Privacy Policy

Last updated: August 9, 2025

This Privacy Policy explains how techbase ("we", "us"), the company behind Cortexium, collects and uses personal data when you visit cortexium.io, use app.cortexium.io, or interact with our services.

Controller. techbase (CVR: 21663948), Gråspurvevej 15, 3. 2., 2400 Copenhagen NV, Denmark. Contact: privacy@cortexium.io.
Data Protection Contact. Email: privacy@cortexium.io. We have not appointed a Data Protection Officer.

1) What we collect

  • Account & Profile. Name, email, organization, role, authentication identifiers.
  • Usage & Diagnostics. Device/browser info, IP, timestamps, log data, performance metrics, feature interactions.
  • Customer Content. Data you submit in the Service (e.g., prompts, files, messages, configurations). For this data, we generally act as processor for your organization.
  • Support & Communications. Help requests and related information.
  • Marketing. Email addresses and preferences for newsletters/product updates (with consent where required).
  • Billing. Plan, invoices and limited payment metadata; we do not store full card numbers.

2) Purposes & Legal Bases (GDPR)

  • Provide and secure the Service (Art. 6(1)(b)).
  • Improve features and performance; prevent abuse (Art. 6(1)(f) legitimate interests).
  • Communicate changes, security and service notices (Art. 6(1)(b)).
  • Market with consent where required (Art. 6(1)(a)).
  • Comply with law and enforce Terms (Art. 6(1)(c)/(f)).

3) Sharing & Recipients

We share personal data with trusted processors under written agreements (hosting, email, support, payments). A current list appears on our Subprocessors page. We may disclose information to comply with law, protect rights, or in connection with a merger/acquisition. We do not sell personal data.

4) International Transfers

If personal data is transferred outside the EEA/UK (e.g., to the United States for certain providers), we rely on appropriate safeguards such as Standard Contractual Clauses and/or the EU‑US Data Privacy Framework, and additional measures where necessary.

5) Retention

We keep personal data as long as needed for the purposes above and to comply with legal obligations. Typical periods: account data for the life of the account plus a short backup period; billing records per statutory requirements; support tickets for operational needs.

6) Security

We implement appropriate technical and organizational measures to protect personal data (see Security Overview and DPA Annex II).

7) Cookies & Tracking

We do not set or use non-essential cookies on the public site (cortexium.io). We also do not use third‑party analytics or advertising cookies on the site.

App usage. If/when you use the authenticated app (app.cortexium.io), we may use strictly necessary mechanisms (e.g., session tokens) to keep you signed in and secure. These are essential to the service and are not used for tracking or marketing.

8) Your Rights

Depending on your location, you may have rights to access, rectify, erase, restrict or object, port, and withdraw consent. Contact privacy@cortexium.io.

Supervisory authority (Denmark): Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, Denmark; dt@datatilsynet.dk; +45 33 19 32 00.

9) Children

The Service is not directed to children under 13.

10) Your Organization’s Responsibility

If you use the Service on behalf of an organization, that organization is the controller for Customer Content.

11) Automated Decision‑Making

We do not perform solely automated decisions with legal or similarly significant effects.

12) Changes

We may update this Policy; for material changes we may notify you by email or in‑app.