Privacy Policy

Last Updated: February 2026

At Oryxa Technologies, we believe in minimizing data retention and maximizing merchant control. This policy outlines how Cortex interacts with your connected systems and communication channels.

1. The Data We Access

To function autonomously, Cortex requires scoped access to your operational data. This is achieved via explicit OAuth 2.0 grants or API keys. We access:

  • Catalog & Inventory: Product details, variants, stock levels, and supplier data from connected channels (e.g., Shopify, WooCommerce).
  • Orders & Fulfillment: Order history, shipping addresses, and fulfillment status required to draft purchase orders or reroute shipments.
  • Communication & Messaging: Messaging logs, metadata, and user approvals generated within connected third-party platforms (e.g., Meta WhatsApp Business API, Telegram, Slack). This data is processed strictly to provide the Cortex operational service.

2. Specific Data Usage for Messaging Platforms

When you connect messaging platforms like WhatsApp (via the Meta Business API), Cortex processes messages and customer identifiers solely to execute commerce-related automation (e.g., order confirmations, stock alerts). We comply with all Platform Policies, including the Meta Business Tools Terms.

3. What We Do NOT Do With Your Data

  • We do not sell it: Your data is strictly used to run your instance of Cortex.
  • We do not aggregate it for third parties: We are an autonomous operations engine, not a data broker.
  • We do not bleed context: Your unique operational models and heuristics remain isolated. We do not use your proprietary pricing strategies to train models for your competitors.

4. The Role of LLMs

Cortex utilizes Large Language Models (LLMs) to parse unstructured commands (e.g., "Cancel the Nike PO") and reason about complex business contexts (e.g., matching a massive anomalous order).

When interacting with LLM providers (e.g., Google Gemini), data is transmitted via secure, enterprise-grade APIs. Data sent to these endpoints is explicitly excluded from the provider's consumer machine learning models.

5. Data Retention

Operational data (orders, inventory levels) is retained to allow the system to learn and forecast accurately. However, raw API request logs and transient webhook payloads are aggressively pruned to minimize our active attack surface.

If you disconnect a channel, the associated OAuth tokens are immediately destroyed. If you terminate your Cortex instance, your database context is permanently wiped within 30 days.

6. Data Deletion Instructions (Meta/WhatsApp Compliance)

In accordance with Meta Platform Policies, we provide a clear mechanism for users to request the deletion of their data.

Data Deletion URL: Users can initiate a deletion request by visiting our data management endpoint at https://oryxa.systems/legal/privacy#data-deletion or by following the instructions below.

Instructional Steps:

  1. Send an email to privacy@oryxa.in from your registered administrative email address.
  2. Use the subject line: "Data Deletion Request - [Your Organization Name]".
  3. Specify if you wish to delete specific channel data (e.g., only WhatsApp integration) or your entire Cortex account.

Upon receipt of your request, we will verify your identity, revoke all OAuth 2.0 tokens (for Meta, Shopify, etc.), and permanently purge all associated operational data from our production databases within 48 hours.

7. Cookies

We use strictly functional cookies to manage your authentication state and preferences. We do not use third-party tracking or advertising cookies.

8. Contact Information

Oryxa Technologies is the data controller for Cortex. If you have questions about this policy, please contact us at:

Email: privacy@oryxa.in