Privacy Policy
Last updated June 15, 2025
CortexAuto ("we", "our", "us") respects your privacy.
This notice explains what data we collect, why we collect it, and what choices you have.
Key Definitions
- Personal Data: Information that identifies you or could be used to identify you
- Data Controller: CortexAuto UAB (Lithuania), which determines how and why your data is processed
- Data Processor: Third parties who process data on our behalf (e.g., email provider, analytics)
- Cookie: Small text files stored on your device to remember preferences and track usage
- Data Subject: You, as the individual whose personal data is being processed
- GDPR: General Data Protection Regulation, the EU law on data protection and privacy
- CCPA/CPRA: California Consumer Privacy Act/California Privacy Rights Act
1. What This Policy Covers
This Privacy Policy applies to:
- The CortexAuto website (cortexauto.com)
- The early-access waitlist
- Any related services, sales, marketing, or events
This policy does not apply to third-party websites, products, or services, even if they link to our services.
2. What We Collect
| Category | Examples | Lawful Basis* |
|---|---|---|
| Transactional Email | Email address for account verification and service updates | Legitimate Interest (Art 6 f) |
| Marketing Email | Email address for newsletters and waitlist updates | Consent (Art 6 a) |
| Device Data | IP address, browser type, operating system, pages visited, time spent | Legitimate Interest (Art 6 f) |
| Marketing Statistics | Email open rates, click rates, unsubscribe events | Consent (Art 6 a) |
| Interactions | Feedback, customer support inquiries, survey responses | Legitimate Interest (Art 6 f) |
*Legal bases under GDPR Art. 6(1)(a) & (f)
We do not knowingly collect data from anyone under 16. If we discover we have data from a minor, we will delete it immediately.
We collect some data automatically through cookies and similar technologies for analytics and site functionality. Details on specific cookies and their purposes are available in our Cookie Preferences center.
3. How We Use Your Data
- Communication: Send waitlist updates, product news, and marketing communications (with your consent). Every marketing email contains a one-click unsubscribe link.
- Site Improvement: Analyze usage patterns to enhance user experience and optimize website performance.
- Security: Detect, prevent, and address fraud, abuse, security incidents, and technical issues.
- Legal Compliance: Comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
We never sell personal data to third parties for marketing or advertising purposes.
Important Notice for California Residents (CCPA/CPRA): We do not sell personal information as defined by the CCPA/CPRA, nor do we share personal information for cross-context behavioral advertising. We do not use sensitive personal information for purposes other than those specified in Cal. Civ. Code § 1798.121.
5. Data Sharing & Processors
We share your data only with the following types of service providers:
- MailerLite – marketing automation / newsletter
- Postmark – transactional e-mail
- Plausible – anonymised analytics
- Vercel – hosting / CDN
- Meta Pixel & Google Ads Tag – marketing attribution (only when enabled)
All processors are contractually bound to process data solely on our behalf and as directed by us. We have executed GDPR-compliant Data Processing Agreements with each service provider, as required by Article 28 of the GDPR.
We may also disclose your personal data if required by law, in response to legal process, or to protect our rights, privacy, safety, or property.
6. International Data Transfers
Your data is primarily stored on servers in the European Union. For transfers to processors in the United States:
- For processors certified under the EU-US Data Privacy Framework (like Postmark), we rely on the European Commission's adequacy decision.
- For other transfers, we implement appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs).
MailerLite, our marketing automation provider, is based in the EU and processes data there.
You may contact us to obtain a copy of these safeguards or for more information about our data transfer mechanisms.
7. Data Retention
- Email addresses: Until you unsubscribe or 24 months after our final launch notification, whichever comes first.
- Server logs: 30 days.
- Analytics data (anonymised): up to 14 months (Plausible default).
- Support communications: For up to 24 months after the last interaction.
After these periods, data is either deleted or anonymized in a way that it can no longer be associated with you.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
| Region | Rights |
|---|---|
| EU/EEA (GDPR) |
|
| UK (UK GDPR) |
|
| California (CCPA/CPRA) |
|
| Brazil (LGPD) |
|
| Other Regions |
|
To exercise any of these rights, please email privacy@cortexauto.com. We will respond to your request within 30 days.
You may withdraw marketing consent at any time via the unsubscribe link in every e-mail.
California residents can exercise CCPA rights by emailing us with the subject line "CCPA REQUEST". You can authorize an agent to make a request on your behalf by providing written permission and verifying your identity.
We do not charge a fee for processing your request unless it is excessive, repetitive, or manifestly unfounded.
9. Security
We implement reasonable security measures to protect your personal data, including:
- HTTPS encryption for all data transmission
- Least-privilege access controls for all team members
- Regular security assessments
- Industry-standard encryption at rest for sensitive data
- Encrypted off-site backups are retained for up to 30 days
If we ever suffer a data breach that risks your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, in accordance with Articles 33-34 of the GDPR.
10. Governing Law
This Privacy Policy is governed by the laws of Lithuania, without regard to its conflict of law principles. For clarity, the Lithuanian language version of this policy will prevail if translations differ.
This does not diminish your rights under the data protection laws of your country of residence.
11. Children's Privacy
Our services are not directed to children under 16. We do not knowingly collect personal information from individuals under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information as soon as possible.
If you believe we might have any information from or about a child under 16, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes:
- We will post a prominent notice on our website for at least 30 days
- If we have your email, we'll notify you directly
- We will update the "Last updated" date at the top of this policy
Your continued use of our services after the changes take effect constitutes your acceptance of the updated policy.
13. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
- Email: privacy@cortexauto.com
- Address: Švitrigailos 11M-202, 03228 Vilnius, Lithuania
- Data Protection Lead: We have appointed an internal privacy contact reachable at the email address above.
- Supervisory Authority: State Data Protection Inspectorate, L. Sapiegos g. 17, LT-10312 Vilnius, Lithuania (ada.lt)
We will respond to all legitimate inquiries within 30 days.
7. Disclaimer
This site and all information are provided "as-is" for informational purposes only. They are not professional repair advice and must not be relied upon to diagnose or fix a vehicle. We do not warrant that the service will be error-free, uninterrupted, or free from security vulnerabilities.
Accessibility Note: We strive to meet WCAG 2.1 AA standards for accessibility. If you encounter any accessibility issues with this policy or our website, please contact us.