CorrelateX

Legal

Privacy Policy

Last updated: 2026-06-10

1. Introduction

CorrelateX (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website correlatex.com(the “Site”) or use any of our services, including HedgeVision, SuperIntel, ViEngine, and any associated APIs, dashboards, or tools (collectively, the “Services”).

By using the Site or Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use immediately.

2. Information We Collect

2.1 Information You Provide

  • Account Data: name, email address, and hashed password when you create an account.
  • Communication Data: messages, emails, and chat interactions with our AI agent or team.
  • Newsletter Data: email address when you subscribe to our newsletter.
  • Engagement Data: project briefs, scope requests, and build inquiries you submit.

2.2 Information Collected Automatically

  • Usage Data: pages visited, time spent, referral sources, and interaction patterns.
  • Device Data: browser type, operating system, device type, and screen resolution.
  • Network Data: IP address (anonymized), country-level geolocation, and ISP.
  • Performance Data: page load times, errors, and service availability metrics.

2.3 Information We Do NOT Collect

  • Government-issued identification numbers
  • Payment card details (all payments processed via third-party providers)
  • Precise geolocation data
  • Biometric or health data
  • Data from children under 16 (we do not knowingly serve users under 16)

3. How We Use Your Information

  • To provide, maintain, and improve our Services
  • To authenticate your identity and manage your account
  • To communicate with you about your account, projects, and inquiries
  • To send newsletters and product updates (with your consent)
  • To detect, prevent, and address technical issues, fraud, or abuse
  • To comply with legal obligations and enforce our Terms of Use
  • To analyze usage patterns and improve user experience

4. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA) and the United Kingdom, our legal bases for processing include:

  • Consent: Newsletter subscriptions, cookie preferences, and marketing communications.
  • Contractual Necessity: Account creation, service delivery, and project engagements.
  • Legitimate Interests: Service improvement, security monitoring, and analytics.
  • Legal Obligation: Compliance with applicable laws and regulatory requests.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share data only in these limited circumstances:

  • Service Providers: Cloud infrastructure (Cloudflare), email delivery (Resend), and analytics (Vercel Analytics). These providers are contractually bound to protect your data.
  • Legal Requirements: If required by law, court order, or governmental regulation.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, you will be notified.
  • With Your Consent: Any other sharing will occur only with your explicit consent.

6. Data Retention

  • Account Data: Retained until you delete your account or request deletion.
  • Newsletter Data: Retained until you unsubscribe.
  • Usage Data: Retained for a maximum of 26 months in anonymized form.
  • Chat Data: Retained for 90 days, then permanently deleted.
  • Security Logs: Retained for 12 months for security and compliance purposes.

7. Your Rights

7.1 GDPR Rights (EEA/UK Users)

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data (“Right to be Forgotten”).
  • Restriction: Limit how we process your data.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent at any time without affecting prior lawful processing.

7.2 CCPA Rights (California Residents)

  • Know: Request disclosure of categories and specific pieces of personal data collected.
  • Delete: Request deletion of personal data.
  • Opt-Out: We do not sell data, so no opt-out is necessary. We affirm this.
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

7.3 How to Exercise Your Rights

Email privacy@correlatex.comwith the subject “Privacy Request” and specify your request. We will respond within 30 days (GDPR) or 45 days (CCPA). We may require identity verification before processing your request.

8. Cookies and Tracking

We use essential cookies for authentication and security. We use Vercel Analytics for anonymous usage measurement (no personal data). See our Cookie Policy for full details.

9. Data Security

We implement industry-standard security measures including TLS encryption (HTTPS), hashed password storage (bcrypt), API rate limiting, CSRF protection, and strict Content Security Policy headers. Our infrastructure runs on Cloudflare’s global network with DDoS protection and WAF (Web Application Firewall).

Despite these measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security. In the event of a data breach, we will notify affected users and relevant authorities within 72 hours (per GDPR requirements).

10. International Data Transfers

Our Services are hosted on Cloudflare’s global edge network. Your data may be processed in data centers located worldwide. For EEA/UK users, we rely on Standard Contractual Clauses (SCCs) and adequacy decisions where applicable to ensure appropriate safeguards for cross-border data transfers.

11. Children’s Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us immediately and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email (if you have an account) or by posting a notice on our Site. Continued use after changes constitutes acceptance of the updated policy.

13. Contact & DPO

For privacy-related inquiries or to exercise your rights:

  • Email: privacy@correlatex.com
  • Data Protection Officer: Ayush Verma, Founder
  • Physical Address: Available upon request via email

For EEA/UK users: You have the right to lodge a complaint with your local supervisory authority (EDPB member list).

Terms of Use·Cookie Policy·Home

CorrelateX Agent

I am the CorrelateX agent. How can I help you today?