Privacy Policy

Last updated: March 8, 2026

1. Introduction

Cortex ("we", "us", "our") is a task management platform for teams. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application at cortexapp.org and any associated services.

2. Information We Collect

2.1 Account Information

When you sign up via Auth0, we receive and store your name, email address, and profile picture. We do not store your password — authentication is handled entirely by Auth0.

2.2 Organization & Task Data

We store data you create within the platform including organization names, task descriptions, designer profiles, task attachments (images/files), and activity logs. This data is scoped to your organization and is not shared with other organizations.

2.3 Third-Party Integrations

  • Google Calendar: If you connect Google Calendar, we requestread-only access (calendar.readonly) to display your calendar events alongside tasks. We store OAuth tokens securely to maintain the connection. We never modify, create, or delete your Google Calendar events.
  • Discord: If you enable Discord notifications, we send task notifications to your configured Discord channels via a bot. We store Discord channel IDs and message references for reaction-based status updates.
  • Slack: If you connect Slack, we use OAuth to obtain a bot token scoped to your workspace. We send task notifications to selected channels and listen for emoji reactions to update task statuses.
  • OpenAI: Our AI-powered performance analytics feature sends team member names, task metrics (completion counts, turnaround times, ratings), and manager feedback notes to OpenAI's API to generate automated performance reviews and insights. OpenAI does not use API data for model training under their current data usage policy.

3. How We Use Your Information

  • To operate and maintain the Cortex platform
  • To authenticate your identity and manage your session
  • To send task notifications via your chosen channels (Discord, Slack, or email)
  • To display Google Calendar events alongside your tasks (if connected)
  • To generate AI-powered performance analytics and bi-weekly reviews for team members
  • To send invitation emails when you invite team members
  • To improve the platform and fix bugs

4. Data Storage & Security

Your data is stored in MongoDB Atlas with encryption at rest. All API communications are encrypted via HTTPS/TLS. Session tokens are encrypted using AES-256-GCM. We implement rate limiting, input validation, CORS restrictions, and role-based access control to protect your data.

5. Data Sharing

We do not sell, trade, or share your personal data with third parties for marketing purposes. Your data is only shared with the third-party services you explicitly connect (Auth0 for authentication, Google for calendar integration, Discord/Slack for notifications, Resend for emails) and with OpenAI for AI-powered performance analytics.

6. Data Retention & Deletion

Your data is retained as long as your account is active. You can disconnect third-party integrations at any time from the Settings page, which revokes stored tokens. AI-generated performance reviews are retained while the team member is active in the organization and are automatically deleted when a member is removed. To request complete account deletion, contact us at the email below.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Disconnect any third-party integration at any time
  • Revoke Google Calendar access via your Google Account settings

8. Cookies

We use a single essential cookie (auth_session) to maintain your authenticated session. This cookie is HttpOnly, Secure, and SameSite=Lax. We do not use tracking cookies or analytics cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this page.

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email: hello@cortexapp.org