Privacy Policy

Last updated 22 May 2026 · Version 1.0

TL;DR. CortexBuild Pro is local-first — your project data, photos, invoices and notes live on your device. We don't track you across apps. We don't sell your data. We never will.

1 · Who we are

CortexBuild Pro is a product of CortexBuild Ltd, a company registered in England and Wales (registered office address available on request). For any privacy question, write to privacy@cortexbuild.app.

For the purposes of the UK GDPR and Data Protection Act 2018, CortexBuild Ltd is the data controller for any personal data you supply through the CortexBuild Pro app or website at cortexbuildpro.com.

2 · What we collect

On your device (we never see this)

The bulk of what CortexBuild Pro handles never leaves your phone or tablet. This includes:

Project details, customer names, addresses
Invoices, quotes, receipts, CIS deductions
Site photos, snag evidence, RAMS, drawings
Voice memos, site diary entries, mileage logs
Team member records, CSCS card details, training certificates
Geolocation for site check-in and mileage tracking

This data is stored in your device's local storage and IndexedDB. We have no way to access it, and we cannot recover it if you delete the app — back up regularly via Settings → Database → Export.

What we do see

Data	Why we collect it	How long we keep it
Account email (if you create one)	To restore your data across devices and contact you about account-critical events.	Until you delete the account.
App diagnostic data (crash logs)	To fix bugs.	30 days, then auto-deleted.
Anonymous usage metrics (PWA installs, feature opens)	To know which features are useful. Opt-out in Settings → Privacy.	13 months, then aggregated.
AI prompts sent to Cortex AI	To answer your question. Sent via our backend to Anthropic's Claude API.	Not stored on our servers — passed through. Anthropic's retention applies to the request only.

3 · Cortex AI and third-party processors

When you ask Cortex AI a question, draft a chase email, run an AI estimator, scan a receipt with vision OCR, or use any other AI feature, the text or image of that request is sent via our backend to Anthropic, PBC (the makers of Claude). Anthropic processes the request and returns an answer. Anthropic do not train on data sent through our API contract (see Anthropic's data privacy commitments at anthropic.com/legal/api).

We use Vercel (or our own UK-hosted infrastructure on Hostinger VPS) to serve the app. Neither receives a copy of your business data — only the static app code and your IP address at the time of request.

For payments (Pro / Enterprise tiers), we use Stripe. Stripe receives your name, email, billing address and card details directly. We never see card numbers.

4 · Permissions we ask for, and why

Camera — to scan receipts, photograph site progress, capture snag evidence, attach photos to incident reports.
Photo library — to pick existing photos to attach, and to save exports back.
Microphone — for voice memos.
Location — for site check-in verification and HMRC-compliant mileage tracking.
Contacts (iOS only, if you opt in) — to attach a customer's saved contact details.
Calendar (iOS only, if you opt in) — to add scheduled site visits and inspections to your calendar.
Face ID / Touch ID — to unlock the app so financial and CIS data stays private.
Push & local notifications — for reminders, expiry alerts, AI nudges.

Every permission is requested in-context, not at launch, and the app keeps working if you say no.

5 · Your rights under UK GDPR

Right of access — ask us what we hold on you. Email privacy@cortexbuild.app.
Right to rectification — ask us to correct anything.
Right to erasure ("right to be forgotten") — ask us to delete your account and any associated server-side data. Local-device data is yours to delete via the app.
Right to data portability — export your data from Settings → Database → Export. The download is a JSON file you can import into any other tool.
Right to object — opt out of anonymous usage analytics in Settings → Privacy.
Right to lodge a complaint — with the UK's Information Commissioner's Office, ico.org.uk, 0303 123 1113.

6 · Children

CortexBuild Pro is not directed at children under 16 and we do not knowingly collect data from them. If you believe a child has supplied us with personal data, contact us and we will delete it.

7 · Security

Data on your device is protected by iOS / Android's standard sandbox and (if you enable it) the OS biometric lock. Data in transit to our backend is protected by TLS 1.3. To responsibly disclose a security issue, write to security@cortexbuild.app.

8 · Changes to this policy

We'll let you know in-app the next time you open CortexBuild Pro after a material change. Minor wording fixes are made silently — check the version stamp at the top of this page.

9 · Contact

Privacy enquiries: privacy@cortexbuild.app
Data Protection Lead: Adrian Stanca
Postal address available on request.