Privacy Policy¶
Last updated: 2026-06-28
This Privacy Policy explains how Cortensor collects, uses, shares, protects, retains, and deletes data across the website, Portal, API gateway, router, dashboard, blockchain interactions, and related services. The policy effective date is January 29, 2025. Privacy questions can be sent to [email protected].
At A Glance¶
Name, company, website, work email, social handles, wallet address, support messages, and other submitted information.
Portal activity, API key events, request metadata, session IDs, route/model metadata, usage records, and support interactions.
Wallet addresses, token transfers, staking, voting, contract interactions, and transaction history may be public and permanent.
Access, correction, deletion, restriction, consent withdrawal, portability, objection, complaints, and non-discrimination rights where applicable.
Effective Date And Age Policy¶
| Topic | Policy |
|---|---|
| Effective date | January 29, 2025. |
| Intended users | Cortensor services are directed to users who are at least 16 years old. |
| Minors | Cortensor does not knowingly collect, use, or solicit personal information from minors without appropriate parental consent. |
| Parent or guardian request | If a parent or guardian believes Cortensor collected personal information from a minor without verifiable consent, contact [email protected] so the information can be reviewed and deleted where required. |
Information Collected¶
The Privacy Policy covers information users provide directly, information collected automatically, and information received from third parties.
| Category | Examples |
|---|---|
| Contact and identity | Full name, company name, website link, work email, Telegram handle, X handle, other social handles, and account details. |
| Wallet and Web3 activity | Wallet address, DApp transaction history, smart-contract interaction patterns, staking/voting activity, and token-transfer records. |
| Website/device data | IP address, operating system, browser type, usage patterns, pages visited, time on page, and possible geolocation data. |
| Product/API data | API key metadata, organization/account records, request IDs, model or route identifiers, latency/status records, usage/metering records, and support records. |
| Router/session data | Prompts, outputs, session IDs, task IDs, route metadata, auth headers, request logs, encrypted payload metadata, and off-chain URNs where applicable. |
| Third-party data | Information from partners, providers, analytics tools, payment processors, blockchain analytics, marketing platforms, or customer support systems where allowed by policy and law. |
Local Storage And Personalization¶
Some website or app data may be stored locally on a user's device where the product surface requires local state. Local storage can support preferences, interactive elements, exercises, or other personalization. Data is transmitted to Cortensor systems or third parties only where stated in the Privacy Policy, required for the service, or otherwise allowed by applicable law and user consent.
Why Cortensor Uses Data¶
Data may be used to operate services, create accounts, provide support, communicate updates, process payments, meter usage, manage API keys, detect abuse, protect security, prevent fraud, satisfy legal obligations, enforce terms, improve products, personalize experiences, and build new features.
The policy names consent, contractual necessity, legal obligation, legitimate interests, and vital interests as possible legal bases for processing.
Stack Data Flow¶
flowchart TB
User["User / developer"]
Website["Website"]
Portal["Portal"]
Gateway["API gateway"]
Keys["API key provider"]
ProductDB["Product database"]
Router["Router API"]
Storage["Off-chain storage"]
Chain["Blockchain"]
User --> Website
User --> Portal
User --> Gateway
Portal --> Keys
Portal --> ProductDB
Gateway --> Keys
Gateway --> ProductDB
Gateway --> Router
Router --> Storage
Router --> Chain
Chain --> PortalProduct Data Map¶
| Product surface | Data handling considerations |
|---|---|
| Public website | Browser/device data, analytics/cookies where enabled, contact forms, and email capture. |
| Portal | Account/profile data, organization data, API key metadata, billing/account state, usage summaries, and support messages. |
| API gateway | API key verification, request ID, status, latency, model alias, rate-limit records, usage metering, and payment events. |
| Router API | Prompt/result payloads, session IDs, route metadata, auth headers, request logs, timeout/error records, and off-chain URNs. |
| Private inference | Encrypted payload metadata, key version, session/task authorization, allowlist/ACL checks, and storage references. |
| Off-chain storage | Prompt/result blobs, encryption metadata, retention/deletion policy, provider metadata, bucket/object references, and URNs. |
| Dashboard/admin | Wallet address, contract read/write activity, node/session/admin actions, model capacity, and operator metadata. |
| Blockchain | Public wallet addresses, transfers, staking, voting, contract interactions, immutable transaction history, and explorer-visible data. |
Sharing And Third Parties¶
Data may be shared with consent, for legal requests, for fraud/security protection, and with service providers that support the platform. Provider categories include cloud/storage, payments, blockchain analytics, marketing, advertising, analytics, feedback tools, customer support, and other operational providers.
Third-party providers may have their own policies, security practices, service limits, and regional restrictions.
The policy also states that Cortensor does not sell personal data and does not share or transfer personal data to third parties except as described in the Privacy Policy or required for service, legal, security, compliance, or consent-based purposes.
Security And Incident Response¶
The policy describes encryption, role-based access control, audits, third-party security review, incident response, and breach notification. Where required by applicable law, affected users and relevant authorities are notified within 72 hours with information about the breach, affected data, mitigation steps, and user-protection steps.
Cortensor cannot guarantee absolute security. Users remain responsible for wallet private keys, seed phrases, API keys, passwords, devices, account activity, communication verification, and external tools connected to their wallets.
Security Measures¶
| Measure | Purpose |
|---|---|
| Encryption | Protect sensitive information in transit and at rest where applicable. |
| Access controls | Limit personal-data access to authorized personnel and systems. |
| Regular audits and assessments | Identify vulnerabilities and improve security posture. |
| Third-party review | Confirm that external providers meet expected security and privacy requirements. |
| Incident response | Detect, isolate, patch, notify, support affected users, and review root causes. |
Retention, Deletion, And Blockchain Immutability¶
Data is retained as needed for stated purposes, legal obligations, accounting, reporting, security, dispute handling, or service operations. When no longer needed, data may be deleted, anonymized, or isolated from further processing.
Blockchain records are different: wallet addresses, token transfers, staking, voting, and smart-contract interactions may be public, permanent, traceable, and not deletable after confirmation.
Compliance And Cross-Border Transfers¶
Cortensor commits to applicable privacy and data-protection laws, including GDPR where it applies. When personal data is transferred across borders, Cortensor may use safeguards such as Standard Contractual Clauses, adequacy decisions, encryption, anonymization, or other lawful transfer mechanisms.
Blockchain Transparency¶
Blockchain activity can reveal public wallet addresses, transaction histories, token transfers, staking activity, voting activity, and smart-contract interactions. These records may be permanently stored, publicly accessible, traceable, and impossible to modify or delete after confirmation.
Users should avoid putting sensitive personal information on-chain and should understand that blockchain pseudonymity is not the same as complete anonymity. Wallet addresses can sometimes be correlated with real identities through transaction patterns, external services, or public disclosures.
Cookies, Tracking, And DNT¶
The policy covers essential cookies, analytics cookies, functionality cookies, and advertising cookies. Non-essential cookies require consent where applicable. Users can manage preferences through cookie controls, browser settings, or supported opt-out mechanisms.
The policy states that there is no uniform Do Not Track standard and that systems are not currently configured to respond to DNT browser signals.
Automated Decision-Making¶
Automated decision-making and profiling may be used with safeguards where applicable. Users may have rights to request human intervention, contest decisions, or receive meaningful information about automated logic when decisions have legal or similarly significant effects.
User Rights¶
Depending on location and applicable law, users may have rights to:
- Access personal data.
- Correct inaccurate data.
- Request deletion.
- Restrict processing.
- Withdraw consent.
- Request portability.
- Object to processing.
- File a complaint with a regulator.
- Avoid discrimination for exercising privacy rights.
- Request human review of significant automated decisions.
Requests should be sent through the contact channels in the Privacy Policy.
User Responsibilities¶
Users are responsible for protecting wallet private keys, seed phrases, passwords, API keys, devices, and connected accounts. Users should verify communications claiming to represent Cortensor, review external wallet or integration tools before connecting them, monitor account activity, and report suspected unauthorized access promptly.
Policy Updates And Contact¶
Cortensor may update the Privacy Policy to reflect legal, technical, product, or operational changes. Material updates may be announced through appropriate channels. Continued use of Cortensor services after an update indicates acceptance of the updated policy where permitted by law.
For privacy questions or data-rights requests, contact [email protected].