Privacy Policy

Last updated June 2026

Cortova provides a CRM and sales-coaching platform at app.cortova.ai and a companion Chrome extension that surfaces matching CRM records inside Gmail and LinkedIn. This policy explains what we collect, how we use it, where it goes, and the controls you have.

If you only need the disclosures specific to the Chrome extension, jump to Cortova Chrome Extension.

Who we are

"Cortova," "we," "our," or "us" refers to Cortova Inc., the entity operating the Cortova service. Contact us at privacy@cortova.ai with any questions about this policy.

Information we collect

We collect only what's needed to deliver the service. Specifically:

From the website and product

  • Account information — name, work email, company, and password hash you provide on signup.
  • Customer records you enter — leads, contacts, companies, opportunities, activities, calls, emails, and notes. This is your data; you control it.
  • Usage data — pages viewed, features used, and basic telemetry (browser, OS, IP) for security, debugging, and aggregate product analytics.
  • Billing information — handled by Stripe; we never store full card numbers.

From the Cortova Chrome extension

  • Your Cortova API key and base URL — stored locally in your browser via chrome.storage.local so the extension can call your CRM. Never sent anywhere except your configured Cortova endpoint.
  • Contact identifiers on the page you are viewing — the sender's name and email address on the currently-open Gmail message, or the visible profile name and current company on a LinkedIn profile page. Used solely to look up the matching record in your Cortova CRM.
  • Nothing else. The extension does not read email bodies, attachments, message threads, browsing history, or any page content beyond the contact identifier listed above.

How we use information

  • To provide the Cortova service — show your CRM data, run sequences, send emails and SMS you've authorized, place calls through your connected Twilio number.
  • To support you when you contact us.
  • To detect, prevent, and respond to abuse, fraud, or security incidents.
  • To improve the product based on aggregate, de-identified usage patterns.
  • To send service announcements (rare) and, if you've opted in, occasional product updates.

Sharing and disclosure

We do not sell your data. We don't share it with third parties for advertising, profiling, retargeting, credit scoring, or any other purpose unrelated to delivering the Cortova service.

We share data with the following service providers strictly to operate the platform:

  • Microsoft Azure — hosting, database, storage.
  • Twilio — voice calls and SMS that you initiate or receive.
  • Anthropic and OpenAI — AI features (summarization, drafting, coaching). Only the specific record context you act on is sent, and providers are bound by zero-data-retention or equivalent contractual terms.
  • Stripe — billing.
  • Microsoft Graph and Google APIs — only when you connect your Office 365 or Google mailbox; we use those APIs to sync the email and calendar you've authorized.

We may disclose information when legally required (court order, lawful subpoena) and will notify you unless prohibited.

Data storage and security

Your customer records live in a tenant-isolated database scoped to your organization and are never visible to other tenants. We use TLS for data in transit, encryption at rest, role-based access controls, audit logging, and least-privilege production access.

Your rights

You can access, export, correct, or delete your account data at any time through the product, or by emailing privacy@cortova.ai. Cortova includes built-in tools at /Privacy inside the app for GDPR-style subject access and erasure requests on the records you hold.

Children

Cortova is a business product and is not directed to anyone under 18. We do not knowingly collect data from children.

International transfers

Cortova currently hosts data in Microsoft Azure regions in the United States. If you sign up from outside the U.S., you consent to your data being processed in the U.S.

Changes to this policy

We'll update this page when our practices change. The "Last updated" date at the top reflects the most recent change. For material changes, we'll also send an email to the address on file for your account.

Cortova Chrome Extension

This section covers the disclosures specific to our Chrome extension ("Cortova CRM" on the Chrome Web Store). It restates, in one place, what data the extension reads and how it's used.

Single purpose

To display the matching Cortova CRM lead or contact alongside an open Gmail message or LinkedIn profile, and to let you save new contacts to Cortova in one click.

What the extension reads

  • The sender's name and email address on the currently-open Gmail message.
  • The visible profile name and current company on a LinkedIn profile page (linkedin.com/in/… or linkedin.com/company/…).
  • Your Cortova CRM API key and base URL, which you paste into the extension's options page. These stay in chrome.storage.local on your device.

What the extension does NOT read

  • Email bodies, attachments, message threads, or labels in Gmail.
  • Any page content beyond the visible contact identifier listed above.
  • Your browsing history, bookmarks, tabs, or activity on other websites.
  • Cookies, form data, passwords, or anything outside the explicit identifier described.

Where the data goes

  • The contact identifier is sent only to your configured Cortova CRM API endpoint (default https://app.cortova.ai) to look up a matching record.
  • Nothing is sent to Cortova for purposes other than executing the lookup or lead-create you requested.
  • The extension does not send data to any third party.

Limited Use compliance

Cortova's use and transfer of information received from the Chrome extension's authorized APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements:

  • We do not sell or transfer data received from the extension to third parties for advertising, profiling, or unrelated purposes.
  • We do not use the data to determine creditworthiness or for lending purposes.
  • We do not allow humans to read the data unless we have your explicit consent, it's required for security or to comply with applicable law, or the data is aggregated and used for internal operations following privacy practices.

Contact

Questions, requests, or concerns? Email privacy@cortova.ai.