Privacy Policy
We minimize data collection, never sell personal data, and process client datasets in isolated environments.
Summary
- We don’t sell or rent personal data. Ever.
- Client datasets (e.g., tick archives) are processed only under contract and never reused to train general models without your permission.
- We sign an NDA on request (often before any transfer) and work in isolated environments.
- We use only essential cookies by default; no third-party advertising trackers.
- GDPR-friendly: access, correction, deletion, restriction, portability, and objection rights.
Who we are
cortex spectra (the “Company”, “we”, “us”) operates this website and provides data/AI services.
For website data, we act as controller. For client datasets provided for services (e.g., Tick QC, Bar Generator), we typically act as a processor on your instructions.
Contact: use the contact form and select “Privacy” as subject.
What this policy covers
This policy explains what we collect via the website and during pre-contract communication, how we use it, and your rights. Processing of client datasets under a services agreement is governed by that agreement (and any DPA/NDA) and follows the principles below.
Data we collect
| Category | Examples | Purpose | Legal basis* |
|---|---|---|---|
| Website diagnostics | IP address, user-agent, timestamps, pages visited (server logs) | Security, reliability, abuse prevention | Legitimate interests |
| Contact & business comms | Name, email, company, message content | Respond to inquiries, pre-contract steps | Contract / legitimate interests |
| Client datasets (services) | Tick archives, metadata, schemas required for processing | Provide contracted services (QC, bars, reports) | Contract (processor role) |
| Billing (if applicable) | Invoice details, transaction references | Accounting and compliance | Legal obligation |
| Cookies | Essential cookies (e.g., session/anti-forgery) | Website operation and security | Legitimate interests |
*Under GDPR/UK GDPR where applicable.
How we use data
- Deliver and support our services (QC, bar generation, reports, tooling).
- Secure our systems and prevent abuse.
- Communicate about quotes, scope, and support.
- Meet legal, tax, and accounting obligations.
Retention
- Server logs: typically short-lived (e.g., ≤30 days) unless needed for security investigations.
- Business communication: retained as required for contracts and support.
- Client datasets: kept only for the project; by default deleted within an agreed window after delivery (unless contract requires longer).
- Invoices/finance: retained per legal obligations.
Security
We apply layered security appropriate to the data and risk, including encryption in transit, access controls, isolated environments for client datasets, and least-privilege credentials. No system is perfectly secure, but we design for auditability and reproducibility.
If you suspect an issue, contact us immediately via the security channel.
Your rights
Depending on your location (e.g., EU/EEA/UK), you may have the right to access, correct, delete, restrict, or object to processing, and to data portability. Where consent is used, you can withdraw it at any time.
Submit a request via the contact form. We will verify your identity and respond within the applicable timeframe.
Children’s privacy
Our site and services are not directed to children under the age of 16, and we do not knowingly collect their personal information.
Changes to this policy
We may update this policy to reflect changes in law or our practices. We will post the updated version here and adjust the effective date below.
Effective date
28 Aug 2025
Contact us Make a data request