Privacy Policy

1. Scope

This Privacy Policy describes how we collect, use, disclose, and protect personal data when you use CortexTree, including account creation, skill tree editing, collaboration, billing, and AI-enabled features.

2. Data We Collect

• Account data: email address, account identifiers, and authentication data from Supabase Auth.
• Profile data: membership tier, language preference, and AI quota counters.
• Content data: trees, nodes, edges, descriptions, folders, and other content you create.
• Collaboration data: invitations, member roles, chat messages, board posts/comments, and activity notifications.
• Billing data: Stripe customer IDs, subscription status, and payment transaction metadata.
• Technical/security data: IP address, user agent, and rate-limit telemetry used for abuse prevention and admin audit logging.
• Cookie data: preference cookie (for language) and session cookies required for authentication.

3. How We Use Data

• Provide and secure your account and workspace.
• Enable tree creation, sharing, and collaboration features.
• Process subscriptions and one-time purchases through Stripe.
• Process your prompts/documents through our AI provider to generate tree outputs.
• Enforce usage limits, detect abuse, and maintain service integrity.
• Improve product quality using aggregated/de-identified usage data.

4. AI and Document Processing

If you use AI features, your input (including document text that you upload for import) is sent to our AI processing provider to generate outputs. Do not upload highly sensitive information unless your use case requires it.

5. Sharing and Processors

We use service providers to operate CortexTree, including Supabase (authentication/database), Stripe (payments), and OpenAI (AI generation). These providers process data on our behalf under their own terms and data processing commitments.

6. Retention and Deletion

We delete personal data from active systems when no longer needed for service delivery or when you request deletion, except where retention is required by law, fraud prevention, tax/accounting obligations, or security logging requirements.

7. Your Rights

Depending on your location, you may have rights to access, correct, delete, export, or restrict processing of your personal data, and to object to certain processing. You may submit requests at [PRIVACY_CONTACT_EMAIL].

8. Children

CortexTree is not intended for children under 13. If you believe a child has provided personal data, contact us so we can take appropriate action.

9. International Transfers

Your data may be processed in countries other than where you live. When required, we apply safeguards for international data transfers.

10. Contact

Privacy requests and questions: [PRIVACY_CONTACT_EMAIL]
Mailing address: [REGISTERED_ADDRESS]