Legal Page

Privacy Policy

Last updated: January 10, 2026

Kortex AI values your privacy. This policy explains what data we collect, why we collect it, how we use it, and what rights you have. We keep things simple and honest.

1. Who This Policy Applies To

This policy applies to three groups of people:

Merchants

Businesses that use Kortex AI to power their customer service and sales automation.

End customers

The customers of those merchants who interact with AI agents via WhatsApp.

Website visitors

Anyone who visits our website.

When processing end customer data on behalf of merchants, Kortex AI acts as a data processor. Merchants are responsible for ensuring their customers are informed about how their data is used.

2. What Data We Collect

From merchants

  • Name, email address, and business details when you create an account
  • Billing information processed securely by our payment provider
  • Integration credentials for ecommerce platforms you connect
  • Configuration settings, AI prompts, and product catalog data

From end customers (via merchant stores)

  • Phone number and WhatsApp display name
  • Message content sent to and from the AI agent
  • Order information (name, email, phone, address, items) from connected ecommerce platforms. Used only to answer customer queries.

From website visitors

  • No visitor tracking, analytics, cookies, or third-party services.

3. How We Use Your Data

We use data only to provide and improve our service:

  • To operate AI agents that respond to customer messages on behalf of merchants
  • To retrieve order and product information to answer customer questions accurately
  • To send automated WhatsApp messages such as order updates and follow-ups
  • To manage merchant accounts, billing, and platform access
  • To monitor platform performance and fix issues

We do not use your data for advertising, we do not sell it, and we do not share it beyond what is described in this policy.

4. Who We Share Data With

We share data only with providers strictly necessary to deliver our service. All providers are bound by data processing agreements.

AI providers

AI providers (which may include Google, OpenAI, Anthropic, and others) process customer messages to generate AI responses. These providers do not use your data to train their models.

Meta / WhatsApp Business API

The messaging infrastructure used to send and receive WhatsApp messages.

Ecommerce platform integrations

We connect to your store to read order and product data on your behalf.

Infrastructure providers

Our databases and hosting providers store your data securely with encryption at rest and in transit.

Courier integrations

We query shipment tracking using order numbers. No personal data is stored in connection with these queries.

5. Data Retention

Conversation history

Active context retained for 7 days to maintain conversation continuity, then cleared automatically. Full message history is retained for the duration of the merchant's active subscription and permanently deleted within 30 days of account termination. Retention is based on contractual necessity under GDPR Article 6(1)(b).

Order data

Order information received from connected ecommerce platforms is retained for the duration of the active subscription solely to power AI agent responses. It is permanently deleted within 30 days of account termination. Retention is based on contractual necessity under GDPR Article 6(1)(b).

Merchant account data

Account and billing information is retained for the duration of the subscription plus 5 years following termination. This retention period is required by Romanian accounting law (Legea contabilității nr. 82/1991) and Romanian fiscal regulations, which mandate that financial and invoicing records be kept for a minimum of 5 years. This is the only category of data we are legally required to retain beyond the end of your subscription.

6. Data Security

All data stored in our systems is encrypted at rest. All data in transit is protected by TLS encryption (HTTPS). Access to production data is limited to authorized personnel only.

No system is 100% secure. In the event of a data breach affecting your personal data, we will notify you and the relevant authorities within 72 hours as required by GDPR.

7. Your Rights

Under GDPR you have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request that we correct inaccurate data
  • Deletion — Request that we delete your data
  • Portability — Request your data in a machine-readable format
  • Objection — Object to how we process your data
  • Restriction — Request that we limit processing of your data

To exercise any of these rights, email office@kortexhub.com. We respond within 30 days.

8. Cookies

Our public website does not use cookies or track visitors in any way. The Kortex AI dashboard uses essential cookies only — required for login sessions and platform security. No advertising or analytics cookies are used.

9. Changes to This Policy

When we make material changes to this policy, we will notify merchants by email at least 14 days before they take effect. The latest version is always available on this page.

10. Contact

Questions about this policy or requests to exercise your rights: office@kortexhub.com. We aim to respond within 72 hours.

logo

©2026 KortexHub.

All rights reserved.

office@kortexhub.com

Meta Business Partner