Summary

  • We don’t sell or rent personal data. Ever.
  • Client datasets (e.g., tick archives) are processed only under contract and never reused to train general models without your permission.
  • We sign an NDA on request (often before any transfer) and work in isolated environments.
  • We use only essential cookies by default; no third-party advertising trackers.
  • GDPR-friendly: access, correction, deletion, restriction, portability, and objection rights.

Who we are

cortex spectra (the “Company”, “we”, “us”) operates this website and provides data/AI services.

For website data, we act as controller. For client datasets provided for services (e.g., Tick QC, Bar Generator), we typically act as a processor on your instructions.

Contact: use the contact form and select “Privacy” as subject.

What this policy covers

This policy explains what we collect via the website and during pre-contract communication, how we use it, and your rights. Processing of client datasets under a services agreement is governed by that agreement (and any DPA/NDA) and follows the principles below.

Data we collect

Category Examples Purpose Legal basis*
Website diagnostics IP address, user-agent, timestamps, pages visited (server logs) Security, reliability, abuse prevention Legitimate interests
Contact & business comms Name, email, company, message content Respond to inquiries, pre-contract steps Contract / legitimate interests
Client datasets (services) Tick archives, metadata, schemas required for processing Provide contracted services (QC, bars, reports) Contract (processor role)
Billing (if applicable) Invoice details, transaction references Accounting and compliance Legal obligation
Cookies Essential cookies (e.g., session/anti-forgery) Website operation and security Legitimate interests

*Under GDPR/UK GDPR where applicable.

How we use data

  • Deliver and support our services (QC, bar generation, reports, tooling).
  • Secure our systems and prevent abuse.
  • Communicate about quotes, scope, and support.
  • Meet legal, tax, and accounting obligations.

Retention

  • Server logs: typically short-lived (e.g., ≤30 days) unless needed for security investigations.
  • Business communication: retained as required for contracts and support.
  • Client datasets: kept only for the project; by default deleted within an agreed window after delivery (unless contract requires longer).
  • Invoices/finance: retained per legal obligations.

Sharing & international transfers

  • No data sales and no advertising brokers.
  • We may use vetted providers (hosting, email, build/test). Each is bound by contract and, where relevant, a DPA.
  • We disclose information if required by law or to protect rights and safety.
  • If data moves outside your jurisdiction, we rely on appropriate safeguards (e.g., SCCs) where required.
For client datasets we act on your documented instructions and sign an NDA/DPA when requested.

Security

We apply layered security appropriate to the data and risk, including encryption in transit, access controls, isolated environments for client datasets, and least-privilege credentials. No system is perfectly secure, but we design for auditability and reproducibility.

If you suspect an issue, contact us immediately via the security channel.

Your rights

Depending on your location (e.g., EU/EEA/UK), you may have the right to access, correct, delete, restrict, or object to processing, and to data portability. Where consent is used, you can withdraw it at any time.

Submit a request via the contact form. We will verify your identity and respond within the applicable timeframe.

Cookies & tracking

We use essential cookies to operate the site (e.g., session and anti-forgery). We do not use third-party advertising cookies.

CookiePurposeTypeTypical duration
.AspNetCore.Antiforgery.*Request forgery protectionEssentialSession
.AspNetCore.SessionMaintain session stateEssentialSession

You can control cookies in your browser. Blocking essential cookies may break forms or login areas.

Children’s privacy

Our site and services are not directed to children under the age of 16, and we do not knowingly collect their personal information.

Changes to this policy

We may update this policy to reflect changes in law or our practices. We will post the updated version here and adjust the effective date below.

Effective date

28 Aug 2025

Contact us Make a data request