Privacy Policy

This Privacy Policy describes how KortexMail ("we," "us," or "our") collects, uses, and protects information about you when you use our services at https://kortexmail.com (the "Services"). If you have any questions or concerns, please contact us at contact@kortexmail.com.

Please read this policy carefully. If you disagree with any terms, please discontinue use of our Services.

1. What Information Do We Collect?

Personal Information You Provide

We collect personal information that you voluntarily provide when you register, use our Services, or contact us. This includes:

• Names and contact information (email addresses, phone numbers, mailing addresses)
• Account credentials (usernames, passwords, authentication data)
• Billing information (processed by Paddle — we do not store card numbers directly)
• Job titles and professional information
• AI agent preferences and behavioral settings

Sensitive Personal Information

In the course of providing the Services, the following sensitive data may be encountered or processed:

• Financial data (via payment processor Paddle)
• Account login information and authentication credentials
• Contents of email or text messages (processed by our AI agent on your behalf, end-to-end encrypted)

We process sensitive information only as necessary to provide the Services, and we never sell it.

Automatically Collected Information

When you use the Services, we automatically collect certain usage and device data, including:

• Log and usage data (access times, features used, error logs)
• Device data (browser type, operating system, device identifiers)
• AI inference data (aggregated, anonymized patterns used to improve the service)

We do not collect precise location data.

2. How Do We Process Your Information?

We process your information to:

• Deliver, operate, and improve our AI-driven email automation Services
• Manage your account and authenticate you
• Process subscription payments via Paddle
• Respond to your inquiries and provide customer support
• Send administrative communications (policy updates, security alerts)
• Monitor service usage trends and enforce usage quotas
• Train and improve AI models that personalize your email experience based on your behavior and preferences
• Protect the security and integrity of the Services
• Comply with legal obligations

We do not use your data for targeted advertising or sell it to third parties.

3. AI Data Processing & Encryption

KortexMail is built on end-to-end encryption. This means:

• All email content processed by our AI agent is end-to-end encrypted
• Even KortexMail staff cannot read the content of your emails
• Only the AI system itself can access this data to perform the service on your behalf
• AI-learned preferences and behavioral memory are stored in encrypted form

You retain full control over your AI data. You may delete all AI-learned preferences and behavioral memory at any time through your account settings, or by simply instructing the AI agent directly to forget your preferences.

4. Beta Program & AI Model Training

What We Collect During Beta

If you participate in our Beta Program, you agree that KortexMail may collect and use certain anonymized usage data to train, refine, and improve our AI models and application features. This includes:

• Interaction patterns and feature usage statistics
• AI decision feedback (e.g., whether you approved or rejected an AI-drafted action)
• Token usage and performance metrics
• Aggregated behavioral data used to improve AI personalization

Our Commitments to You

We are firmly committed to protecting your privacy. We explicitly commit that:

• We will never sell your personal data or usage data to any third party
• We will never share your email content with third parties for commercial purposes
• We will never use your data for targeted advertising
• All data used for AI training is anonymized and cannot be traced back to individual users
• Your email content remains end-to-end encrypted and is never accessed by our team

You may opt out of Beta data collection at any time by contacting us at contact@kortexmail.com or by adjusting your settings in the app.

5. Legal Bases For Processing

We process your personal information based on the following legal grounds:

• Consent — where you have given us explicit permission to process your data
• Performance of Contract — to provide the Services you have signed up for
• Legitimate Interests — to operate, secure, and improve our Services
• Legal Obligation — where required to comply with applicable laws
• Vital Interests — in rare circumstances where necessary to protect someone's safety

6. When and With Whom Do We Share Your Information?

We do not sell your personal information. We may share data with trusted service providers in the following categories, solely to operate our Services:

• AI Platforms (Fireworks AI, OpenAI, Together.ai) — for AI processing; all data transmitted is encrypted
• Cloud Computing & Data Storage Services — for hosting and infrastructure
• User Authentication Services — for secure account login
• Payment Processors (Paddle) — for subscription billing. See Paddle's privacy policy at https://www.paddle.com/legal/privacy
• Performance Monitoring & Analytics — for aggregated, anonymized usage insights

All third-party providers are contractually required to protect your data and may only use it to provide services to us.

7. How Long Do We Keep Your Information?

We retain your personal information for as long as your account is active. When you delete your account, we will delete your personal data and AI-learned preferences in accordance with this policy. Certain anonymized or aggregated data may be retained longer for legal compliance or fraud prevention purposes.

8. How Do We Keep Your Information Safe?

We implement robust security measures to protect your data, including:

• End-to-end encryption on all email content
• Encrypted storage for all AI preferences and behavioral data
• Secure infrastructure provided by our hosting and AI platform providers
• Access controls limiting who can access service systems

While we take reasonable precautions, no electronic transmission or storage system is 100% secure. We encourage you to protect your account credentials and notify us immediately of any suspected unauthorized access.

9. Do We Collect Information From Minors?

We do not knowingly collect data from or market to children under 18 years of age. By using the Services, you confirm that you are at least 18 years old. If we become aware that we have collected data from a minor without appropriate consent, we will take steps to delete that information promptly.

10. What Are Your Privacy Rights?

Depending on your location, you may have the following rights regarding your personal data:

• Right to access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your personal data
• Right to portability — receive your data in a portable format
• Right to object — object to certain types of processing
• Right to withdraw consent — withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at contact@kortexmail.com or through your account settings. We will respond to all requests within the timeframe required by applicable law.

11. Controls For Do-Not-Track Features

We do not currently respond to Do-Not-Track (DNT) browser signals, as no uniform standard for DNT compliance has been adopted. We do not track users across third-party websites and do not engage in behavioral advertising.

12. US State Privacy Rights

If you are a resident of California, Colorado, Connecticut, Virginia, or another US state with applicable privacy legislation, you have specific rights regarding your personal data. These include the right to know what personal information is collected, the right to delete, and the right to opt out of sale (we do not sell data).

California Residents — CCPA

Under the California Consumer Privacy Act (CCPA), California residents have the right to:

• Know what categories of personal information we have collected about you
• Know whether we disclose or sell your personal information (we do not sell it)
• Request deletion of your personal information
• Non-discrimination for exercising your privacy rights

Categories of personal information collected in the past 12 months include: Identifiers, California Customer Records (billing and contact info), Internet/Network Activity (usage data), Inferences (AI-generated profile data), and Sensitive Personal Information (account login credentials, email message contents).

We do not sell personal information or use it for targeted advertising. To submit a privacy request, contact us at contact@kortexmail.com.

13. Other Regions — GDPR & International Transfers

European Economic Area (EEA) and United Kingdom

If you are located in the EEA or UK, you have rights under the General Data Protection Regulation (GDPR) or UK GDPR, including the rights listed in Section 10 above. Our legal bases for processing are outlined in Section 5.

International Data Transfers

Your information is stored and processed on servers located in the United States. If you access our Services from outside the US, your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) as approved by the European Commission as the legal mechanism for such transfers.

14. Do We Make Updates To This Policy?

We may update this Privacy Policy from time to time. The updated version will be indicated by the "Last updated" date at the top of this policy. We encourage you to review this policy periodically. Where required by law, we will notify you of material changes by email or through a notice on the Services.

15. How Can You Contact Us?

If you have questions or comments about this policy or wish to exercise your privacy rights, contact us at: