Version: 2026-03-01

Personal and tenant data is processed to operate planning workflows.

Security logs are retained for abuse prevention and incident response.

Data export and deletion controls are available to authorized tenant admins.

By using the platform, you acknowledge this policy version.

The public marketing website records first-party aggregate traffic for the page path, hourly time bucket, coarse referrer source, coarse browser/device category, and a daily HMAC visitor signal used only to count daily unique visitors and maintain daily/site-level rollups. Corta does not use third-party analytics, marketing tracking cookies, raw IP retention, or fingerprinting for this measurement; visitor signals are pruned after 35 days and aggregate hourly/daily counts after 400 days by default.

Registration requests are used for manual customer qualification, pre-contract contact, security, and abuse prevention before a tenant account is created.

If a request is denied or expires, Corta automatically minimizes the submitted personal details after the configured retention period unless a documented legal or security hold applies.

Registration requesters can exercise access, correction, erasure/minimization, restriction, objection, and complaint rights even if no user account was created.