Privacy Policy

1. Overview

Corgtex ("we," "our," or "us") provides a governed AI workforce platform for enterprise workspaces. This Privacy Policy explains how we collect, use, disclose, return, and protect personal information, workspace content, and connector data when you use Corgtex, including through Model Context Protocol (MCP) clients such as ChatGPT, Claude, Cursor, and other compatible tools.

2. Enterprise and open-core model

• Corgtex is offered through an open-core model. Public or open-source code, documentation, examples, and demo materials do not include private customer workspace content.
• Enterprise capabilities, hosted deployments, support tooling, managed connectors, proprietary operations workflows, and customer-specific configuration are provided under commercial terms.
• If you use a customer-controlled or self-hosted deployment, your organization may independently control parts of hosting, logs, access, retention, and backup behavior. Your agreement with Corgtex or your organization controls where it conflicts with this policy.

3. Information we collect

• Account and identity data: name, email address, organization, workspace membership, role, authentication status, and consent records.
• Workspace data: documents, policies, governance structures, proposals, tensions, goals, actions, meetings, transcripts, summaries, Brain articles, comments, approvals, spend requests, ledger metadata, uploaded files, and other content you or your organization provide.
• Connector and MCP data: OAuth client metadata, workspace selection, scopes, access and refresh token records, tool names, tool inputs, tool outputs, authorization decisions, revocation events, and audit entries.
• Operational data: usage events, model usage, agent runs, workflow jobs, integration status, data-source sync status, support diagnostics, request metadata, security logs, device/browser metadata, and approximate location inferred from network data.
• Communications data: messages you send to Corgtex, support requests, demo or procurement forms, email replies, and meeting or sales notes.

4. Data returned through MCP tools

• When an authorized MCP client calls Corgtex tools, tool responses may return user-related and workspace-related fields needed for the request, including names, email addresses, roles, workspace IDs, organization names, item titles, status fields, timestamps, summaries, source snippets, member assignments, meeting information, governance records, finance metadata if enabled, and audit or runtime diagnostics.
• Some privileged tools can create, update, archive, restore, purge, retry, submit, reveal, or send workspace records according to the scopes shown during authorization and the user's Corgtex role. Sensitive tools, such as revealing a saved shared-tool credential, require explicit authorization and are audited.
• Corgtex tools are designed not to return raw passwords, secret tokens, unnecessary internal identifiers, full logs, or unrelated personal data by default. If a field is not needed for the user's request, we aim to remove or withhold it rather than disclose it broadly.

5. How we use information

• Provide, operate, secure, and support Corgtex.
• Authenticate users and MCP clients, enforce workspace membership, apply role-based permissions, and maintain audit trails.
• Process workspace governance, knowledge, meeting, action, finance, and support workflows requested by users or authorized agents.
• Generate workspace-specific search indexes, embeddings, summaries, recommendations, and AI-assisted outputs.
• Measure reliability, debug failures, prevent abuse, investigate security incidents, and comply with legal obligations.
• Improve Corgtex products and documentation. We do not use enterprise customer workspace content to train general-purpose public models unless an enterprise agreement or explicit customer configuration permits it.

6. AI processing and model providers

• Corgtex may send prompts, retrieved context, tool inputs, tool outputs, files, transcripts, summaries, and other workspace content to AI model providers or infrastructure providers to perform the actions you request.
• Model providers may include OpenAI, Anthropic, or other providers selected by Corgtex or by your organization. These providers process data under their own terms, enterprise controls, and retention settings where applicable.
• When you connect Corgtex to a third-party AI client through MCP, that client may receive Corgtex tool descriptions, the inputs you provide, and the tool results returned by Corgtex. Review the security practices and terms of the AI client before connecting.

7. MCP authorization, scopes, and revocation

• Corgtex MCP access uses browser authorization, OAuth-style tokens, PKCE where supported, workspace selection, and scope-based permissions.
• A connector is limited to the workspace selected during authorization and to the scopes granted to that client. Scopes may include read access, write access, support diagnostics, runtime repair, finance operations, member management, document upload, shared-tool management, or credential reveal permissions.
• You or your workspace administrator can revoke connector access, rotate credentials, deactivate members, or reduce scopes where the product or deployment configuration supports those controls.

8. Sharing and subprocessors

• We do not sell personal information.
• We may share information with service providers, subprocessors, model providers, hosting providers, analytics providers, communications providers, and support vendors that help us operate Corgtex under confidentiality and security obligations.
• We may disclose information when required by law, to protect rights or safety, to investigate abuse, in connection with a corporate transaction, or with your consent or your organization's instructions.
• Third-party MCP clients and AI providers that you connect are separate services. Their processing of data they receive is governed by their own privacy, security, and contractual terms.

9. Security

• We use technical and organizational safeguards designed to protect data, including encryption in transit, encryption at rest where supported, role-based access controls, workspace isolation, scoped connector tokens, secure session management, audit logs for sensitive operations, and least-privilege support workflows.
• No system is perfectly secure. You are responsible for keeping credentials private, authorizing only trusted connectors, reviewing requested scopes, and promptly revoking access that is no longer needed.

10. Retention and deletion

• We retain account, workspace, connector, audit, and operational data for as long as needed to provide Corgtex, meet contractual commitments, preserve security and audit history, comply with law, resolve disputes, and enforce agreements.
• Enterprise customers may have separate retention, export, deletion, backup, and audit requirements in their agreement or deployment configuration.
• After termination, we delete or anonymize customer workspace data within a commercially reasonable period unless retention is required by law, audit obligations, backup cycles, or the customer agreement.

11. Your rights and choices

• Depending on your location and relationship with Corgtex, you may have rights to access, correct, delete, export, object to, or restrict processing of personal information.
• Workspace content is often controlled by the enterprise customer or workspace administrator. We may direct requests about workspace data to that organization.
• You can reduce data shared with MCP clients by choosing narrower scopes, disconnecting third-party clients, disabling integrations, or asking your workspace administrator to remove access.

12. International transfers

Corgtex and its service providers may process information in the United States and other countries where we or they operate. Where required, we use appropriate transfer mechanisms and contractual protections.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the last-updated date. Material changes may also be communicated through the product, email, or customer contacts.

14. Contact us

For privacy inquiries, contact privacy@corgtex.com.