Privacy Policy
At CortexEDR, we are committed to protecting your privacy and ensuring the security of your data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered cybersecurity platform.
Table of Contents
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email address, company information, and billing details when you create an account
- Repository Data: GitHub repository URLs and access tokens you provide for scanning
- Communication: Messages, feedback, and support requests you send to us
- Profile Information: Professional information and preferences you choose to share
1.2 Information We Collect Automatically
- Usage Data: How you interact with our platform, features used, and scan configurations
- Device Information: IP address, browser type, operating system, and device identifiers
- Log Data: System logs, error reports, and performance metrics
- Cookies and Tracking: Information collected through cookies and similar technologies
1.3 Source Code and Security Data
⚠️ Critical Security Notice
We do NOT store your source code. During security scans, we temporarily analyze your code in ephemeral environments. All source code is processed in memory only and is permanently deleted after analysis completion.
- We extract security-relevant metadata only (vulnerability patterns, dependency information)
- Source code is never persisted to disk or databases
- Analysis results are encrypted and stored securely
- You retain full ownership of your source code at all times
2. How We Use Your Information
Primary Purposes
- •Provide, maintain, and improve our security scanning services
- •Process payments and manage your account
- •Send you important service updates and notifications
- •Provide customer support and technical assistance
Secondary Purposes
- •Analyze usage patterns to improve our platform
- •Develop new features and security capabilities
- •Ensure platform security and prevent abuse
- •Comply with legal obligations
3. Information Sharing and Disclosure
We Do NOT Sell Your Data
CortexEDR does not sell, trade, or rent your personal information to third parties for marketing purposes. We only share information as described in this policy and as required by law.
Permitted Disclosures
- •Service Providers: Trusted third-party services that help us operate (payment processors, cloud infrastructure)
- •Legal Requirements: When required by law, court order, or to protect our rights and safety
- •Business Transfers: In connection with a merger, acquisition, or sale of assets
- •Consent: With your explicit consent for specific purposes
4. Data Security
Technical Safeguards
- • AES-256 encryption for data at rest
- • TLS 1.3 encryption for data in transit
- • SOC 2 Type II compliant infrastructure
- • Regular security audits and penetration testing
- • Multi-factor authentication for all accounts
Administrative Safeguards
- • Strict access controls and role-based permissions
- • Regular security training for all employees
- • Incident response procedures and breach notification
- • Regular backup and disaster recovery testing
- • Third-party security assessments
5. Data Retention
We retain your information only as long as necessary to provide our services and comply with legal obligations.
Account Data
Retained until account deletion, then permanently removed within 30 days
Scan Results
Retained for the duration of your subscription plus 90 days grace period
Billing Information
Retained for 7 years to comply with tax and accounting regulations
Log Data
Anonymized and aggregated after 90 days, retained for analytics purposes
6. International Data Transfers
CortexEDR operates globally and may transfer your data to countries other than your own. We ensure appropriate safeguards are in place.
Legal Frameworks
- • Standard Contractual Clauses (SCCs)
- • Adequacy decisions by relevant authorities
- • Binding Corporate Rules (BCRs)
- • Certification schemes and codes of conduct
Data Processing Locations
- • Primary: United States (SOC 2 compliant)
- • Backup: European Union (GDPR compliant)
- • CDN: Global edge locations (encrypted)
7. Your Rights and Choices
Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information:
GDPR (EU Users)
- • Right to access your data
- • Right to rectification
- • Right to erasure ("right to be forgotten")
- • Right to data portability
- • Right to object to processing
- • Right to restrict processing
CCPA (California Users)
- • Right to know what data we collect
- • Right to delete personal information
- • Right to opt-out of data sales
- • Right to non-discrimination
How to Exercise Your Rights
To exercise any of these rights, please contact us using the information provided in the Contact Us section below. We will respond to your request within 30 days and may require verification of your identity.
9. Third-Party Services
We integrate with various third-party services to provide our platform. These services have their own privacy policies.
Infrastructure Providers
- • Amazon Web Services (hosting and data processing)
- • Stripe (payment processing)
- • GitHub (repository access)
- • SendGrid (email communications)
Analytics & Security
- • Google Analytics (usage analytics)
- • Sentry (error monitoring)
- • Cloudflare (CDN and security)
- • NextAuth (authentication)
10. Children's Privacy
CortexEDR is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly. If you are a parent or guardian and you believe your child has provided us with personal information, please contact us immediately.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on this page and updating the "Last Updated" date.
Notification of Changes
- • Major changes will be communicated via email
- • Continued use of our services constitutes acceptance of updated policy
- • Previous versions will be archived and available upon request
12. Contact Us
If you have any questions about this Privacy Policy or our privacy practices, please contact us:
Legal & Privacy Team
📧 legal@cortex-edr.com
📧 privacy@cortex-edr.com
📍 Lahore, Pakistan
Response Times
• General inquiries: 24-48 hours
• Privacy rights requests: 30 days
• Security incidents: Immediate
• Business hours: UTC+5 (Pakistan Time)
Data Protection Officer: Hamza Hafeez Bhatti - Founder & CEO
Certification: SOC 2 Type II Compliant | GDPR Ready | CCPA Compliant