Legal docs

Privacy Policy

Last updated March 18, 2026

This Privacy Policy describes how KortexMail ("we," "us," or "our") collects, uses, and protects information about you when you use our services at https://kortexmail.com (the "Services"). If you have any questions or concerns, please contact us at contact@kortexmail.com.

Please read this policy carefully. If you disagree with any terms, please discontinue use of our Services.

1. What Information Do We Collect?

Personal Information You Provide

We collect personal information that you voluntarily provide when you register, use our Services, or contact us. This includes:

Names and contact information (email addresses, phone numbers, mailing addresses)
Account credentials (usernames, passwords, authentication data)
Billing information (processed by Paddle — we do not store card numbers directly)
Job titles and professional information
AI agent preferences and behavioral settings

Sensitive Personal Information

In the course of providing the Services, the following sensitive data may be encountered or processed:

Financial data (via payment processor Paddle)
Account login information and authentication credentials
Contents of email or text messages (processed by our AI agent on your behalf, end-to-end encrypted)

We process sensitive information only as necessary to provide the Services, and we never sell it.

Automatically Collected Information

When you use the Services, we automatically collect certain usage and device data, including:

Log and usage data (access times, features used, error logs)
Device data (browser type, operating system, device identifiers)
AI inference data (aggregated, anonymized patterns used to improve the service)

We do not collect precise location data.

2. How Do We Process Your Information?

We process your information to:

Deliver, operate, and improve our AI-driven email automation Services
Manage your account and authenticate you
Process subscription payments via Paddle
Respond to your inquiries and provide customer support
Send administrative communications (policy updates, security alerts)
Monitor service usage trends and enforce usage quotas
Train and improve AI models that personalize your email experience based on your behavior and preferences
Protect the security and integrity of the Services
Comply with legal obligations

We do not use your data for targeted advertising or sell it to third parties.

3. AI Data Processing & Encryption

KortexMail operates on a Zero-Access infrastructure. This means that while our AI models must transiently process your email data to provide summaries and prioritization, our systems are architected so that:

No Human Access: No Kortex Mail employee or contractor can access, read, or view the contents of your emails. Access is restricted to automated system processes strictly for the purpose of fulfilling your requests.
Transient AI Processing: Raw email content retrieved via Google APIs is processed in a secure, volatile memory environment. We do not store raw email bodies on our permanent servers; they are discarded immediately after the AI summary or action is completed.
Encrypted at Rest & In Transit: All data is protected using industry-standard AES-256 encryption at rest and TLS 1.2+ in transit.
Model Privacy: We do not use your private email content to train generalized, third-party AI models. Any learning or "behavioral memory" is siloed to your individual account and stored in an encrypted format accessible only to your personalized agent.

You retain full control over your AI data. You may delete all AI-learned preferences and behavioral memory at any time through your account settings, or by simply instructing the AI agent directly to forget your preferences.

4. Beta Program & AI Model Training

What We Collect During Beta

If you participate in our Beta Program, you agree that KortexMail may collect and use certain anonymized usage data to refine and improve your personalized experience and the KortexMail application features. We explicitly commit that no Google user data is used to train generalized, third-party AI models without explicit, additional consent. This includes:

Interaction patterns and feature usage statistics
AI decision feedback (e.g., whether you approved or rejected an AI-drafted action)
Token usage and performance metrics
Aggregated behavioral data used to improve AI personalization

Our Commitments to You

We are firmly committed to protecting your privacy. We explicitly commit that:

We will never sell your personal data or usage data to any third party
We will never share your email content with third parties for commercial purposes
We will never use your data for targeted advertising
All data used for AI training is anonymized and cannot be traced back to individual users
Your email content remains end-to-end encrypted and is never accessed by our team

You may opt out of Beta data collection at any time by contacting us at contact@kortexmail.com or by adjusting your settings in the app.

5. Legal Bases For Processing

We process your personal information based on the following legal grounds:

Consent — where you have given us explicit permission to process your data
Performance of Contract — to provide the Services you have signed up for
Legitimate Interests — to operate, secure, and improve our Services
Legal Obligation — where required to comply with applicable laws
Vital Interests — in rare circumstances where necessary to protect someone's safety

6. When and With Whom Do We Share Your Information?

We do not sell your personal information. We may share data with trusted service providers in the following categories, solely to operate our Services:

AI Platforms (Fireworks AI, OpenAI, Together.ai) — for AI processing; all data transmitted is encrypted
Cloud Computing & Data Storage Services — for hosting and infrastructure
User Authentication Services — for secure account login
Payment Processors (Paddle) — for subscription billing. See Paddle's privacy policy at https://www.paddle.com/legal/privacy
Performance Monitoring & Analytics — for aggregated, anonymized usage insights

All third-party providers are contractually required to protect your data and may only use it to provide services to us.

7. How Long Do We Keep Your Information?

We retain your personal information for as long as your account is active. When you delete your account, we will delete your personal data and AI-learned preferences in accordance with this policy. Certain anonymized or aggregated data may be retained longer for legal compliance or fraud prevention purposes.

KortexMail minimizes data retention; raw email bodies retrieved via Google APIs are cached only as long as necessary to generate AI summaries and are deleted from our primary application state once the session or processing is complete.

8. How Do We Keep Your Information Safe?

We implement robust security measures to protect your data, including:

End-to-end encryption on all email content
Encrypted storage for all AI preferences and behavioral data
Secure infrastructure provided by our hosting and AI platform providers
Access controls limiting who can access service systems

While we take reasonable precautions, no electronic transmission or storage system is 100% secure. We encourage you to protect your account credentials and notify us immediately of any suspected unauthorized access.

9. Do We Collect Information From Minors?

We do not knowingly collect data from or market to children under 18 years of age. By using the Services, you confirm that you are at least 18 years old. If we become aware that we have collected data from a minor without appropriate consent, we will take steps to delete that information promptly.

10. What Are Your Privacy Rights?

Depending on your location, you may have the following rights regarding your personal data:

Right to access — request a copy of the personal data we hold about you
Right to rectification — request correction of inaccurate data
Right to erasure — request deletion of your personal data
Right to portability — receive your data in a portable format
Right to object — object to certain types of processing
Right to withdraw consent — withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at contact@kortexmail.com or through your account settings. We will respond to all requests within the timeframe required by applicable law.

11. Controls For Do-Not-Track Features

We do not currently respond to Do-Not-Track (DNT) browser signals, as no uniform standard for DNT compliance has been adopted. We do not track users across third-party websites and do not engage in behavioral advertising.

12. US State Privacy Rights

If you are a resident of California, Colorado, Connecticut, Virginia, or another US state with applicable privacy legislation, you have specific rights regarding your personal data. These include the right to know what personal information is collected, the right to delete, and the right to opt out of sale (we do not sell data).

California Residents — CCPA

Under the California Consumer Privacy Act (CCPA), California residents have the right to:

Know what categories of personal information we have collected about you
Know whether we disclose or sell your personal information (we do not sell it)
Request deletion of your personal information
Non-discrimination for exercising your privacy rights

Categories of personal information collected in the past 12 months include: Identifiers, California Customer Records (billing and contact info), Internet/Network Activity (usage data), Inferences (AI-generated profile data), and Sensitive Personal Information (account login credentials, email message contents).

We do not sell personal information or use it for targeted advertising. To submit a privacy request, contact us at contact@kortexmail.com.

13. Other Regions — GDPR & International Transfers

European Economic Area (EEA) and United Kingdom

If you are located in the EEA or UK, you have rights under the General Data Protection Regulation (GDPR) or UK GDPR, including the rights listed in Section 10 above. Our legal bases for processing are outlined in Section 5.

International Data Transfers

Your information is stored and processed on servers located in the United States. If you access our Services from outside the US, your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) as approved by the European Commission as the legal mechanism for such transfers.

14. Do We Make Updates To This Policy?

We may update this Privacy Policy from time to time. The updated version will be indicated by the "Last updated" date at the top of this policy. We encourage you to review this policy periodically. Where required by law, we will notify you of material changes by email or through a notice on the Services.

15. Google API Disclosure & Limited Use

KortexMail's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we use Google user data to:

Read and Summarize: Accessing email bodies to provide AI-generated context and prioritization tiers.
Modify and Organize: Applying labels and archiving threads to maintain a clean inbox.
Draft and Send: Creating and delivering context-aware replies at the user's direction.

We do not use Google user data for serving advertisements, nor do we allow human employees to read your email content which is protected by end-to-end encryption.

16. How Can You Contact Us?

If you have questions or comments about this policy or wish to exercise your privacy rights, contact us at:

KortexMail
Email: contact@kortexmail.com