Privacy Policy

1. Introduction

This Privacy Policy describes the information practices of Corxor ("we," "our," or "us") in connection with the Corxor website (corxor.com), the Corxor QuickSecure endpoint security platform, and related services (collectively, the "Services"). It explains what categories of data we collect, the purposes for which we process that data, and the choices available to you.

Corxor QuickSecure is an enterprise cybersecurity platform that includes an endpoint agent, cloud-based ML governance, security telemetry processing, and threat detection capabilities. Because of the nature of the product, certain categories of data described below are necessary for the Services to function as intended.

2. Information We Collect

2.1 Account and Business Contact Data

When you register for an account, request a demo, or contact us, we may collect:

• Identity Information: Name, email address, phone number
• Professional Information: Company name, job title, department
• Account Credentials: Username and password (passwords are stored using one-way hashing; we do not have access to your plaintext password)

2.2 Tenant and Account Identifiers

Each customer organization is assigned a unique tenant identifier. Tenant identifiers are used to enforce data isolation, apply tenant-specific configurations, and route requests to appropriate resources. These identifiers do not contain personal information.

2.3 Endpoint and Device Information

When the QuickSecure endpoint agent is deployed on a device, we may collect device-level information necessary to provide the security service:

• Device Identifiers: Machine name, hardware identifiers, operating system version
• Network Context: IP address, network interface metadata
• Agent Metadata: Agent version, deployment mode, configuration state

2.4 Security Telemetry and Event Data

To detect and respond to security threats, the QuickSecure agent and cloud platform may collect and process:

• Process and File Metadata: Process names, file paths, file hashes, command-line arguments, and execution context — used for threat classification
• Security Events: Alerts, detections, containment actions, and their outcomes
• ETW (Event Tracing for Windows) Data: System-level event traces used as input for local ML inference
• Network Activity Metadata: Connection metadata (source, destination, protocol) relevant to threat detection — not packet content

Security telemetry is processed for the purpose of providing the contracted security service and is not used for advertising, profiling, or unrelated commercial purposes.

2.5 Model Performance and Governance Data

Corxor operates an ML governance framework that includes model versioning, canary validation, drift monitoring, and retraining evaluation. In connection with these activities, we may collect:

• Inference Metrics: Prediction scores, confidence levels, inference latency
• Drift Statistics: Population Stability Index (PSI) and related distributional metrics
• Model Metadata: Model version, deployment stage (canary, production, rollback), signature verification status

This data is used to maintain detection quality, identify model degradation, and support responsible ML operations. It does not contain personal information in identifiable form.

2.6 Audit and Operational Logs

We maintain audit logs of security-relevant operations, including authentication events, configuration changes, administrative actions, and agent lifecycle events. These logs support security investigations, regulatory compliance, and service integrity.

2.7 Payment Information

If you purchase a subscription, payment is processed through Stripe. We do not store credit card numbers or full payment details on our servers. Stripe's handling of payment data is governed by Stripe's Privacy Policy.

2.8 Support and Communications Data

When you contact us for support, submit a form, or communicate with us by email, we collect the content of those communications and any attachments, along with metadata such as timestamps and sender information.

2.9 Website Usage and Cookies

When you visit corxor.com, we may collect standard web analytics data including IP address, browser type, pages visited, and referral source. For details on cookies and similar technologies, see our Cookie Policy.

3. How We Use Your Information

We process the data described above for the following purposes:

• Service Delivery: To provide, operate, and maintain the QuickSecure platform, including endpoint protection, threat detection, and security event processing
• Security Detection and Containment: To identify potential threats, classify security events, and — depending on configured operating mode — take containment or remediation actions
• Product Integrity and Abuse Prevention: To protect the platform from misuse, detect unauthorized access attempts, and maintain service stability
• ML Model Governance: To monitor model performance, detect drift, validate canary deployments, and support retraining decisions
• Account Management: To create and manage accounts, process subscriptions, and administer tenant configurations
• Troubleshooting and Support: To diagnose issues, respond to support requests, and improve the Services
• Communications: To send technical notices, security alerts, product updates, and support-related messages
• Marketing: To send promotional communications where you have opted in or where permitted by applicable law; you may opt out at any time
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests

4. How We Share Your Information

We do not sell personal information. We may share data in the following circumstances:

4.1 Service Providers (Sub-processors)

We engage third-party service providers to support the delivery of our Services. These providers are contractually required to protect your data and use it only for the purposes we specify. Current categories include:

• Cloud Infrastructure: Hosting and compute services (AWS)
• Payment Processing: Subscription billing (Stripe)
• Email Delivery: Transactional and notification emails (AWS WorkMail)
• Threat Intelligence Feeds: Third-party threat data sources used to enhance detection accuracy

4.2 Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will provide notice before your data becomes subject to a materially different privacy policy.

4.3 Legal Obligations

We may disclose information when we believe in good faith that disclosure is necessary to comply with applicable law, respond to a valid legal process, or protect the rights, property, or safety of Corxor, our customers, or the public.

4.4 With Your Consent

We may share information for other purposes with your explicit consent.

5. Data Security

We implement technical and organizational measures designed to protect data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Multi-tenant data isolation at the application and database layers
• Role-based access controls and least-privilege principles
• Audit logging of security-relevant administrative actions
• Regular security assessments
• Automated encrypted backups with tested restoration procedures

No security measures are perfect or impenetrable. While we apply commercially reasonable safeguards, we cannot guarantee that unauthorized access, data loss, or security breaches will never occur.

6. Data Retention

We retain data only as long as necessary for the purposes described in this policy, or as required by applicable law. Retention periods vary by data category:

• Account Data: Retained for the duration of your account and a reasonable period thereafter for legal and administrative purposes
• Security Telemetry: Retained according to configurable retention policies, typically aligned with your organization's requirements and applicable regulatory obligations
• Audit Logs: Retained for the period required by applicable regulations or your service agreement
• Payment Records: Retained as required by tax and accounting regulations
• Support Communications: Retained for a reasonable period to support ongoing service delivery

When data is no longer required, we securely delete or anonymize it.

7. Your Privacy Rights

Depending on your jurisdiction and applicable data protection laws (including the GDPR, KVKK, and similar frameworks), you may have the following rights:

7.1 Access and Portability

You may request access to the personal information we hold about you and, where applicable, receive a copy in a structured, commonly used format.

7.2 Correction

You may request correction of inaccurate or incomplete personal information.

7.3 Deletion

You may request deletion of your personal information. Certain data may be exempt from deletion where retention is necessary for legal compliance, security purposes, or the performance of the contract.

7.4 Restriction of Processing

You may request that we restrict processing of your personal information under certain circumstances.

7.5 Objection

You may object to the processing of your personal information for direct marketing purposes or on grounds relating to your particular situation.

7.6 Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, contact us at info@corxor.com. We will respond within 30 days or such shorter period as required by applicable law.

8. International Data Transfers

Corxor operates infrastructure in multiple jurisdictions. Your data may be transferred to and processed in countries other than your country of residence, which may have different data protection standards.

Where required by applicable law, we rely on appropriate transfer mechanisms, which may include:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions for destination countries
• Other lawful transfer mechanisms as appropriate

9. Children's Privacy

The Services are designed for business and professional use and are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us at info@corxor.com and we will promptly delete such information.

10. Third-Party Links

The Services may contain links to third-party websites or services not operated by Corxor. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing any personal information.

11. Updates to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by:

• Posting the updated policy on our website with a revised "Last Updated" date
• Email notification for significant changes (where we have your contact information)

Continued use of the Services after a change becomes effective constitutes acceptance of the revised policy.

12. Contact Us