Privacy Policy

Effective Date 05/21/2026

 

Cortaxiom (“we,” “our,” or “us”) respects your privacy and is committed to protecting the information you share with us. This Privacy Policy explains how we collect, use, and protect information when you visit our website or interact with our services.

​

Information We Collect

​

We may collect the following types of information:

​

• Information you provide directly, such as your name, email address, business details, and any information submitted through contact forms, onboarding forms, or demos.

• Usage and interaction data, such as pages visited, time spent on the site, and general interaction patterns.

• Technical information, including browsing type, device information, and IP address, collected through standard analytics tools.

​

We do not intentionally collect sensitive personal information unless you choose to provide it.

​

Browser Extension Data (If you Install the Extension)

If you install and use a Cortaxiom browser extension, we may collect and process additional information necessary to provide extension functionality. Depending on how you use the extension and the third-party services you may or may nor connect to your Services, this may include:

• Extension interaction data (e.g., button clicks, feature usage, confirmation actions, and settings preferences);

• Technical and operational metadata related to extension requests (e.g., timestamps, request volume, error indicators, and token/usage metrics), consistent with the "Operational and System Metadata" section below;

• Page Content that you explicitly submit or expose through the extension interface (for example, selected text, visible web text, or other content you choose to include in your request or expose the Cortaxiom Extension and Extension Interface to by visiting said Page Content while it is active. 

• We do not intentionally collect sensitive personal information unless you choose to provide it, and web pages may contain sensitive or confidential information. You are responsible for reviewing and redacting Page Content before submission or exposing the Browser Extension and Extension Interface.

​

Browser Extension Consent and User Controls

The Cortaxiom Browser Extension operates only with your explicit consent and provides comprehensive user controls to ensure transparency and privacy but this may be different or not available for your browser and Cortaxiom makes no guarantee that the functions, options, abilities, or described visibility will be made available to you. Cortaxiom aims to offer these Extension Consent and User Controls but we cannot control third-party providers and their performance, available controls, or privacy practices. By using the extension you except this risk to your privacy and should not use Cortaxiom's Browser Extension or Services if you do not accept this risk.

• First-Run Consent:

​When you First install the Extension, you will be presented with a consent prompt or presented with links to Cortaxiom's Privacy Policy, Terms of Service, and the Browser Extension End User License Agreement (EULA​​) that explains:

1. ​What data the Extension will access (current page URL, visible content when you invoke it etc.)

2. What the Extension will do (provide contextual assistance, suggest actions etc.)

3. What data will be sent to Cortaxiom (page context you explixicitly submit or expose to the extension, your queries, etc.)

4. How to pause, disable, or uninstall the Extension

You must either click " I understand and Agree," "Install," or "Activate" depending on your browser. (Only do this after you have read all Terms, Policies, and Agreements).

• Per-Site Authorization:

You control which websites and domains the Extension is active on:

1. By default, the Extension is active only on your organization's own domains and sites you explicitly authorize.

2. You must explicitly authorize the Extension for third-party sites (e.g., vendor portals, partner platforms).

3. The Extension displays a visible indicator (e.g., icon badge, page corner indicator) when active on a page.

4. You can view and modify authorized sites at any time through the Extension settings.

• Pause and Disable Controls:

You may pause or disable the Extension at any time:

1. **Pause:** Temporarily disable the Extension without uninstalling via browser toolbar icon click, keyboard shortcut, or Extension settings panel. Paused state persists across browser sessions until you re-enable.

2. **Disable for Specific Sites:** Configure the Extension to never activate on certain sites or site patterns (e.g., "never activate on *.bank.com"). 

3. **Uninstall:** Completely remove the Extension through your browser's extension management interface.

• Sensitive Site Auto-Pause:

The Extension respects a blocklist of sensitive site categories (financial institutions, healthcare providers, legal services, etc.) and will automatically pause when you navigate to these sites. If you navigate to a sensitive site, the Extension displays: "Extension is paused on this page for your privacy. Click to activate if needed."

You may override the auto-pause for specific sites if you choose, but Cortaxiom recommends maintaining the default protection for sensitive environments.

• Persistent Visibility:

The Extension provides clear, always-accessible indication of its activation status. You can see at a glance whether the Extension is active, paused, or disabled on the current page. Extension settings are accessible via one click from your browser toolbar.

​​

Operational and System Metadata.​

When you interact with Cortaxiom services, we may collect and process operational and technical metadata necessary to operate, secure, and maintain the Services. This information may include, without limitations:

​

• System and execution metadata (such as timestamps, request duration, response status codes, and error indicators);

• Request volume, rate, and burst patterns;

• Message size, token counts, or similar usage metrics (excluding message content by default, unless expressly enabled by the Customer under an applicable subscription or agreement);

• Session identifiers generated by the system (hashed or otherwise pseudonymous);

• Subscription tier, enabled feature, and usage against defined service limits;

• Indicators of anomalous, abusive, or high-risk activity generated by automated or manual safe-guards.

​

This information is used for operational integrity, security, performance optimization, abuse prevention, and compliance with applicable agreements and obligations. 

​​

Data Logging, Monitoring, and Retention

​

Cortaxiom may collect and retain limited interaction data, system metadata, and usage information in order to operate, secure, and improve the Services. This may include timestamps, request volume, feature usage, error diagnostics, and portions of user interactions necessary for debugging, abuse prevention, performance monitoring, and compliance purposes.

​

Cortaxiom retains such data only for as long as reasonably necessary to fulfill these purposes, unless a longer retention period is required by law or for legitimate business needs such as dispute resolution or enforcement of our Terms of Service.

​

Retention and Logging of Extension-Submitted Content

​

By default, Cortaxiom does not persistently log or retain full Page Content submitted through the Browser Extension as message content. Standard operation excludes message content from persistent logs. In limited circumstances, content may be logged only where explicitly enabled by the Customer under an applicable subscription or other agreement, or where necessary to fulfill a specific support, diagnostic, audit, or contractual obligation agreed to in writing, consistent with the "AI Systems and Data Use" and "Data Logging, Monitoring, and Retention" sections of this Policy. 

​

How We Use Information

​

Information collected is used to:

​

• Provide and improve our services

• Respond to inquiries and requests

• Support onboarding and system configuration

• Communication about updates or relevant offerings

• Maintain security and operational integrity

​

We do not sell personal information

​

Information collected through operational logging may be used to:

​

• Maintain service availability, reliability, and performance across all users;

• Enforce subscription tier limits, fair-use policies, and usage boundaries;

• Detect, prevent, and respond to misuse, abuse, or attempts to bypass safeguards;

• Trigger automated or manual throttling, restriction, or suspension where necessary to protect the Service, Cortaxiom, Customers, or third parties;

• Support capacity planning, incident response, and system diagnostics.​

​

Such measures are designed to protect the integrity and stability of the service and are applied using a combination of automated systems and human review, as appropriate.

​

Artificial Intelligence and Automated Processing

​

Cortaxiom provides services that incorporate artificial intelligence technologies, including large third-party large language models and related automated processing systems. When users interact with AI-powered features of the Services, the content they submit (including prompts, messages, and related inputs) is processed in order to generate responses and operate platform functionality. 

​

These AI-powered features operate through a combination of Cortaxiom's own systems and third-party AI model providers. User inputs may be transmitted to such providers solely for the purpose of generating outputs, enforcing safety controls, maintaining system reliability, and improving service quality.

​

Third-Party AI Service Providers

​

Cortaxiom utilizes third-party service providers to perform AI processing on its behalf. These providers process user inputs only as instructed by Cortaxiom and subject to contractual obligations regarding confidentiality, security, and data protection.

​

Cortaxiom does not permit third-party AI providers to use Customer Content for their own independent purposes outside of delivering the Services, except as required to comply with applicable law.

​

Web Search and Third-Party Search Providers

​

Certain features of the Services may include a Web Search Capability that allows the AI system to query third-party search infrastructure to retrieve publicly available information from the internet in real time. This capability is designed to enhance the usefulness and currency of responses by supplementing the AI system's existing knowledge with current, publicly available information.​

​

How Web Search Works:

​

When you interact with the Services, the AI system may determine that your question, prompt, or input would benefit from current information available on the public internet. In such cases, the AI system may automatically generate one or more search queries derived from your input and transmit those queries to a third-party Search Provider. The Search Provider returns results that the AI system then uses to inform its response to you.

​

What Data Is Transmitted to Search Providers:

​

When the Web Search Capability is used, the following data may be transmitted to third-party Search Providers:

Search queries generated by the AI system based on your inputs, prompts, conversation context, or derived intent. These queries may contain words, phrases, or concepts drawn from or closely related to what you submitted to the Services. Technical metadata necessary to execute the search request, such as request identifiers, timestamps, and configuration parameters (e.g., geographic region hints or domain filters applied by Cortaxiom). Search queries transmitted to Search Providers do not include your account identifiers, session tokens, authentication credentials, subscription information, or other personally identifying account data managed by Cortaxiom. However, the content of your inputs, to the extent it is reflected in the derived search query, may contain information that you have chosen to include in your interaction with the Services.

​

Separate Privacy Terms for Search Providers:

​

Data transmitted to Search Providers is processed under the Search Provider's own terms of use and privacy policies, which may differ materially from Cortaxiom's Privacy Policy and from any data protection agreements applicable to Cortaxiom's AI model processing. Specifically, the Microsoft Data Protection Addendum and similar data protection frameworks applicable to Cortaxiom's AI model processing infrastructure do not apply to data transmitted to Search Providers for the purpose of Web Search. Data sent to Search Providers may be processed outside of your compliance boundary and geographic region, and may be subject to the Search Provider's own data retention, use, and sharing practices. Cortaxiom does not control and is not responsible for the privacy practices, data handling, data retention, or security measures of third-party Search Providers. Your use of the Services with the Web Search Capability enabled constitutes acknowledgment that portions of your inputs may be transmitted to and processed by Search Providers under terms separate from this Privacy Policy.

​

What Data Cortaxiom Retains from Web Searches:

​

Cortaxiom does not persistently store the content of search results retrieved through the Web Search Capability. Search-Sourced Content exists only for the duration of the conversation session in which it was retrieved and is not written to persistent storage by Cortaxiom. Cortaxiom may retain operational metadata related to Web Search usage (such as timestamps, request volume, error indicators, and feature usage metrics) consistent with the "Operational and System Metadata" and "Data Logging, Monitoring, and Retention" sections of this Policy. This metadata does not include the content of search results or the full text of search queries.

​

Your Responsibilities:

​

You are responsible for the content of your inputs to the Services, including any information that may be reflected in search queries derived from those inputs. You should not include sensitive personal information, confidential business data, or regulated content in inputs where you do not want that information to be potentially transmitted to a third-party Search Provider. You are responsible for independently verifying any information presented in responses that may incorporate Search-Sourced Content. Cortaxiom does not review, verify, or endorse the accuracy, completeness, legality, or appropriateness of content retrieved from third-party search results.

​

Opting Out:

​

If you do not wish for your interactions with the Services to trigger Web Searches, you may contact Cortaxiom to inquire about available configuration options. Availability of opt-out or restriction options may vary by Tier, deployment configuration, and Service version.

​​

Browser Extension and Page Content Processing

​

If you use the Browser Extension to submit Page Content for AI-powered processing, that Page Content is treated as user input to the Services. The content you submit may include information visible on webpages you visit, including information that could be sensitive, confidential, or personal depending on the page.

Context Boundaries and Data Minimization:

• The Extension is designed to minimize data collection and respect context boundaries to the best of Cortaxiom's ability to do so:

  • Page Context Capture:

    • The Extension captures only visible page content (not full DOM, not background tabs).

    • Capture occurs only when you invoke Cortaxiom (e.g., click the Extension icon, use a keyboard shortcut, or the Extension proactively surfaces a suggestion based on page context).

    • Captured context is not stored persistently by Cortaxiom; it exists only for the duration of your conversation session.

  • Cross-Site Context Isolation:

    • Cortaxiom does not intentionally blend context from multiple sites without your explicit request.

    • If you are on Site A and ask about Site B, Cortaxiom may reference prior context from Site B if you reference it in your query.

    • The Extension does not perform automatic cross-site correlation or profiling.

  • No Persistent Browsing History:

    • The Extension does not build or store a persistent log of sites you visit.

    • Session-level context (e.g., "You were just on Page X, now on Page Y") may be used to maintain conversation continuity within a session.

    • Session context is cleared when your browser closes or when you click "Clear Session" in the Extension settings if you Browser Extension model offers this function.

• User Control and Responsibility:

  • You control what is submitted and exposed to the Services by choosing:

    • Whether to proceed with Extension functionality on a given page

    • What text to include in your request

    • What Page Content is visited while the Extension is active

    • What is input into the Extension Interface

​

Cortaxiom may utilize specific third-party providers (including third-party AI model providers) to perform AI processing on submitted Page Content. These providers act as processors and are subject to contractual obligations regarding confidentiality, security, and data protection. User inputs are transmitted to such providers only for the limited purpose of generating requested outputs and operating the Services, consistent with this Policy.

​

You are responsible for reviewing and redacting Page Content before submission or exposing it to the Extension Interface. Web pages may contain sensitive or confidential information, and you should not submit or expose sensitive or regulated content through AI-powered features unless explicitly permitted under an applicable written agreement with Cortaxiom.

​

Cortaxiom may present an in-product warning or confirmation prompt before transmitting Page Content to AI processing services, including Third-Party AI Providers. This warning is intended to help you recognize that webpage content may contain sensitive information. If you cancel, Cortaxiom will not transmit the information. If you proceed, you are directing Cortaxiom to process the submitted content for the requested purpose. If you proceed, you are agreeing to not hold Cortaxiom liable for any loss of privacy or exposure of potentially sensitive, confidential, or personal information due to the transmission of information you have exposed to the Browser Extension or Cortaxiom Services.

​

If you use the Browser Extension and the Web Search Capability is enabled, page context, visible text, or other content you submit or expose through the Extension Interface may inform search queries transmitted to third-party Search Providers. The data handling and privacy terms described in the "Web Search and Third-Party Search Providers" section of this Policy apply to any Web Searches initiated in connection with your use of the Browser Extension. You are responsible for reviewing Page Content before interacting with the Extension Interface, as described elsewhere in this Policy, and you should be aware that information derived from Page Content may be reflected in search queries sent to Search Providers.

​

Third-Party System Integrations (Premium/Elite)

​

If you subscribe to Premium or Elite service tiers, Cortaxiom may provide integrations with customer-authorized third-party systems including:

• Point-of-Sale (POS) platforms

• Inventory management systems

• Operations and workflow platforms as configured by you ​

​​

Data Access and Processing:

These integrations operate through documented, customer-authorized APIs. Cortaxiom accesses third-party systems only as directed by your explicit requests and only to the extent necessary to fulfill those requests.

​

When you use these integrations, Cortaxiom may:

• Read data from third-party systems (e.g., transaction history, inventory levels, customer records) to respond to your queries or generate reports.

• Write data to third-party systems (e.g., update inventory counts, add customer notes, create follow-up tasks) only after you explicitly confirm the action.

• Retrieve operational metadata (timestamps, request status, error indicators) necessary to operate and secure the integration.

​

Cortaxiom does NOT (but reserves the right to change this at any time with notice to its users):

• Process payments, capture payment credentials, or initiate financial transactions through POS integrations.

• Store API keys, passwords, tokens, or authentication secrets in conversation logs. Integration credentials are managed through secure admin configuration outside the conversational layer.

• Broker or sell data between integrated systems. Data flows only as directed by your explicit request within your authorized session.

• Perform bulk exports, full database dumps, or exploratory queries unless you explicitly request and confirm such actions.

​

Data Retention:

Data retrieved from third-party systems is not intentionally stored persistently by Cortaxiom beyond the session cache required for conversation continuity. Once your session ends or you close the browser, this data will be attempted to be cleared.

​

In limited circumstances, operational metadata related to third-party system interactions (e.g., timestamps, request volume, error indicators) may be retained for as long as reasonably necessary to operate, secure, and improve the Services, consistent with the "Data Logging, Monitoring, and Retention" section of this Policy.

​

Third-Party Responsibilities:

Cortaxiom is not responsible for the privacy practices, security, availability, or data handling of third-party systems. Your use of third-party system integrations is also subject to the privacy policies and terms of those third-party providers. 

​

You are responsible for ensuring you have the necessary permissions and authorizations to connect Cortaxiom to your third-party systems and to share data between them.

​​

AI Systems and Data Use

​

The Services may use automated processing to generate informational outputs and assist users. Cortaxiom does not use AI-generated outputs as the sole basis for decisions that produce legal or similarly significant effects on individuals.

​

Interactions with AI demonstrations or systems may be logged for quality, safety, and improvement purposes. These interactions are not used to identify individuals unless explicitly provided by the user.

​

AI systems are designed to operate with defined boundaries and are not intended to replace professional, legal, or medical advice.

​

By default, Cortaxiom does not log or retain the full content of messages processed by its AI systems. Standard operation excludes message content from persistent logs.

​

In limited circumstances, message content may be logged only when explicitly enabled by the Customer, such as within designated enterprise or Elite service tiers, or where required to fulfill a specific support, diagnostic, audit, or contractual obligation agreed to in writing.

​

Where message content logging is enabled:

• It is opt-in and tier-restricted;

• It is limited to the scope and duration necessary for the stated purpose;

• It is subject to enhanced access controls and retention limits.​​

​

Cortaxiom does not log partial message snippets by default and does not use message content for advertising, profiling, or cross-customer analysis.

​​

Information Sharing

​

We may share information with trusted services providers who support website operations, communications, analytics, and infrastructure. These providers are permitted to use information only as necessary to perform services on our behalf.

​

We may disclose information if required by law or to protect our rights, safety, or property.

​

Cortaxiom uses trusted infrastructure and cloud service providers to operate and secure the Services, including providers for application hosting, content delivery, logging, and storage. These providers act as data processors and are permitted to process information solely to perform services on our behalf and in accordance with our instructions.

​

Cortaxiom does not permit infrastructure providers to use logged information for their own purposes, and does not sell or disclose log data to third parties for advertising or marketing.

​

Data Security

​

We implement reasonable administrative, technical, and organizational measures to protect information against unauthorized access, disclosure, or misuse. No system can guarantee absolute security, and use of the site is at your own risk.

​

Operational logs are logically segregated by Customer and protected through scoped credentials and access controls. Customers do not have access to logs belonging to other Customers.

​

Access to logged information by Cortaxiom personnel is limited to authorized roles and permitted only where necessary for service operation, support, security, or compliance purposes.

​

User Warning / Consent Gate

​

Cortaxiom may or may not present an in-product warning or confirmation prompt before transmitting Page Content to AI processing services, including Third-Party AI Providers. This warning is intended to help users recognize that webpage content may contain sensitive information and that the user should review or redact content before submission or exposing the Browser Extension and Extension Interface. If a user cancels, Cortaxiom, within its scope of control, will attempt to not transmit the information but is subject to third-party AI and the industry standard for AI accuracy which is uncontrolled by Cortaxiom. If the user proceeds, the user is directing Cortaxiom to process the submitted content for the requested purpose.

​

Clarification as a Privacy Feature:

Cortaxiom may ask clarifying questions before staging any action (such as email composition, ticket creation, or system integration) to ensure your intent is accurately understood. This clarification behavior is a privacy and safety feature designed to prevent unintended data transmission or action execution. When Cortaxiom asks for clarification, it is confirming that it has understood your request correctly and has all necessary information before proceeding.

​

Clarification prompts do not transmit data; they are conversational safeguards that Cortaxiom has built in to help keep you in control and reduce the risk of miscommunication or premature action staging.

​

International Data Transfers

​

Cortaxiom operates globally and may process and store information in jurisdictions different from the user’s place of residence. This includes transmitting data to service providers located in other countries for the purpose of delivering AI-powered functionality and maintaining system infrastructure.

​

Where required by applicable law, Cortaxiom implements appropriate safeguards to protect personal information transferred internationally.

​

Third-Party Services

​

Our Website may include links to third-party services or tools. We are not responsible for the privacy practices of external websites.

​

Children's Privacy

​

Cortaxiom services are not directed or intended to/for those under the age of 18, and we do not knowingly collect personal information from children.

​

Your Choices

​

You may contact us to request access, correction, or deletion or personal information you have provided, subject to applicable legal and operational limitations.

​

Operational log retention varies by service tier and configuration. Logs are retained only for as long as reasonably necessary to fulfill the purposes described in the Policy, subject to applicable terms, agreements, and legal obligations.

​

Customers on eligible service tiers may request modified retention periods or deletion of certain logged data, subject to technical feasibility, contractual terms, and legal requirements.

​

User Responsibilities

​

Users are responsible for ensuring that they have the right to submit any content they provide to the Services and for avoiding the submission of sensitive personal information unless expressly permitted. Users should not submit confidential, regulated, or highly sensitive data through AI-powered features unless explicitly authorized by Cortaxiom. 

​

This includes content submitted through any Browser Extension: users should not submit confidential, regulated, or highly sensitive Page Content through AI-powered features unless explicitly authorized by Cortaxiom under applicable terms or agreements.

​

Client-Managed Logging (Enterprise / Elite Services)

​

Certain enterprise or Elite services may support Customer-managed logging and storage configurations. In such cases, log ownership and long-term retention are controlled by the Customer, and Cortaxiom's access is limited to what is required to deliver the Services and as permitted by the applicable agreement.

​

Policy Updates

​

This Privacy Policy may be updated from time to time. Changes will be reflected on this page with an updated effective date.

​

Contact Us

​

If you have questions about this Privacy Policy or our data practices, contact us at support@cortaxiom.com.

​

​