CortexBit

Legal

Privacy Policy

Last updated: 26 June 2026

1. Overview

CortexBit Limited ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This policy explains what data we collect, how we use it, and what choices you have.

We operate in compliance with the Singapore Personal Data Protection Act (PDPA), the Hong Kong Personal Data (Privacy) Ordinance (PDPO), and the Malaysia Personal Data Protection Act. Singapore serves as our primary data processing region due to its balanced regulatory framework.

2. How data collection works

Our data practices operate in two stages. The level of protection and the scope of data processing depend on which features you use.

Browsing this website

  • Basic analytics (page views, session duration, approximate location by country)
  • Contact form submissions (name, email, company, message content)
  • Cookie data (see Cookie Policy)

We collect minimal data to operate the website and respond to inquiries. No personalization, no profiling, no third-party data sharing.

Using memory and dialogue features

  • Conversation content between you and AI characters
  • Memory associations formed during your interactions (runtime layer)
  • Voice messages, photos, and videos you share
  • Account credentials and preferences

These features process personal data under Singapore PDPA, Hong Kong PDPO, and Malaysia PDPA. Enhanced protections apply from the moment you activate these features.

3. When enhanced data protections apply

Enhanced personal data protections under Singapore PDPA and applicable regional laws take effect from the moment you activate or use memory and dialogue features. This includes:

  • Starting a conversation with an AI character
  • Creating an account that stores interaction history
  • Sending voice messages, photos, or videos to a character
  • Any feature where the system forms memories from your interactions

Before that point, browsing this website and submitting the contact form involves only basic, minimal data processing necessary for website operation.

4. Three layers of memory in our system

Understanding how memory works in CortexBit products is essential for understanding your privacy rights. Our system maintains three strictly separated layers of memory, each with a different legal status and ownership model:

Your Personal Data

Layer 1: User Runtime Memory

Memory formed during your personal interactions with a character. This may include messages, episodes, preferences, facts, vector representations, and graph connections associated with your account or session. This memory is used to personalize your interactions with the character.

  • Messages and episodes — what you and the character discussed
  • Vector representations — semantic embeddings of your interactions
  • Graph connections — entities and relationships formed from your conversations
  • Preferences and facts — what the character learned about you specifically

This is your personal data.You can view, correct, delete, and export this memory at any time through the product interface. Deleting your runtime memory removes your personal data without affecting the character's configuration or general knowledge.

Service Configuration

Layer 2: Character Configuration Memory

The character's basic identity, personality parameters, behavioral rules, scenario constraints, and domain knowledge. This is authored and editorial content used to ensure stable, consistent character behavior across all interactions.

  • Personality definition and behavioral parameters
  • Scenario rules and domain knowledge boundaries
  • Communication style and interaction guidelines

This layer is part of the service. It does not contain personal data of any specific user. We do not transfer your personal data into character configuration memory without your separate, explicit consent.

De-identified

Layer 3: Aggregated and Synthetic Experience

To improve characters and build general experience structures, we may use aggregated, de-identified, or synthetically generated data. This layer is formed through:

  • Simulation environments — synthetic scenarios and interaction patterns generated to develop character behavior and memory graph structures
  • Aggregated patterns — generalized, depersonalized interaction trends that cannot be linked to any individual user
  • Authored content — editorially created knowledge and experience added by our team

We do not transfer personal conversations, identifying facts, or user-attributable data from runtime memory into this layer. If data cannot be reliably de-identified, it remains in the user's runtime memory (Layer 1) and is never incorporated into shared character experience.

Key principle: User runtime memory (Layer 1) is never mixed with character configuration (Layer 2) or aggregated experience (Layer 3). Only authored, synthetic, aggregated, or reliably de-identified structures enter the shared character layers. Your personal data stays under your control.

5. Legal basis for processing

We process personal data (your runtime memory, Layer 1) based on:

  • Consent: You explicitly agree to data collection when using memory and dialogue features.
  • Contractual necessity: Processing required to deliver the personalized services you requested.
  • Legitimate interests: Operating and securing our services, preventing abuse.
  • Legal obligation: Compliance with applicable laws and regulations.

Character configuration (Layer 2) and aggregated experience (Layer 3) do not constitute personal data. They are composed of authored content, synthetic simulation data, and reliably de-identified or aggregated structures that cannot be linked to an individual user.

6. Data storage and transfer

Your runtime memory is stored and processed primarily in Singapore. We do not transfer personal data to jurisdictions with inadequate data protection without your consent or appropriate safeguards in place.

We retain your runtime memory for the lifetime of your account unless you request deletion. You may delete all or part of your runtime memory at any time without affecting the character's core identity.

7. Your control over runtime memory

Our Associative Memory Service (AMS) gives you direct, granular control over your personal data stored in the runtime memory layer:

Search

Find specific entities, facts, and memory structures formed during your interactions.

Inspect

Review exactly what a character remembers about you, your preferences, and your shared history.

Edit

Correct inaccurate memories, update outdated information, or remove specific associations.

Delete

Remove individual memories, specific associations, or your entire runtime memory. The character's identity is not affected.

All memory operations are logged with a full audit trail. When you delete runtime memory, it is permanently removed. It is not used for any other purpose before deletion.

8. What we never do with your data

No telemetry on conversations

We do not monitor, log, or analyze the content of your conversations for analytics, metrics, or internal insights. What you say to a character stays between you and that character's runtime memory.

No training on your data

Your conversations, runtime memory, voice messages, photos, and interaction data are never used to train, fine-tune, or improve our AI models. Character experience is developed through simulation environments, authored content, and reliably de-identified aggregated patterns, never from identifiable user data.

No selling or sharing data

We do not sell, rent, license, or share your personal data or runtime memory content to any third party. Not to advertisers, not to data brokers, not to research partners. Your data is yours.

No cross-product tracking

Runtime memory is isolated per product and per user. What a character learns about you in MatchTalk does not transfer to TalkOver or any other product unless you explicitly carry the same character across products.

These are not configurable preferences. They are architectural commitments built into how our systems are designed and operated.

9. Your rights

Under Singapore PDPA and applicable laws, you have the following rights regarding your personal data (runtime memory):

Access

Request a copy of the personal data we hold about you, including memory structures formed during your interactions.

Correction

Ask us to correct inaccurate personal data stored in your runtime memory, or correct it yourself through memory control tools.

Deletion

Request deletion of your runtime memory in part or in full, without affecting the character's core identity or bootstrap knowledge.

Withdraw consent

Withdraw consent for data processing at any time. This may affect functionality of memory and dialogue features.

Data portability

Request your runtime memory data in a structured, machine-readable format.

Lodge a complaint

File a complaint with the Personal Data Protection Commission (PDPC) of Singapore or the relevant authority in your jurisdiction.

To exercise any of these rights, contact us atwscb@cortexbit.ai. We respond to all requests within 30 days.

10. Security measures

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit and at rest, access controls, and regular security assessments. Runtime memory is isolated per user and per product, with no cross-tenant data leakage.

11. Children's privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to this policy

We may update this policy as our services evolve. We will notify users of material changes via email or in-app notification at least 30 days before the changes take effect.

13. Contact us

For privacy questions or data requests:

CortexBit Limited

Unit 1603, 16th Floor, The L. Plaza

367-375 Queen's Road Central, Sheung Wan, Hong Kong SAR

wscb@cortexbit.ai