Privacy Policy

Thank you for your interest in 2Fifteen Tech. We value your trust and are committed to protecting your privacy. This Privacy Policy outlines how we collect, use, and safeguard your personal information when you interact with our website and services. By accessing or using our website, the Cortex platform, or supplying your personal information through any of our data collection forms, you agree to the terms of this Privacy Policy.

1. Scope of This Policy

This Privacy Policy applies to:

• 215.tech - Our marketing website, including the blog, service pages, and contact forms.
• Cortex (cortex.2fifteen.io) - Our AI-powered business platform that provides AI agents, document management, and related services to our customers and their authorized users.
• IT managed services - Services we provide to our customers including device management, support, and consulting.

Where data practices differ between these services, we note the distinction below.

2. Information We Collect

2.1 Marketing Website (215.tech)

We only collect personally identifiable information that you voluntarily provide through our contact forms or when you reach out to us directly. This may include:

• Name, email address, phone number, and company name
• Any other information you choose to include in a message to us

2.2 Cortex Platform

When you use the Cortex platform, we collect and process the following categories of information:

Account and Identity Data

• Email address, name, and profile image (provided via your identity provider)
• Organization name and email domain
• Account role (administrator or standard user)
• Authentication data from your identity provider (Google Workspace, Microsoft, or passkey credentials)

User-Generated Content

• Chat conversations with AI agents (your messages and AI-generated responses)
• Documents you upload (PDFs, Word documents, images, audio files)
• AI-generated content such as transcripts, summaries, and images created at your request
• URLs you submit for content ingestion

Usage and Billing Data

• AI model usage (which models you use and token consumption)
• Feature usage (which agents and tools you interact with)
• Timestamps and session metadata

Directory Sync Data

If your organization uses Directory Sync (such as Google Workspace, Okta, or Microsoft Entra ID), we receive user directory information from your identity provider to automatically provision and manage user accounts. This may include names, email addresses, and group memberships as configured by your organization's administrator.

2.3 IT Managed Services

When you are a managed services customer, we may also collect device inventory information, support ticket details, and other technical data necessary to deliver IT management and support services as outlined in your service agreement.

3. How We Use Your Information

We use the information we collect to:

• Respond to your inquiries and service requests
• Provide, operate, and maintain the Cortex platform and its AI-powered features
• Process your documents and conversations through AI models to deliver the services you request
• Generate usage reports and calculate billing for your organization
• Provision and manage user accounts through directory synchronization
• Send service-related communications, including email delivery of AI-generated content when you request it
• Monitor and improve the reliability, security, and performance of our services
• Deliver IT management and support services under your service agreement

4. AI Processing and Third-Party Models

The Cortex platform uses third-party AI models to provide its services. When you interact with AI agents, your messages and any documents you reference may be sent to one or more of the following AI model providers for processing:

• Anthropic (Claude models)
• OpenAI (GPT models, text embeddings)
• Google (Gemini models, including speech-to-text transcription)
• OpenRouter (unified access to additional AI models)

Additionally, documents you upload may be processed by:

• FireCrawl - For document parsing (extracting text from PDFs and other file formats) and website content retrieval
• OpenAI Embeddings - To create searchable vector representations of your documents, enabling AI agents to find and reference relevant information from your uploaded content

We do not use your content to train our own AI models. Your conversations and documents belong to your organization.

5. Sub-Processors and Service Providers

We use the following third-party service providers to operate our services. Each provider only receives data necessary to perform their specific function:

6. Data Storage and Security

6.1 Where Your Data Is Stored

Cortex platform data is stored using United States-based infrastructure providers, including Cloudflare (application hosting and file storage), Neon (database), and Upstash (vector search). Your data may be processed at edge locations globally as part of normal service delivery through Cloudflare's network.

6.2 Security Measures

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of API keys and service credentials at rest
• HTTPS encryption for all data in transit
• Multi-tenant data isolation (each customer's data is logically separated)
• Role-based access controls within the platform
• JWT-based authentication with secure, HttpOnly refresh tokens
• Rate limiting on authentication endpoints

No data transmission over the internet is 100% secure. While we implement strong security practices, we cannot guarantee absolute security.

7. Cookies and Analytics

7.1 Marketing Website (215.tech)

We use Fathom Analytics for basic, anonymous website analytics. Fathom does not track you, does not use cookies for tracking, and does not collect any personally identifiable information. It simply tells us which pages are popular and helps us understand how visitors use our site.

Our website works perfectly fine with cookies blocked. We never use cookies to track or identify individual users, and we never sell or share any analytics data.

7.2 Cortex Platform

The Cortex platform uses the following cookies and local storage:

• Authentication cookie - A secure, HttpOnly cookie containing your refresh token, used to keep you signed in. This cookie is essential for the service to function and expires after 7 days of inactivity.

We use Sentry for error monitoring on the Cortex platform. Sentry collects technical error data and limited browser environment information to help us identify and fix bugs. Personally identifiable information collection is disabled in our Sentry configuration. Sentry may record anonymized session replays when errors occur to help us diagnose issues.

8. Data Retention

We retain your data as follows:

• Marketing website contact submissions - Retained only as long as necessary to respond to your inquiry, then deleted.
• Cortex account data - Retained for the duration of your organization's active account. When an account is closed, we will delete your data within 90 days unless required by law to retain it.
• Chat conversations and documents - Retained for the duration of your organization's active account. You or your organization's administrator may delete individual conversations and documents at any time.
• Usage logs - Retained for billing and service improvement purposes for up to 24 months.
• Error logs (Sentry) - Automatically expire per Sentry's data retention policies (typically 90 days).

9. Disclosure of Information

We do not sell or trade your personal information. We do not collect, trade, or sell information from website visitors who are not customers.

We share information with the sub-processors listed in Section 5 solely to operate and deliver our services. Each provider only receives the minimum data necessary to perform their function.

We may also disclose information when required to comply with legal requirements, enforce our policies, or protect our rights, property, or safety.

10. Your Rights and Choices

You have the right to:

• Access your personal data stored by us
• Correct inaccurate personal data
• Delete your personal data (subject to legal and contractual obligations)
• Export your data in a portable format upon request
• Withdraw consent for optional data processing activities

For Cortex platform users, you can delete your own chat sessions and uploaded documents at any time through the platform interface. For account-level changes or data export requests, contact your organization's administrator or reach out to us directly.

To exercise any of these rights, please contact us using the information provided at the end of this policy. We will respond to your request within 30 days.

11. SMS Policy for Support Desk

If you provide your phone number for our support desk, we will only use it for technical support and service-related communications. We do not use SMS numbers or consent from the support desk for any marketing materials. Your phone number and text message consent will not be shared with any third parties.

12. Meeting and Call Recordings

At 2Fifteen Tech, we may record meetings and calls with clients and partners for internal purposes. This section outlines our practices regarding these recordings:

12.1 Recording Practice

• All meetings or calls may be recorded by default unless specifically requested otherwise prior to the meeting.
• These recordings are used internally for note-taking, training, and service improvement purposes.

12.2 Data Usage and Sharing

• Meeting or call recordings are strictly for internal use within 2Fifteen Tech.
• We do not share, sell, or distribute these recordings to external parties.
• The content of these recordings is treated with the same level of confidentiality as all other client information.

12.3 Retention and Deletion

• Meeting or call recordings are stored securely in our internal systems.
• Upon written request specifically identifying the meeting in question, we will delete the recording of that meeting or call.
• To request deletion, please contact us using the information provided at the end of this policy.

12.4 Notification

• This privacy policy serves as notification of our recording practices.
• If you wish to opt out of recording for a specific meeting, please notify us before the meeting begins.

13. Children's Privacy

Our website and services are not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will promptly delete such information.

14. Third-Party Links

Our website and platform may contain links to third-party websites and services. This Privacy Policy only applies to our own services. We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of those sites before providing any personal information.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The updated version will be posted on our website with the effective date. For material changes that significantly affect how we handle your data, we will make reasonable efforts to notify affected users. We encourage you to review the Privacy Policy periodically for any changes.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the information we hold about you, please contact us at:

Email: privacy@215.tech

Thank you for trusting 2Fifteen Tech with your technology needs. We take your privacy seriously.