Privacy Policy

1. Data controller

Cormsor LLC (Wyoming, USA), as the "Data Controller", determines the purposes, methods, and retention periods of personal data processed via cormsor.ai. Address: 30 N Gould St Ste R, Sheridan, WY 82801, USA.

Data subjects may exercise their rights under GDPR (EU/EEA), NDPR (Nigeria), POPIA (South Africa), DPA 2019 (Kenya), and other applicable laws by writing to [email protected].

2. Data we collect

2.1. Account data (Sign in with Google)

• Google account ID, email address, display name, profile photo URL
• Session token, login IP address, User-Agent

2.2. Usage data

• Prompts you submit, contents of files you upload, responses you receive
• Model used, token counts, latency
• IP address (for quota enforcement and anti-abuse, retained for 90 days)

3. Purposes of processing

• Providing the service (generating AI responses, file analysis)
• Account security and abuse prevention
• Enforcing usage limits and quotas
• Product improvement (anonymous / aggregate statistics)
• Compliance with legal obligations

4. Processing & infrastructure

Your data is hosted and processed on secure servers in Europe (within the EU data-protection regime / GDPR scope). Cross-border transfers to AI providers (mostly US-based) are made under standard contractual clauses or equivalent safeguards.

To produce AI responses, your prompts and uploaded contents are forwarded to third-party AI infrastructure providers under enterprise contracts. These providers do not use your data to train their own models and, by contract, retain it solely for response generation; retention periods are typically 30 days or less, governed by each provider's policy.

The specific identities of infrastructure partners are not publicly disclosed for operational confidentiality. Where lawful judicial requests are issued, the necessary transparency is provided to competent authorities.

5. Retention periods

6. Your rights

Depending on the applicable law to you, you may have the following rights:

• GDPR (EU/EEA, UK): access (Art. 15), rectification (16), erasure (17), restriction (18), portability (20), objection (21), and the right to lodge a complaint with a supervisory authority.
• NDPR + Nigeria Data Protection Act 2023: access, rectification, erasure, objection, portability, and complaint to the Nigeria Data Protection Commission (NDPC).
• POPIA (South Africa): access, correction, deletion, objection, and complaint to the Information Regulator (South Africa).
• DPA 2019 (Kenya): access, rectification, erasure, objection, portability, and complaint to the Office of the Data Protection Commissioner (ODPC).
• CCPA / CPRA (California, USA): right to know, delete, correct, and opt out of the sale/sharing of personal information (we do not sell personal information).

To exercise any of these rights, write to [email protected]. Requests are answered within 30 days.

7. International transfers

Cormsor AI is a global service. To deliver responses, your inputs are transferred to AI providers operating mainly in the United States, the European Union, and the United Kingdom. We rely on:

• Standard Contractual Clauses (EU Commission)
• UK International Data Transfer Addendum
• NDPC-approved cross-border transfer mechanisms (Nigeria)
• POPIA section 72 conditions (South Africa)
• Adequacy / safeguards under DPA 2019 (Kenya)

8. Cookies

Strictly necessary cookies (session, quota): cor_s (login token), cor_anon (anonymous user identifier). Preference cookies: language and UI settings. We do not use third-party analytics or advertising cookies.

9. Children

The service is not designed for users under 13. For users between 13 and 18, parental/guardian consent is presumed. We do not knowingly collect data from children under 13; if you believe such data has been collected, contact us and we will delete it.

10. Changes

This policy may be updated. Material changes are emailed to the address tied to your account. Continued use of the service constitutes acceptance of the current policy.

11. Contact

For any privacy questions: [email protected]