Legal

Privacy Policy

Last updated: 25 February 2026

CortexViral ("we", "us", "our") provides an AI-powered social-media content platform at cortexviral.com. This Privacy Policy explains what data we collect, why we collect it, and how we handle it. By using CortexViral you agree to the terms below.

1. Information We Collect

Account data — email address, name, and profile picture provided by your Google or LinkedIn login.

Connected-channel data — when you connect a social platform (e.g. LinkedIn, TikTok, Instagram), we receive an OAuth access token, your platform user ID, and basic profile info (display name, picture). We never receive or store your platform password.

Content you create — posts, drafts, scheduled-publishing data, and prompts you submit to our AI features.

Usage data — pages viewed, features used, error logs. Used to improve the product.

Cookies — a single session cookie (session_token) keeps you logged in. No third-party tracking cookies.

2. How We Use Your Information

  • To authenticate you and keep your account secure.
  • To generate AI content using your prompts (processed by our LLM providers; see Section 5).
  • To publish content to platforms you have explicitly connected, on your behalf.
  • To send transactional emails (account, billing, security). We do not send marketing emails without opt-in.
  • To debug, monitor, and improve the service.

3. Social Media Permissions (OAuth)

When you connect a social account via OAuth, we request the minimum scopes required to perform the actions you have asked us to perform — typically profile/email and post-on-your-behalf. We never request scopes for reading your DMs, contacts, or unrelated data.

You can disconnect any platform at any time from the Integrations page; this revokes our stored token immediately.

4. Data Storage & Security

All data is stored encrypted at rest in MongoDB. Access tokens are stored encrypted and accessible only to our backend service when publishing on your behalf. We use HTTPS everywhere and follow standard SaaS-security practices.

5. Third Parties We Share Data With

AI providers — your prompts and content drafts are sent to large-language-model providers (OpenAI, Anthropic, Google) via the Emergent LLM proxy. Providers process prompts to generate responses and do not retain them for training.

Social platforms — when you publish a post, the post content is sent to the destination platform's API (e.g. LinkedIn, TikTok, Instagram).

Payment processor — billing is handled by Stripe. We never see or store your full payment-card details.

We do not sell, rent, or trade your personal data to any third party.

6. Data Retention

We keep your data for as long as your account is active. If you delete your account, we permanently remove your personal data (including OAuth tokens) within 30 days, except where law requires retention (billing records, etc.).

7. Your Rights

You can request: a copy of your data, correction of inaccurate data, or deletion of your account. Email privacy@cortexviral.com and we will respond within 30 days.

If you are located in the EEA / UK, you have rights under GDPR including the right to lodge a complaint with your local data protection authority.

8. Children

CortexViral is not directed at children under 16. If you believe a child has provided us personal data, contact us at privacy@cortexviral.com and we will remove it.

9. Changes to This Policy

We will update this page when our practices change. If changes are material we will notify you via email or an in-app banner before they take effect.

10. Contact

Questions? Email privacy@cortexviral.com or support@cortexviral.com.

    Made with Emergent