Privacy Policy

Last updated: January 1, 2026

This privacy policy (hereinafter: the "Privacy Policy") applies to the way in which we, Deep Cortex Ltd. (hereinafter: "Deep Cortex", "we", "our" or "us"), use personal information (as defined below) that is collected, received or stored by us about individuals regarding the use of the website: deepcortex.ai including sub-domains of this site, and their contents and/or the Deep Cortex platform/ Deep Cortex application (hereinafter collectively: the "Site"/"Platform"/"Application").

1. Introduction

This Privacy Policy is implemented because we, as the controller of the database, recognize the importance of privacy. This Privacy Policy details how we manage personal information that will be collected during your visit to the Site/Platform/use of the Application, and the choices you can make regarding how this information will be collected.

2. What is personal information?

"Information" or "personal information" as defined in the Privacy Protection Law, 5741-1981 (hereinafter: the "Privacy Protection Law") including information relating to an identified person or an identifiable person, including by means of an identifying detail such as name, ID number, biometric identifier, location data, online identifier, or one or more details relating to a person's physical, health, economic, social or cultural condition.

3. Consent and Changes

You are not under any legal obligation to provide us with information about yourself, and the provision of information is done of your own free will. However, if you decide not to provide certain information, we may not be able to provide you with services or some of them, for example, ordering a product will not be possible without providing the necessary details for placing the order.

By using the Site, you agree to the terms of our Privacy Policy, and to any collection, processing and sharing of your personal information, for the purposes detailed below. If you do not agree to the terms of this Privacy Policy, please do not enter or make any use of our Site. We reserve the right, at our discretion, to change this Privacy Policy at any time.

4. Type of Personal Information Collected that is Directly Provided by You and Purposes of its Use

Currently, general information available on the Site can be accessed without providing personal information. However, we receive or collect information from you in the following ways:

4.1. Contact Details

When contacting us, by sending an online form that we will make available to you, by sending an email to the email address displayed on the Site, or any other means within the Site and the system, you may be asked to provide us with certain information such as first name, email address, phone number, ID number, files you choose to attach and the content of the inquiry, in order for us to handle your inquiry and contact you, including when leaving messages, if necessary. If you do not provide the required information, we will not be able to handle your inquiry and we will not be able to contact you.

4.2. Contact and Payment Details

When purchasing products, you will be asked to provide us with your full name, ID number, email, mobile phone, payment details and shipping address (if required). We note that in accordance with the PCI standard, payment details are not stored with us, and we do not make any use of them except for the purpose of processing the payment. Refusal to provide such details will prevent us from providing you with online product purchase services. However, it will be possible to purchase various products in person.

4.3. Social Networks

We use social networks and other tools such as WhatsApp and Instagram to provide customer service, respond to your inquiries, and improve the services we offer. Any inquiry to us made through such networks and tools will additionally be subject to the privacy policy and terms of use of that social network.

5. Type of Personal Information Collected by Us that is Not Directly Provided by You and Purposes of its Use

5.1. Recorded Calls

Calls with us are recorded for control purposes, service management and legal defense. Therefore, if you contact us or we contact you by telephone, following the submission of your details on the Site or in general, remember that the call may be recorded and the personal details you provide during the call may be stored by us for the purposes detailed in this policy.

5.2. Log Files

We may use log files. The information appearing in the log files includes IP address, browser type, date/time stamp, referring/exit pages, filtering actions, clicks and any other information that may be provided to us from your browser. We may use such information for the purpose of analyzing trends, managing the Site and system, tracking visitor traffic on the Site and system, and for collecting demographic information.

5.3. Cookies and Other Tracking Technologies

As part of the services, we may use "cookies", anonymous identification files and other tracking technologies, for information security purposes, as well as to enable us to provide our services, present you with personalized information and improve the user experience when using the services. A "cookie" is a small text file used, for example, to collect information about activity on the Site and system, save user preferences and authenticate. Certain cookies and other technologies may be used to retrieve personal information, such as IP address.

When you first visit our Site, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies, specifically analytics and preference cookies. Essential cookies that are necessary for the Site to function properly are always active and do not require consent.

Your consent preferences are stored locally in your browser's local storage (not on our servers) for 365 days. After this period, you will be asked for your consent again. You can change your cookie preferences at any time by clicking the "Manage Cookies" link in the footer of our Site.

Most browsers allow you to control cookies, including whether to approve them or not and how to remove them. You can set most browsers to notify you if you want to approve a cookie, or you can block cookies in your browser. Please note that blocking essential cookies may affect the functionality of the Site.

5.4. Mobile Device Data

We may collect limited information from the device for operational purposes. Such information may include the type of device, device identification (ID), date and time stamps of use of the Site and system, browser type, browser language, date and time of your request and the requested URL. We may also use location-based technology to help us collect aggregate statistical data, but we will not use personal information that can identify you for these purposes.

5.5. Third-Party Analytics Tools

The Site may use third-party analytics tools to collect information about the use of the Site for the purpose of improving user experience and Site performance. These analytics tools collect information such as:

• How often users visit the Site
• Which pages they visit and in what order
• Which sites users accessed before entering the Site
• General location information (country/city level)
• Device and browser information
• Time spent on different pages

We use the information received from these analytics tools solely to maintain and improve the Site and our services. We do not use this information for marketing purposes. We do not combine the information collected through analytics tools with personally identifiable information unless necessary for service improvement.

The collection of analytics data is subject to your cookie consent preferences, which you can manage through our cookie consent banner or the "Manage Cookies" link in our footer. When you reject non-essential cookies, analytics tracking will not be activated.

These third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify. The ability of these third parties to use the information is governed by their own privacy policies and terms of service.

6. For What Purposes We Collect the Information

In addition to the purposes of use detailed above, we may use personal information collected by us as detailed above, also in the following ways and for the following purposes:

1. To provide you with services, including products you have purchased.
2. For the purpose of contacting you, including when leaving messages.
3. In order to improve the Site and its performance, according to its purposes.
4. For the purpose of handling your requests of any kind and responding to inquiries and complaints.
5. For the purpose of securing information on the Site and complying with legal provisions.
6. For the purpose of defense in legal proceedings.
7. For the purpose of sending information and advertisements regarding our services to the email address you provided us or through a call from our representative to your phone. You may request at any time to stop receiving such information and content as stated above by clicking on an unsubscribe link or by sending an unsubscribe request to the email: privacy@deepcortex.ai
8. For analytics purposes to understand how users interact with our Site, track usage patterns, and improve user experience and Site performance. We do not use analytics data for marketing purposes.

6A. Google User Data & Gmail Read-Only Access

When you connect your Gmail account, NuFlow accesses Gmail data via Google's OAuth 2.0 framework and the Gmail API. We only request the gmail.readonly scope, which allows us to view—but not modify—your Gmail messages and settings.

How we use Gmail data:

• Detect incoming or existing emails that trigger user-defined workflows.
• Extract message metadata or content fields (e.g., sender, subject, date, key text) required to execute automations.
• Display relevant email data inside your workspace.

We never:

• Use Gmail data to send, delete, or draft emails.
• Sell or share Gmail data with third parties.
• Use Gmail data for advertising or training AI models.

Security & storage:

• Gmail-derived data (metadata and parsed content) is stored on Amazon Web Services (AWS) with encryption in transit (TLS 1.2+) and at rest (AES-256).
• OAuth tokens are encrypted, stored with least-privilege access, and never stored in plain text.

Compliance:

We adhere to the Google API Services User Data Policy, including the Limited Use policy. Gmail data is used only to provide or improve NuFlow's user-facing features.

Subprocessors:

Gmail data is processed and stored on AWS (United States). We do not transfer Gmail data to other subprocessors without necessity or user consent.

Revoking access:

You may revoke Gmail access at any time via your Google Account settings: https://myaccount.google.com/permissions

7. How We Share Personal Information

Apart from the above, we will not transfer the information you have provided to us to third parties, except in the following cases:

1. To service providers on our behalf, who assist us in our activities, including business operation system providers, electronic mailing system providers, and call recording system providers;
2. In the event of a violation of the terms of use or this Privacy Policy or if you perform through the Site, actions that appear to be contrary to law, or an attempt to perform such actions;
3. In the event of any dispute, claim, lawsuit, demand or legal proceedings, if any, between you and us;
4. In any case where we believe that the disclosure of the information is necessary to prevent bodily harm or property damage (to you or to a third party) or in connection with an investigation into suspicions of illegal acts;
5. In the event that we are required by law to transfer your personal details and information collected about your activity on the Site to third parties, including if we receive a judicial order directing us to provide your details or information about you to a third party or in response to a request from a law enforcement authority or other governmental or public authority;
6. In the event that we are acquired by a third-party company or merge with a third-party company.

In certain cases, third parties to whom information will be transferred as stated in this section above, will be outside of Israel, including in the USA. You hereby agree that information relating to you will be transferred and stored outside the borders of the country, in accordance with the provisions of the law and for the purposes presented above.

8. Information Security

We implement systems and procedures for information security on the Site. While these systems and procedures reduce the risks of unauthorized intrusion into our computers, they do not provide absolute security. Therefore, although we strive to use acceptable and reasonable means to protect your personal information, we do not guarantee that the Site will be absolutely immune from unauthorized access to the information stored in it. If you have any questions regarding security in the service or regarding confidentiality, you can contact us at the email address: privacy@deepcortex.com

9. Privacy Protection Officer

The Privacy Protection Officer (DPO) in our company is available and can be contacted by email at privacy@deepcortex.com.

10. Children's Privacy

The use of the Site is not intended for children under the age of 13. If you are a minor aged 13-18, you must obtain the consent of your legal guardian before using the Site. However, there may be cases where access to the Site and services is provided through a device operated by minors and personal information regarding them may be collected by us as a result. In such a case, you hereby confirm that as the legal guardian of the minor, you agree to the collection, use and transfer of personal information regarding the minor in accordance with this Privacy Policy.

11. Your Rights and Protection of Your Privacy

Deep Cortex Ltd. is the controller of the database containing the information detailed in this policy. We respect your right to privacy and are interested in keeping only required, up-to-date and accurate information.

You have the right to:

• Review information about you that we hold
• Request correction or deletion of information that is incorrect, incomplete, unclear or out-of-date
• Request a copy of your cookie consent preferences (stored locally in your browser)
• Withdraw your consent for non-essential cookies at any time using the "Manage Cookies" link in our footer

Please note that your cookie consent preferences are stored locally in your browser and not on our servers. If you clear your browser data or use a different browser/device, you will need to set your cookie preferences again.

For any questions regarding your privacy or to exercise your rights, please contact us by sending an email to privacy@deepcortex.ai. We will respond to your request within 30 days in accordance with the Privacy Protection Law, 5741-1981 and the Privacy Protection Regulations (Conditions for Reviewing Information and Appeal Procedures on Refusal to Request for Review), 5741-1981.

12. Data Deletion & Revocation (Google OAuth / Gmail)

If you disconnect Gmail or delete your Deep Cortex account, we will permanently delete Gmail-related data from our systems within 7 days. Parsed Gmail data kept for operations or debugging is retained only as long as necessary and typically no longer than 30 days.

• After revocation (via Google Account Permissions), we stop all new Gmail data collection immediately.
• Deletion scope includes stored message metadata, parsed content used in automations, and OAuth tokens.
• You can request confirmation of deletion by emailing privacy@deepcortex.ai.

This section applies specifically to data obtained through Google OAuth and the Gmail API and should be read together with Sections 6, 8, and 11 of this Privacy Policy.