Privacy Policy for the Córtex Conceptual Demo

Last updated: May 29, 2025

Our Promise: Your Privacy is Fundamental

At Kelp Labs, we are building the future of organizational intelligence on a foundation of trust. We understand that privacy is not an afterthought, but a fundamental pillar. This privacy policy is not just a legal document; it is our commitment to you. It details with complete transparency what data we collect in this Córtex conceptual demo, why we do it, and how we ensure its protection. Our meticulous approach to data protection in this simple demo is just a glimpse of the rigorous security and compliance standards that will define the full Córtex experience.

1. Who is Responsible for Your Data? (Data Controller)

Identity: Kelp Labs

Contact: For any inquiry or to exercise your rights, you can contact us at: privacy@kelp-labs.com

In accordance with the General Data Protection Regulation (GDPR), Kelp Labs is the "Data Controller," which means we are responsible for deciding how and why your personal data is processed.

2. What Data Do We Collect and for What Purpose?

We collect a minimal amount of data, strictly necessary for the demo's operation and to validate our concept. Below, we detail each piece of data, its purpose, and the legal basis that legitimizes us to process it according to the GDPR.

a) Email Address:

What we collect: The email address you provide to access.

Why we do it:

• Access Management: To send you a one-time password (OTP) and allow you secure access to the platform.
• Strategic Communication: To be able to contact you and gather your valuable opinion about the concept or inform you about future developments of Córtex, given your explicit interest in using the demo.

GDPR Legal Basis:

• For access management: Article 6(1)(b) - Necessary for the performance of a contract (the Terms and Conditions you accept to use the demo).
• For communication: Article 6(1)(f) - Legitimate Interest of Kelp Labs to improve our product and establish business relationships with interested professionals.

b) Usage and Navigation Information:

What we collect: Which sections of the demo you visit (e.g., "Córtex Lifecycle," "Executive Companion") and the timestamp (time) of your access.

Why we do it: To analyze, in an aggregated and anonymous way whenever possible, which parts of the Córtex concept generate the most interest. This information is crucial for us to refine the product and focus our development.

GDPR Legal Basis: Article 6(1)(f) - Legitimate Interest. We have a legitimate interest in understanding how our demo is used so we can improve it and validate our product hypotheses.

c) Technical Session Data (Token in localStorage):

What we collect: We store an authentication "token" in your browser's local storage (localStorage). This token is a random character string that does not contain direct personal data.

Why we do it: It is strictly for functional purposes. It allows us to keep your session active while you browse the demo, preventing you from having to log in again on each page.

Legal Basis: This action is considered "strictly necessary" to provide the service you have requested (the use of the demo), covered by the ePrivacy regulations (Directive 2002/58/EC).

3. How Do We Protect Your Data? (Security)

Your trust is our most valuable asset. We apply technical and organizational measures to protect your data:

• Minimal Data Collection: We only ask for what is strictly necessary.
• Access Control: Access to data is internally restricted only to Kelp Labs personnel who need to know it for the purposes described.
• Security in Transit: All communication between your browser and our servers is encrypted using HTTPS/TLS.

4. How Long Do We Keep Your Data? (Data Retention)

We comply with the principle of storage limitation (Article 5(1)(e) of the GDPR).

• Your email address and usage data will be retained for a maximum period of 24 months from your last access. This period allows us to conduct a medium-term interest analysis. After this time, or if you exercise your right to erasure, the data will be securely deleted.
• The session token stored in your browser is automatically deleted when you log out or can be manually deleted by you by clearing your browsing data.

5. Do We Share Your Data with Anyone? (Recipients)

We do not sell, rent, or share your data with third parties.

Your personal data is exclusively for Kelp Labs' internal use. We do not sell, rent, or transfer your data to third parties for marketing or any other commercial purposes under any circumstances.

Infrastructure Providers: To operate our service, we use trusted infrastructure providers (such as hosting and cloud services) that may process your data on our behalf. These providers:

• Are located exclusively within the European Economic Area (EEA)
• Comply with the highest security standards and GDPR requirements
• Act only as data processors under our strict instructions
• Are bound by data processing agreements that ensure your data remains protected

All data processing remains within the EEA, ensuring your data benefits from the full protection of European data protection laws.

6. What Are Your Rights and How to Exercise Them?

The GDPR gives you full control over your data. You have the right to:

• Right of Access (Article 15): Request a copy of the personal data we have about you.
• Right to Rectification (Article 16): Ask us to correct any data you consider inaccurate or incomplete.
• Right to Erasure or "to be Forgotten" (Article 17): Request that we delete your data from our systems.
• Right to Restriction of Processing (Article 18): Ask that we temporarily suspend the processing of your data in certain circumstances.
• Right to Object (Article 21): Object to us processing your data based on our legitimate interest. If you object, we will stop processing them, unless there are compelling legitimate grounds.
• Right to Data Portability (Article 20): Request that we provide your data in a structured and commonly used format so you can transmit it to another controller.

To exercise any of these rights, simply send us an email to privacy@kelp-labs.com. We will respond as soon as possible. You also have the right to lodge a complaint with the data protection supervisory authority in your country.