs

Cortonex is designed to reason across organizational data, evidence, model context, operational signals, and review controls. When workspace content is processed inside a demo or client environment, Cortonex may generate or display derived outputs such as intelligence records, citations, evidence locks, audit trails, confidence indicators, conflict disclosures, risk forecasts, and owner routes.

Cortonex does not sell workspace content. Cortonex does not use customer workspace content submitted to a demo or client environment to train public third-party models unless a separate written agreement expressly permits that use. Where third-party infrastructure, models, or service providers are used to support a demo or service, they are used subject to the applicable technical, contractual, and security controls.

Cookies, analytics, and diagnostics

We may use cookies, local storage, server logs, pixels, and similar technologies to operate the website, remember cookie preferences, maintain authenticated sessions, protect forms, measure site activity, and improve performance.

• Essential technologies support security, authentication, session continuity, load balancing, form protection, and core website functions.
• Preference technologies remember settings such as cookie choices or interface preferences.
• Analytics and diagnostics help us understand aggregate usage, page performance, errors, and reliability.
• Security logs help detect abuse, unauthorized access, automated submissions, suspicious sessions, and system misuse.

We may use Google reCAPTCHA or similar anti-abuse technologies to protect forms from automated submissions and misuse. Those technologies may evaluate browser, device, and interaction signals according to the provider's privacy and service terms.

You can configure your browser to refuse or delete cookies. Some website preferences or authenticated-session features may not work as intended if certain technologies are disabled.

Business communications

If you submit a form, request information, or communicate with Cortonex, we may contact you by email, phone, or other appropriate business channels about your request, a demo, a security review, a potential engagement, or related Cortonex services.

Where required by applicable law, including Canada's anti-spam rules, we will seek appropriate consent for commercial electronic messages and provide a way to unsubscribe or request that we stop sending non-essential communications.

Information sharing and service providers

We do not sell personal information. We may share information with service providers that help us host, secure, monitor, analyze, communicate, deliver email, protect and process forms, operate infrastructure, provide authentication, support demo environments, manage logs, and maintain business systems.

Service providers are expected to use information only as needed to provide services to Cortonex and to protect information using appropriate safeguards. We may also disclose information when required by law, to enforce our terms, to protect rights and security, to investigate abuse, to respond to lawful requests, or in connection with a business transfer.

Retention

We retain information only for as long as reasonably necessary for the purposes described in this policy, including responding to inquiries, operating demo access, maintaining audit and security logs, supporting business records, complying with legal obligations, resolving disputes, and enforcing agreements.

Workspace content, demo logs, access records, support records, and audit records may have different retention periods depending on the demo, pilot, security need, customer instruction, or applicable written agreement. When information is no longer needed, we take steps designed to delete, de-identify, or securely retain it according to the applicable purpose and obligation.

Processing locations and cross-border transfers

Your information may be processed in Canada or in other jurisdictions where Cortonex, its infrastructure, or its service providers operate. Privacy and government-access laws in those jurisdictions may differ from those in your location.

When information is transferred or processed outside your jurisdiction, we take steps designed to protect it in accordance with this Privacy Policy, applicable agreements, and the sensitivity of the information.

Security safeguards

We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, copying, use, modification, loss, theft, and destruction. These measures may include access controls, authentication, least-privilege practices, logging, monitoring, transport encryption, vendor review, backup controls, and operational security review.

The level of protection depends on the sensitivity, amount, distribution, format, and storage of the information. No internet transmission, website, demo environment, or electronic storage method can be guaranteed to be perfectly secure. If you believe information submitted to Cortonex has been accessed or used improperly, contact us promptly.

Your rights and choices

Depending on where you are located, you may have rights to access, correct, delete, restrict, object to, or withdraw consent for certain processing of personal information. You may also request information about how we use, disclose, retain, or protect your personal information.

Some requests may be limited by legal obligations, security requirements, confidentiality obligations, customer instructions, backup retention, audit requirements, or other lawful grounds. If we cannot fulfill a request in full, we will explain where required by applicable law.

Children's privacy

The website and demo environments are intended for business use and are not directed to children under 13. We do not knowingly collect personal information from children under 13.

Applicable privacy law

Cortonex Technologies Inc. is based in St. John's, Newfoundland and Labrador, Canada. Where applicable, we handle personal information in accordance with Canadian privacy law, including the Personal Information Protection and Electronic Documents Act (PIPEDA), and other privacy laws that apply to the relevant data, organization, or jurisdiction.

PIPEDA generally requires private-sector organizations to handle personal information for stated, reasonable purposes, with appropriate consent where required, safeguards, limits on retention and disclosure, and access/correction rights for individuals.

Third-party links and services

The website and demo environments may contain links to websites, platforms, infrastructure, models, or services not operated by Cortonex. We are not responsible for the content, privacy policies, security, or practices of third-party websites or services.

Updates to this policy

We may update this Privacy Policy from time to time. Changes take effect when posted on this page. If a change materially affects how we handle information in an active client environment, we may provide additional notice where required by applicable law or agreement.

Contact

Questions, privacy requests, security concerns, or access/correction requests can be sent to contact@cortonex.com.