Cortex Automations LogoCortex Automations

Legal

Privacy Policy

Last updated: May 2026

1. Overview and Scope

Cortex Automations operates the website at cortexautomations.ai and the Cortex Command Center application, which includes a client portal used by our clients. This Privacy Policy explains what information we collect across both, how we use it, how it is protected, and the choices you have. It applies to visitors to our website and to clients and their authorized users of the Cortex Command Center application.

2. Information We Collect

Website visitors and inquiries

When you submit an inquiry through our contact form, we collect your name, work email address, company name, phone number (optional), service interest, and project details. We do not collect information beyond what you voluntarily provide through the form.

Cortex Command Center application and client portal

When you are a client of Cortex Automations and use the Cortex Command Center application, we collect and maintain:

  • account and contact details for you and your authorized users;
  • business information relating to your engagement;
  • invoices, billing records, and payment history;
  • records of proposals, agreements, and other documents you review and sign through the portal, including signature timestamps and related metadata;
  • project, milestone, and engagement information;
  • files and materials uploaded to or generated within the application;
  • communications sent through or about the application.

3. How We Use Your Information

We use the information we collect to:

  • respond to inquiries and scope prospective engagements;
  • create client accounts and operate the application and client portal;
  • prepare, send, and collect invoices and process payments;
  • manage projects, proposals, and agreements;
  • obtain and record electronic signatures on documents;
  • communicate with you about active engagements;
  • meet our legal, tax, and accounting obligations and protect our legal rights.

We do not sell or rent personal data, we do not share it for advertising, and we do not use it for marketing without your explicit consent.

4. Payments

Payments made through the client portal are processed by Stripe, our payment processor. Card details are entered directly with Stripe and are handled under the security standards Stripe maintains; we do not receive or store full card numbers. We retain payment records — such as amount, date, status, and the last four digits of the card — for billing, accounting, and tax purposes.

5. Third-Party Services and Subprocessors

We rely on the following service providers to operate our website and application. Each processes data only as needed to provide its service and under its own privacy terms:

  • Vercel — website and application hosting
  • Neon — managed database hosting for application data
  • Cloudflare — file and document storage and related infrastructure
  • Stripe — payment processing
  • Resend — transactional and notification email
  • Cal.com — discovery-call scheduling
  • Vercel Analytics — privacy-friendly, cookie-free website analytics

We also integrate with QuickBooks Online; that integration is described in the next section. We encourage you to review the privacy policies of these providers independently.

6. QuickBooks Online Integration

Cortex Automations operates an internal business-management application, Cortex Command Center, which we use to run our own client engagements, invoicing, and accounting. This application connects to QuickBooks Online through the official Intuit API so that our financial records stay consistent between the two systems.

Through this integration we read and write the following records within our own QuickBooks Online company: invoices, customers, products and services, income accounts, and payments. We connect only our own QuickBooks Online company. We do not access, request, or store QuickBooks data belonging to our clients or to any other party.

QuickBooks data and the credentials used to access it are handled as follows:

  • All communication with Intuit takes place over encrypted HTTPS connections.
  • OAuth access and refresh tokens issued by Intuit are stored encrypted at rest and are never exposed to any third party.
  • QuickBooks data is used solely for bookkeeping and payment reconciliation. It is never sold, rented, or shared.
  • The QuickBooks connection can be revoked at any time, which removes the stored Intuit credentials.

7. Data Storage, Security, and Retention

All data is transmitted over encrypted HTTPS connections and stored on infrastructure operated by the providers listed above. Access to application data is restricted to authorized Cortex Automations personnel, and sensitive credentials, such as integration access tokens, are encrypted at rest.

Inquiry and lead data submitted through the website contact form is retained for up to 24 months unless an active client relationship exists. Client, billing, project, and signed-document records are retained for the duration of the engagement and for as long afterward as required to meet legal, tax, and accounting obligations, after which they are deleted or anonymized.

8. Cookies

This website does not use tracking cookies or analytics beyond what is necessary for core functionality. Vercel may set cookies for performance and security purposes as part of their hosting infrastructure. The Cortex Command Center application uses a session cookie that is strictly necessary to keep signed-in users authenticated.

9. Your Rights and Choices

You have the right to:

  • request access to the personal data we hold about you;
  • request correction or deletion of that data;
  • withdraw consent for any processing that is based on consent, at any time.

Where deletion would conflict with a legal, tax, or accounting obligation, we will retain only the minimum data required and delete the rest. California residents have the right to know what personal information we collect, to request its deletion, and not to be discriminated against for exercising these rights; as stated above, we do not sell personal information. To exercise any of these rights, contact us at hello@cortexautomations.ai.

10. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected individuals and, where applicable, the relevant authorities, without undue delay and as required by applicable law.

11. Children’s Privacy

Our website and application are intended for businesses and are not directed to children. We do not knowingly collect personal information from anyone under the age of 18. If we learn that we have collected such information, we will delete it.

12. Changes to This Policy

We may update this policy as our services evolve. Material changes will be reflected by updating the “last updated” date at the top of this page. Continued use of our website or application following any changes constitutes acceptance of the updated policy.

13. Contact

For any privacy-related questions, please reach out to us at hello@cortexautomations.ai.