Privacy Policy

Last updated: March 9, 2026

1. Introduction

MindCortex ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered personal knowledge management service ("Service"). By using the Service, you agree to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, and authentication credentials when you create an account
  • Content: Notes, documents, files, and other materials you upload or create
  • Emails: Emails you forward to your Mind Cortex inbox address
  • Meeting Recordings and Transcripts: Audio recordings you upload for transcription, and the resulting AI-generated transcripts and summaries
  • AI Conversation History: Messages and responses from your interactions with our AI assistant
  • Subscription and Billing Information: Payment method details, subscription plan, and transaction history processed through our billing providers
  • Communications: Messages you send to our support team

2.2 Information Generated by the Service

As part of delivering our AI-powered features, we generate and store derived data to improve your experience. This includes AI-generated indexes, summaries, and insights based on your content. All derived data is stored in your private database space and is subject to the same protections as your original content.

2.3 Information Collected Automatically

  • Usage Data: How you interact with our service, features used, and time spent
  • Device Information: Browser type, operating system, and device identifiers
  • Log Data: IP address, access times, and pages viewed

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process and organize your content using AI-powered features, including search, categorization, and knowledge retrieval
  • Transcribe and summarize meeting recordings
  • Send you technical notices, updates, and support messages
  • Respond to your comments and questions
  • Protect against fraudulent or illegal activity

4. AI Processing and Your Data

MindCortex uses artificial intelligence to help you organize, search, and interact with your knowledge. AI-powered features process your content through third-party AI providers such as:

  • OpenAI — AI-powered responses, content analysis, and semantic indexing
  • AssemblyAI — Meeting transcription and speaker identification

Here's how we handle your data:

  • Your content is not used to train AI models. We maintain contractual agreements with our AI providers that prohibit the use of your data to train or improve their models. Your content remains yours.
  • Transient processing. Content sent to AI providers is processed transiently to deliver results and is not retained by the provider beyond what is necessary to complete the request.
  • Derived data is stored securely. AI-generated indexes and insights are stored in your private database space, isolated from other users by row-level security policies.

For a complete list of sub-processors and their data handling practices, see our Data Processing Agreement.

5. Legal Basis for Processing (EEA/UK)

If you are located in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases:

  • Contract Performance: Processing necessary to provide the Service you have signed up for, including AI-powered features, content storage, and meeting transcription.
  • Consent: Where you have given explicit consent, such as opting in to analytics or enabling optional features.
  • Legitimate Interest: Processing necessary for our legitimate interests, such as improving service security and preventing fraud, where those interests are not overridden by your rights.
  • Legal Obligation: Processing necessary to comply with applicable laws.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in these circumstances:

  • Service Providers: With third-party vendors who assist in providing our services, including:
    • Supabase — Database hosting, authentication, and file storage
    • Vercel — Application hosting and content delivery
    • Resend — Email delivery
    • RevenueCat / Stripe — Subscription billing and payment processing
    • PostHog — Privacy-respecting analytics (opt-in only, with your explicit consent)
    • Sentry — Error monitoring and application performance
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize sharing

A complete and current list of sub-processors is maintained in our Data Processing Agreement.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS 1.2+) and at rest (AES-256), row-level security for data isolation, secure authentication with support for passkeys (FIDO2), and regular security monitoring. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You can request deletion of your data at any time. Upon account deletion, we will remove your personal information within 30 days, except where retention is required by law.

  • In-App Deletion: You may delete your account directly from the Settings page within the application.
  • Grace Period: When you initiate account deletion, there is a 7-day grace period during which the deletion can be cancelled.
  • Team Content: If you are a member of a team, shared content is retained for 90 days after team dissolution to allow recovery, after which it is permanently deleted.

9. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate data
  • Delete your data
  • Export your data in a portable, machine-readable format
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent

To exercise any of these rights, use the in-app settings or contact us at [email protected]. We will respond within 30 days (or 45 days for California residents, as required by law).

10. Cookies and Analytics

We use cookies and similar technologies to maintain your session and improve our service.

10.1 Essential Cookies

Essential cookies are required for the application to function properly. These include authentication cookies and session management. These cookies cannot be disabled.

10.2 Analytics (Opt-In)

We use PostHog for privacy-respecting analytics to understand how you use Mind Cortex and improve your experience. Analytics cookies are only set after you explicitly consent through our cookie consent banner.

What we collect with your consent:

  • Page views and feature usage
  • Session duration
  • Device type and browser
  • Subscription and plan information

What we DON'T collect:

  • Your notes, items, or meeting content
  • Personal information beyond what's needed for the service
  • Data from users who decline analytics

Your data is never sold. You can change your cookie preferences at any time using the "Cookie Settings" link in the footer.

11. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will delete it promptly.

12. International Data Transfers

Your information may be transferred to and processed in the United States, where our service providers are located. For transfers from the EEA, UK, or Switzerland, we rely on appropriate safeguards including Standard Contractual Clauses and data processing agreements with our service providers. For details, see our Data Processing Agreement.

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you over the past 12 months.
  • Right to Delete: You may request that we delete your personal information, subject to certain legal exceptions.
  • Right to Opt-Out of Sale: We do not sell your personal information to third parties.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
  • Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
  • Right to Limit Use of Sensitive Information: You may request that we limit the use and disclosure of your sensitive personal information.

To exercise any of these rights, please contact us at [email protected]. We will verify your identity before processing your request and respond within 45 days as required by law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For material changes that affect how we process your data, we will provide notice through the Service or by email. Your continued use of the service after any changes indicates your acceptance of the updated policy.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

← Back to Home