Privacy Policy

Last updated: February 11, 2025

1. Introduction

MindCortex ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered personal knowledge management service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, and password when you create an account
  • Content: Notes, documents, files, and other materials you upload or create
  • Meeting Recordings and Transcripts: Audio recordings you upload for transcription, and the resulting AI-generated transcripts and summaries
  • AI Conversation History: Messages and responses from your interactions with our AI assistant
  • Subscription and Billing Information: Payment method details, subscription plan, and transaction history processed through our billing providers
  • Communications: Messages you send to our support team

2.2 Information Collected Automatically

  • Usage Data: How you interact with our service, features used, and time spent
  • Device Information: Browser type, operating system, and device identifiers
  • Log Data: IP address, access times, and pages viewed

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process and organize your content using AI
  • Generate embeddings and enable semantic search of your content
  • Send you technical notices, updates, and support messages
  • Respond to your comments and questions
  • Protect against fraudulent or illegal activity

4. AI Processing and Your Data

MindCortex uses artificial intelligence to help organize and retrieve your knowledge. Your content is processed by the following third-party AI providers:

  • OpenAI — Chat responses, content categorization, vector embeddings, and text-to-speech
  • AssemblyAI — Meeting transcription, speaker diarization, and AI-powered summarization

Here's how we handle your data:

  • Your content is not used to train AI models. We use AI services to process your data, but your content remains yours and is not used to improve general AI models.
  • Embeddings are stored securely. We create vector embeddings of your content to enable semantic search, stored in your private database space.
  • AI processing is done on-demand. Your content is only processed when you use features that require AI assistance.

By using AI features, you consent to your content being processed by these providers. Your content is not used to train their models.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in these circumstances:

  • Service Providers: With third-party vendors who assist in providing our services, including:
    • Supabase — Database hosting, authentication, and file storage
    • Resend — Email delivery
    • RevenueCat / Stripe — Subscription billing and payment processing
    • PostHog — Privacy-respecting analytics (opt-in only, with your explicit consent)
    • Sentry — Error monitoring and application performance
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize sharing

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit and at rest, secure authentication, and regular security audits. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You can request deletion of your data at any time. Upon account deletion, we will remove your personal information within 30 days, except where retention is required by law.

  • In-App Deletion: You may delete your account directly from the Settings page within the application.
  • Grace Period: When you initiate account deletion, there is a 7-day grace period during which the deletion can be cancelled.
  • Team Content: If you are a member of a team, shared content (team items and resources) is retained for 90 days after team dissolution to allow recovery, after which it is permanently deleted.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent

9. Cookies and Analytics

We use cookies and similar technologies to maintain your session and improve our service.

9.1 Essential Cookies

Essential cookies are required for the application to function properly. These include authentication cookies and session management. These cookies cannot be disabled.

9.2 Analytics (Opt-In)

We use PostHog for privacy-respecting analytics to understand how you use Mind Cortex and improve your experience. Analytics cookies are only set after you explicitly consent through our cookie consent banner.

What we collect with your consent:

  • Page views and feature usage
  • Session duration
  • Device type and browser
  • Subscription and plan information

What we DON'T collect:

  • Your notes, items, or meeting content
  • Personal information beyond what's needed for the service
  • Data from users who decline analytics

Your data is never sold. You can change your cookie preferences at any time using the "Cookie Settings" link in the footer.

10. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you over the past 12 months.
  • Right to Delete: You may request that we delete your personal information, subject to certain legal exceptions.
  • Right to Opt-Out of Sale: We do not sell your personal information to third parties. We never have and never will.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
  • Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
  • Right to Limit Use of Sensitive Information: You may request that we limit the use and disclosure of your sensitive personal information.

To exercise any of these rights, please contact us at [email protected]. We will verify your identity before processing your request and respond within 45 days as required by law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the service after any changes indicates your acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

← Back to Home