Legal

Privacy Policy

Last updated: May 21, 2026

Kortecx ("Kortecx," "we," "us," or "our") is a product of Executable Intelligence. This Privacy Policy explains how we collect, use, retain, share, and protect personal and operational information in connection with the Kortecx AI Operating System and the related services (the "Services") — whether you install Kortecx OS locally on your own machine or use one of our hosted engines. It is written for an enterprise audience and reflects the obligations we accept under applicable data-protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), the Brazilian LGPD, and analogous regimes.

1. Scope & Definitions

This Policy applies to information we process about (a) website visitors and waitlist applicants, (b) end users of the Services, and (c) authorized representatives of organizations that contract with us. Where Kortecx processes Customer Content on behalf of a customer (acting as a processor under GDPR or a service provider under CCPA/CPRA), the customer's own privacy notice and our Data Processing Addendum (DPA) govern that processing.

  • "Kortecx OS" — the proprietary distributed agentic runtime, including the execution kernel, scheduler, agent runtime, and policy layer, distributed by Kortecx.
  • "Local Install" — Kortecx OS installed on hardware you own and operate.
  • "Hosted Engine" — an instance of Kortecx OS provisioned and operated by Kortecx, accessed through your browser.
  • "Customer Content" — the prompts, files, tool outputs, execution traces, and other content you submit to or generate through the Services.
  • "Outputs" — the results returned to you by the OS, including text, code, media, and agent actions.
  • "Customer Models" — third-party or open-source models you elect to install and run inside Kortecx OS.

2. Information We Collect

We collect the following categories of information:

  • Account information: name, work email, organization, role, license keys, and authentication credentials issued through our identity provider.
  • Customer Content: the prompts, files, tool outputs, agent actions, and execution traces you process through the Services.
  • Operational telemetry: feature interactions, request metadata, inference volumes, error events, and performance metrics. For Local Installs, only the minimum telemetry needed to operate licensing, deliver updates, and ensure security is sent to Kortecx; richer telemetry is opt-in and described in product documentation.
  • Billing data: subscription tier, seat counts, metered inference usage, invoices, and payment-instrument metadata processed by our payment provider.
  • Device and log data: IP address, user agent, device identifiers, language, time-zone, and security event logs.
  • Communications: messages you send us through support, sales, security disclosure, or social channels.

3. How We Use Information

We process information to provide, secure, license, bill, support, and improve the Services; to operate the policy and safety layer of the OS; to deliver updates to Local Installs; to communicate with you about the Services and the Kortecx roadmap; to meet legal, tax, audit, and regulatory obligations; and to detect, investigate, and prevent fraud, abuse, and security incidents.

5. Sharing & Sub-Processors

We share information only as needed to operate the Services and only with parties bound by contractual confidentiality and data-protection obligations equivalent to our own:

  • Sub-processors: infrastructure, identity, analytics, billing, and support providers operating under data-processing agreements. A current list is maintained on request and through our DPA. We will give customers notice of material changes to the sub-processor list as set out in the DPA.
  • Affiliates: Executable Intelligence and its corporate affiliates, under the same protections described here.
  • Legal and regulatory: where required by law, court order, or to protect rights, safety, or property. We resist overbroad requests and notify customers where legally permitted.
  • Business transactions: in the context of a merger, acquisition, or asset transfer, subject to confidentiality and continued application of this Policy or its equivalent.

We do not sell personal information and do not share it for cross-context behavioral advertising as those terms are defined under CCPA/CPRA. Customer Content sent to Customer Models (third-party or open-source models you install inside Kortecx OS) is governed by the terms of those models and their providers; Kortecx does not control how those providers process data sent to them.

6. AI Training & Model Improvement

We do not train Kortecx models on Customer Content by default. Customer Content is processed only to deliver the Services, generate the requested Outputs, secure the platform, and satisfy audit, licensing, and billing obligations. Where a customer elects, by written agreement, to contribute content to a future model release, the scope, retention, and revocation terms are governed by that agreement and recorded in the audit trail. Customer Content processed exclusively on a Local Install never reaches our training infrastructure.

7. Automated Decision-Making

Kortecx OS may execute automated reasoning, task graphs, and agent actions on your behalf. These executions are not used by Kortecx to make decisions with legal or similarly significant effects on you. Where the OS performs work that may have such effects in your downstream use (for example, in hiring, credit, healthcare, or legal contexts), you are responsible for the human-review, transparency, and contestability obligations that apply to you under GDPR Article 22, the EU AI Act, and similar frameworks.

8. Data Security

We maintain administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit and at rest, role-based access controls, secrets management, hardware-backed key isolation where supported, sub-processor due diligence, vulnerability management, security event logging, and a documented incident-response process. The Kortecx OS policy layer enforces gating, sandboxing, and prohibition of destructive or unauthorized actions across all runtime modes. We will notify affected customers and regulators of a personal-data breach within the timeframes required by applicable law.

9. Data Retention & Deletion

We retain information for as long as needed to provide the Services and to meet legal, accounting, tax, licensing, and security obligations. Customer Content on Hosted Engines is retained according to the retention period configured by your organization, after which it is deleted from production systems and removed from backups in accordance with our backup-rotation schedule. Customer Content stored locally on a Local Install remains on your hardware and is governed by your own retention controls. Aggregated and de-identified data may be retained without time limit where it cannot be reasonably linked to an identifiable individual. You may request deletion of personal information as described in Section 10.

10. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, port, delete, restrict, or object to certain processing of your personal information; to withdraw consent where processing is based on consent; and to lodge a complaint with your local supervisory authority. California residents have the right to know, delete, correct, and limit the use of sensitive personal information, and to opt out of any sale or sharing, although Kortecx does not sell or share personal information. Residents of Brazil, the UK, and other jurisdictions have equivalent rights under their local laws. To exercise a right, contact privacy@kortecx.com. We respond within the timeframes required by applicable law and may ask you to verify your identity before responding.

11. International Data Transfers

Where personal information is transferred across borders, we rely on lawful transfer mechanisms — including the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent instruments — and implement supplementary measures where required. Details of specific transfer mechanisms used for your data are available through our DPA.

12. Data Residency

Hosted Engines are operated from regional infrastructure designated for your subscription. Enterprise customers may select a primary region for Customer Content storage and inference; details are set out in your order form and DPA. Local Installs run entirely on hardware you control and are therefore naturally subject to the data-residency rules of your environment.

13. Cookies & Tracking

We use a minimal set of strictly necessary cookies to provide authentication, session continuity, and security. We do not use advertising cookies or cross-site tracking. Where analytics cookies are used, they are limited to first-party, privacy-respecting measurement and are subject to applicable consent requirements. You can manage cookie preferences through your browser settings.

14. Children's Privacy

The Services are not directed to individuals under 18 (under 16 in the EU/EEA and UK) and we do not knowingly collect personal information from children. If we learn that we have collected such information, we will delete it promptly. Parents or guardians who believe a child has provided personal information to us should contact privacy@kortecx.com.

15. Changes to This Policy

We may update this Policy from time to time. Material changes will be highlighted on this page and, where appropriate, communicated through the Services or directly to customers. The "Last updated" date at the top of this page reflects the most recent revision.

16. Contact Us

Questions about this Policy, our processing practices, or to exercise a right under applicable data-protection law: privacy@kortecx.com. For security disclosures: security@kortecx.com. For Data Processing Addendum requests: dpa@kortecx.com.

Terms of Use Back to home