top of page

Cortex Privacy Policy

Last Updated: August 26, 2025

 

1. Introduction

 

This Privacy Policy describes how n6i B.V. ("we," "us," or "our") collects, uses, and protects personal data in connection with our enterprise knowledge preservation tool, Cortex (the "Service").

 

Our registered address is Weena 690, 3012CN Rotterdam, The Netherlands.

 

This policy applies to the personal data of the end-users ("you") of the Service. In the context of the General Data Protection Regulation (GDPR), our customer (your employer) is the Data Controller, as they determine the purposes and means of processing personal data. n6i B.V. acts as the Data Processor, processing your data on behalf of and under the instruction of our customer.

 

2. Data We Collect

 

We collect the following types of data to provide and improve the Service:

 

  • Account Information: When you are registered to use Cortex, we collect your full name and email address to create and manage your user account.

  • Content Data: We process the data you and your organization upload or create within Cortex. This includes:

    • Documents and meeting transcripts uploaded to your organization's private knowledge base.

    • Questions you submit to the knowledge assistant.

    • Your chat history with the knowledge assistant. This content may contain personal data, and the responsibility for this data lies with the Data Controller (your employer).

  • Usage Information: We automatically collect your IP address and use essential cookies to manage your session and keep you logged in.

 

3. How We Use Your Data

 

We process your personal data for the following purposes:

 

  • To Provide and Maintain the Service: To authenticate you, provide access to your organization's knowledge base, and deliver the core features of Cortex.

  • To Ensure Security: To protect your account and the integrity of the Service.

  • To Respond to Inquiries: To generate answers from your organization's knowledge base in response to your questions.

  • To Fulfill Contractual Obligations: To provide the Service to our customer (your employer) as outlined in our agreement with them.

 

4. Legal Basis for Processing

 

Our legal basis for processing your personal data is the performance of our contract with our customer (your employer). Your employer is responsible for establishing its own legal basis for collecting and using your data within our Service.

 

5. Data Sharing and Third-Party Services (Sub-processors)

 

We rely on a small number of trusted third-party services to provide the Cortex application. These sub-processors have limited access to your data only to perform specific tasks on our behalf and are obligated to protect your data.

 

Our sub-processors include:

 

  • Supabase: Used for end-user authentication, storing chat history, and indexing knowledge base documents.

  • Contextual AI: Used to host the private knowledge base for each customer and to provide the Retrieval-Augmented Generation (RAG) functionality that answers user questions.

  • OpenAI API: Used to generate natural language responses to user questions. OpenAI does not train its models on data submitted via its API.

  • Google Cloud Platform: The Cortex web application is hosted on Google Cloud Platform infrastructure located within the European Union.

 

6. International Data Transfers

 

Some of the sub-processors we use, including Supabase, Contextual AI, and OpenAI, are based in the United States. When your personal data is transferred outside the European Economic Area (EEA), we ensure it is protected to the same standard as it would be within the EEA. We do this by entering into Data Processing Addendums with our sub-processors that incorporate the European Commission's Standard Contractual Clauses (SCCs) as a legal mechanism for such transfers.

 

7. Data Retention

 

We retain user data for the duration of the active contract with our customer. When our contract with a customer ends, we will delete all associated data upon their request. Unless otherwise requested, this data will be deleted from our systems within 90 days following contract termination.

 

8. Your Data Protection Rights

 

Under GDPR, you have several rights concerning your personal data, including the right to access, correct, or request the deletion of your data.

 

Because our customer (your employer) is the Data Controller, any requests to exercise your data protection rights should be directed to them. We will provide full assistance to our customers to help them respond to your requests in a timely manner.

 

9. Security Measures

 

We are committed to protecting your data. We implement technical and organizational measures to ensure its security, including:

 

  • Data Encryption: All communication with the Cortex application is encrypted in transit using SSL/TLS. Furthermore, all Customer Content and Personal Data stored by the Service is encrypted at rest using industry-standard encryption algorithms (e.g., AES-256).

  • Access Controls: User accounts are protected by robust authentication and authorization mechanisms. We implement row-level security in our backend to ensure users can only access data they are permitted to see.

 

10. Use of Cookies

 

We use only essential cookies required for the basic functionality of the Service. Specifically, cookies are used to securely manage your logged-in session. We do not use cookies for marketing or tracking purposes.

 

11. Changes to This Privacy Policy

 

We may update this Privacy Policy from time to time. If we make material changes, we will notify our customers directly via email. Your continued use of the Service after such a notification will constitute your acceptance of the new terms.

 

12. Contact Us

 

If you have any questions about this Privacy Policy or our data protection practices, please contact us at: security@n6i.nl

N6i BV
690 Weena

3012CN Rotterdam

The Netherlands

​

180 Innsbruckweg

3047AH Rotterdam

The Netherlands

Rotterdam   âœ¦   Dublin   âœ¦   Brisbane

© 2025 n6i

bottom of page