Privacy Policy

1. Introduction

Corteksa ("Corteksa", "we", "us", or "our") is a Software-as-a-Service (SaaS) Customer Relationship Management (CRM) platform designed to support organizations through configurable, multi-tenant, and data-isolated business management tools.

This Privacy Policy explains how we collect, use, store, process, disclose, and protect personal data when you:

• Access or use Corteksa CRM
• Create an account or workspace
• Integrate third-party services
• Communicate with us
• Visit our websites or dashboards

2. Legal Scope & Compliance

Corteksa complies with the following data protection regulations:

• GDPR (General Data Protection Regulation) – EU and EEA users
• CCPA (California Consumer Privacy Act) – California residents
• PDPL (Personal Data Protection Law) – Saudi Arabia users

3. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person
• Processing: Any operation performed on personal data (collection, storage, use, disclosure, deletion)
• Data Controller: The entity determining the purposes and means of processing (typically the Customer/Workspace Owner)
• Data Processor: The entity processing data on behalf of the Controller (Corteksa acts as a Processor)
• Data Subject: The individual whose personal data is being processed

4. Roles & Responsibilities

Corteksa as Data Processor: Corteksa processes Customer Data strictly on behalf of the Customer (Data Controller) in accordance with the Customer's instructions.

Customer as Data Controller: Customers who use Corteksa to manage data about their own users, leads, or contacts are Data Controllers and are solely responsible for compliance with applicable data protection laws.

5. Data Protection Principles

Corteksa adheres to the following core principles:

• Lawfulness, Fairness, and Transparency: Data is processed lawfully and transparently
• Purpose Limitation: Data is collected for specified, legitimate purposes
• Data Minimization: Only necessary data is collected
• Accuracy: Data is kept accurate and up-to-date
• Storage Limitation: Data is not retained longer than necessary
• Integrity & Confidentiality: Appropriate security measures are in place
• Accountability: We are responsible for demonstrating compliance

6. Age Restrictions

Corteksa is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will take steps to delete it.

7. Policy Updates

We may update this Privacy Policy periodically. Changes will be effective upon posting, with the "Last Updated" date revised. Continued use of Corteksa after updates constitutes acceptance of the revised policy.

8. Categories of Personal Data

We collect the following types of personal data:

Account Information

• Full name, email address, phone number
• Company name, job title, department
• Username and encrypted password
• Profile photo (optional)

Workspace & Usage Data

• Workspace name, subdomain, and configuration settings
• User roles, permissions, and access logs
• Activity logs (logins, feature usage, timestamps)
• IP address, device type, browser type

Customer Data

• Contact information of leads, customers, and employees entered by the Customer
• Sales pipeline data, notes, documents, and communications
• Custom fields and metadata created by the Customer

Communication Data

• Email correspondence with support or sales teams
• In-app messages, feedback forms, and support tickets

Payment & Billing Data

• Billing address, payment method (processed via third-party payment processors)
• Transaction history and invoices

9. Sources of Data

We collect data from:

• Directly from you: When you register, configure your workspace, or interact with the platform
• Automatically: Through cookies, logs, and usage analytics
• Third-party integrations: When you connect external tools (e.g., email, calendars)
• Customer uploads: Data you manually enter or import into Corteksa

10. Lawful Bases for Processing

We process personal data based on the following legal grounds:

• Contractual Necessity: To provide and operate the Corteksa platform
• Consent: Where you have explicitly agreed (e.g., marketing emails)
• Legitimate Interests: For platform improvement, fraud prevention, and security
• Legal Obligations: To comply with applicable laws and regulations

11. Purpose of Processing

We use personal data for the following purposes:

• Service Delivery: To create accounts, manage workspaces, and provide CRM functionality
• Customer Support: To respond to inquiries and resolve technical issues
• Billing & Payments: To process subscription fees and generate invoices
• Platform Improvement: To analyze usage patterns and develop new features
• Security & Fraud Prevention: To detect and prevent unauthorized access
• Compliance: To meet legal and regulatory obligations

12. Automated Processing & AI

Corteksa may use automated tools and AI-driven features for:

• Predictive analytics (e.g., sales forecasting)
• Lead scoring and prioritization
• Workflow automation and task recommendations

Customers retain control over automated decision-making features and can opt-out or request human review.

13. Cookies & Similar Technologies

We use cookies and similar tracking technologies to:

• Essential Cookies: Required for authentication and platform functionality
• Analytics Cookies: To understand usage patterns and improve performance
• Preference Cookies: To remember user settings and preferences

You can control cookie preferences through your browser settings.

14. Do Not Track

Corteksa respects "Do Not Track" (DNT) browser signals where technically feasible. However, some tracking may be necessary for essential platform functionality.

15. Marketing Communications

We may send promotional emails about new features, updates, and offers. You can opt-out anytime by:

• Clicking "unsubscribe" in any marketing email
• Updating your communication preferences in account settings
• Contacting support@corteksa.com

16. Data Sharing & Disclosure

We do not sell personal data. We may share data with:

• Service Providers: Cloud hosting, payment processors, email services (under strict data processing agreements)
• Legal Authorities: When required by law or to protect our rights
• Business Transfers: In the event of a merger, acquisition, or sale of assets

17. International Transfers

Corteksa may transfer data internationally. We ensure adequate safeguards through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by regulatory authorities
• Encryption and secure data transfer protocols

18. Data Ownership

Customer Data Ownership: Customers retain full ownership of all data entered into Corteksa. Corteksa acts solely as a processor.

Platform Data: Corteksa owns aggregated, anonymized usage data used for analytics and improvements.

19. Data Retention Policy

We retain personal data as follows:

• Active Accounts: For the duration of the subscription
• Inactive Accounts: 90 days after subscription termination (unless legally required to retain longer)
• Billing Records: 7 years (as required by tax and accounting laws)
• Support Logs: 2 years

20. Data Deletion & Erasure

Upon account closure or deletion request:

• Customer Data is permanently deleted within 30 days
• Backup copies are purged within 90 days
• Some data may be retained for legal compliance (e.g., financial records)

21. Backup & Disaster Recovery

We maintain regular backups to ensure business continuity. Backups are:

• Encrypted and stored securely
• Retained for up to 90 days
• Subject to the same security controls as live data

22. Data Portability

You have the right to export your data in a structured, machine-readable format (e.g., CSV, JSON). Export functionality is available via:

• Self-service export tools in the platform
• Request to support@corteksa.com (processed within 30 days)

23. Confidentiality & Access Control

Access to personal data is restricted to:

• Authorized employees on a need-to-know basis
• Multi-factor authentication (MFA) for admin accounts
• Role-based access control (RBAC) within workspaces

24. Data Residency

Customer data is stored in geographically distributed data centers. Customers may request specific data residency options (subject to availability and additional fees).

25. Data Subject Rights

Depending on your jurisdiction, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Export your data in a structured format
• Right to Object: Opt-out of certain processing activities (e.g., marketing)
• Right to Withdraw Consent: Revoke consent at any time
• Right to Lodge a Complaint: File a complaint with your data protection authority

26. Exercising Your Rights

To exercise your rights, contact us at:

We will respond to requests within 30 days (or as required by applicable law).

27. Customer Responsibilities

If you are a Customer (Data Controller), you are responsible for:

• Obtaining necessary consents from your end-users
• Ensuring lawful processing of data entered into Corteksa
• Responding to data subject requests from your end-users
• Complying with applicable data protection laws

28. Rights Under GDPR, CCPA, PDPL

GDPR (EU/EEA Users)

Full access, rectification, erasure, restriction, portability, and objection rights. Right to lodge complaints with supervisory authorities.

CCPA (California Residents)

Right to know, delete, and opt-out of "sale" of personal information (note: Corteksa does not sell personal data).

PDPL (Saudi Arabia Users)

Right to access, correction, deletion, and restriction. Right to object to processing and file complaints with the Saudi Data & AI Authority (SDAIA).

29. Information Security Program

Corteksa implements a comprehensive Information Security Program based on industry standards (ISO 27001, SOC 2). Our security measures include:

30. Technical Safeguards

• Encryption: Data encrypted at rest (AES-256) and in transit (TLS 1.3)
• Multi-Factor Authentication (MFA): Required for admin accounts
• Firewall & Intrusion Detection: 24/7 monitoring for threats
• Regular Penetration Testing: Annual security audits and vulnerability scans
• Secure Development Lifecycle: Security reviews for all code releases

31. Organizational Measures

• Employee Training: Mandatory security and privacy training for all staff
• Background Checks: Screening for employees with data access
• Confidentiality Agreements: All employees sign NDAs
• Incident Response Plan: Documented procedures for security incidents

32. Access Management

We enforce strict access controls:

• Principle of least privilege (minimum necessary access)
• Regular access reviews and audits
• Immediate revocation upon employee termination

33. Incident & Breach Response

In the event of a data breach:

• We will investigate and contain the breach within 24 hours
• Affected users will be notified within 72 hours (as required by GDPR)
• Regulatory authorities will be notified as required by law
• We will provide remediation steps and support

34. Third-Party Links

Corteksa may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

35. Children's Privacy

Corteksa is not directed at individuals under 16 years of age. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, contact us immediately.

36. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

• Email notification to registered users
• In-app notifications
• Prominent notice on our website

37. Contact Information

For privacy-related inquiries, data subject requests, or security concerns:

38. Governing Law

This Privacy Policy is governed by the laws of the jurisdiction in which MOONTIJ LLC is registered, without regard to conflict of law principles. Disputes will be resolved in accordance with the dispute resolution provisions in our Terms of Service.

39. Final Legal Statement

By using Corteksa CRM, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of the platform.

This Privacy Policy constitutes a binding legal agreement between you and MOONTIJ LLC.