Privacy Policy

Kortex Digital Labs LLC ("Kortex," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at kortexdigitallabs.com (the "Site") or engage our services.

By accessing or using our Site, you agree to the terms of this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our Site immediately.

1. Information We Collect

We may collect the following types of information when you interact with our Site or services:

Personal Information You Provide

• Name, email address, phone number, and company name submitted through contact forms, booking requests, or newsletter signups
• Account credentials when you create an account for our client portal
• Payment information processed securely through our third-party payment processor (Stripe)
• Any additional information you voluntarily provide in messages, project briefs, or uploaded files

Information Collected Automatically

• Page views, referral sources, and general usage patterns collected via Plausible Analytics (a privacy-first, cookie-free analytics platform)
• Technical data such as browser type, device type, and operating system for Site optimization
• Essential session data required for authentication and security when using the client portal

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To respond to inquiries, provide project estimates, deliver contracted services, and manage client accounts
• Communication: To send project updates, invoices, appointment confirmations, and respond to support requests
• Improvement: To analyze site usage patterns, improve our services, and optimize user experience
• Security: To protect our Site, services, and users from unauthorized access, fraud, and abuse
• Legal compliance: To comply with applicable laws, regulations, and legal processes

We do not sell your personal information to third parties. We do not use your data for targeted advertising.

3. Data Storage & Security

We implement industry-standard security measures to protect your data:

• All data is transmitted over encrypted HTTPS connections with TLS 1.2 or higher
• Sensitive data is stored in encrypted databases with row-level security policies that restrict access to authorized users only
• Authentication is managed through secure, industry-standard protocols with support for multi-factor authentication
• Access to production systems is restricted to authorized personnel on a need-to-know basis
• Client portal files are accessible only via time-limited signed URLs and are never stored in publicly accessible locations

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Contact form submissions are retained for up to 24 months. Client project data is retained for the duration of the engagement plus 36 months, unless a longer retention period is requested or required.

4. Third-Party Services

We use the following third-party services to operate our Site and deliver our services. Each has been selected for its commitment to data protection:

• Plausible Analytics: A privacy-first analytics platform that does not use cookies, does not track individuals across sites, and does not collect personal data. All data is aggregated and anonymized. Compliant with GDPR, CCPA, and PECR without requiring cookie consent banners.
• Stripe: Handles payment processing. Your payment card details are transmitted directly to Stripe and are never stored on our servers. Stripe is PCI-DSS Level 1 compliant.
• Resend: Delivers transactional emails such as invoices, project updates, and password resets. Email addresses are shared with Resend solely for the purpose of email delivery.
• Supabase: Provides our database and authentication infrastructure. Data is stored in SOC 2 compliant, encrypted PostgreSQL databases.
• Vercel: Hosts our website with edge deployment, SSL, and DDoS protection. Vercel processes request logs for performance monitoring.
• hCaptcha: Protects public-facing forms from spam and abuse. hCaptcha is a privacy-respecting alternative to reCAPTCHA and is GDPR compliant.

5. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Data portability: Request a copy of your data in a structured, machine-readable format
• Opt-out: Unsubscribe from marketing communications at any time using the link provided in our emails

To exercise any of these rights, please contact us at info@kortexdigitallabs.com. We will respond to your request within 30 days.

6. Cookies & Tracking Technologies

We use cookies to operate our website, analyze traffic, and enhance your experience. When you first visit, a consent banner will allow you to choose which categories of cookies to accept. Non-essential cookies are never set without your explicit consent.

For detailed information about the specific cookies we use and how to manage your preferences, please see our Cookie Policy.

• Essential cookies: Required for authentication and session management. These cannot be disabled.
• Analytics cookies: First-party cookies that help us understand visitor navigation patterns and traffic sources. Only set with your consent.
• Functional cookies: Enable features like chatbot conversation persistence. Only set with your consent.
• No advertising cookies: We do not use advertising cookies, retargeting pixels, or any third-party tracking scripts for marketing purposes.

7. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: info@kortexdigitallabs.com
• Company: Kortex Digital Labs LLC
• Location: San Antonio, Texas

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Post a notice on our Site for a reasonable period following the change
• Notify active clients via email for changes that materially affect how their data is handled

Your continued use of the Site after any changes to this Privacy Policy constitutes your acceptance of the updated terms.