Legal

Privacy Policy

Cortext is local-first. This policy explains what stays on your Mac, what reaches Cortext's online services, and what may be sent to services you choose to connect.

Last updated: June 19, 2026

1. Local workspace data

Your Markdown files, workspace database, settings, histories, and imported assets are stored on your Mac or in folders you control. Cortext's license service does not receive a copy of your workspace.

When you ask an AI model to work with your content, the local app may send the prompt, selected context, and content read by the agent to the model provider or compatible endpoint you selected. That provider handles the request under its own privacy terms.

When you capture a web page or PDF, Cortext may request the source directly or send its URL to an extraction service such as r.jina.ai or defuddle.md, depending on the source. Those services receive the URL and the information needed to return the extracted content.

2. Information Cortext receives

Cortext receives only the information needed to sell, activate, support, and protect the product.

  • Purchase and license data: email address, activation code, locale, and Stripe session or payment identifiers.
  • Device activation data: a generated device identifier, device name, and activation time.
  • Crash diagnostics: when crash reporting is enabled, the app may send the license email or device identifier, activation code, app version and build, error message, and a sanitized tail of recent runtime logs.
  • Email operations: recipient, delivery status, provider message identifier, errors, and delivery events for license and recovery emails.
  • Website download data: when you click the public macOS download link, Cortext records IP address, Cloudflare country, browser language, and server time.
  • First-launch data: when the app first opens, Cortext records a per-install identifier, preferred language, macOS version, IP address, Cloudflare country, and server time.
  • Service security data: request metadata such as IP address may be processed by Cloudflare and used for rate limiting and abuse prevention.

3. Website analytics

Cortext does not run advertising trackers or page-level product analytics on cortext.app. The only first-party website metric currently stored is the macOS download click described above.

4. How information is used

  • Complete purchases and deliver activation codes.
  • Activate, verify, and release licensed devices.
  • Recover licenses and provide customer support.
  • Measure macOS download and first-open demand.
  • Diagnose crashes when reporting is enabled.
  • Prevent fraud, spam, and abuse of public endpoints.
  • Meet legal obligations and enforce the Terms of Service.

5. Service providers

Cortext uses Cloudflare for hosting and database infrastructure, Stripe for payment processing, and Resend for transactional email. Cortext does not receive or store your full payment-card details.

AI providers, compatible endpoints, and source-extraction services process requests under their own terms. AI providers and compatible endpoints are selected and configured by you. Cortext does not control these providers' data retention, model training, or account policies.

6. Retention and deletion

License and device records are kept to provide the perpetual license, device management, recovery, and support. The current service does not apply an automatic deletion schedule to license, email-delivery, download-click, first-launch, or crash-report records. Security throttle records are pruned operationally.

You may request access, correction, or deletion by emailing hello@cortext.app. Some records may need to be retained for payment, fraud-prevention, legal, or license-verification purposes.

7. Sharing

Cortext does not sell or rent personal information. Information is disclosed only to the service providers described above, when required by law, or when reasonably necessary to protect users, Cortext, or the service.

8. Security

Cortext limits the information sent to its online services and uses access controls, signed entitlements, request throttling, and transport security. No method of storage or transmission is completely secure.

9. Your choices

  • Disable crash reporting in Cortext Settings.
  • Remove activated devices from the license-management page.
  • Choose which AI provider or compatible endpoint receives model requests.
  • Contact hello@cortext.app about your personal information.

10. Changes and contact

This policy may change as Cortext evolves. Material updates will be published on this page with a revised date.

Questions or privacy requests can be sent to hello@cortext.app.