PRIVACY POLICY
Last updated March 12, 2025
This Privacy Policy for Cortado, Inc. (“we,” “us,” or “our”), describes how and why we might access, collect, store, use, and/or share (“process”) your personal information when you use our services (“Services”), including when you:
Visit our website at https://cortado-ai.com, our related apps, or any website of ours that links to this Privacy Policy
Use Cortado AI. An AI-powered application used by rental managers to automatically respond to and engage with their guests and residents.
Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at support@cortado-ai.com.
SUMMARY OF KEY POINTS
This summary provides key points from our Privacy Policy, but you can find out more details about any of these topics by using our Table of Contents below to find the in-depth section you are looking for.
What personal information do we process?
When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.
Do we process any sensitive personal information?
Some of the information may be considered “special” or “sensitive” in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. We do not process sensitive personal information except for the use of financial data in relation to your payment for any of our services.
Do we collect any information from third parties?
We may collect information from public databases, marketing partners, social media platforms, and other outside sources.
How do we process your information?
We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.
In what situations and with which parties do we share personal information?
We may share information in specific situations and with specific third parties.
How do we keep your information safe?
We have adequate organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.
What are your rights?
Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.
How do you exercise your rights?
The easiest way to exercise your rights is by contacting us at support@cortado-ai.com. We will consider and act upon any request in accordance with applicable data protection laws.
Want to learn more about what we do with any information we collect? Review this Privacy Policy in full.
TABLE OF CONTENTS
WHAT INFORMATION DO WE COLLECT?
HOW DO WE PROCESS YOUR INFORMATION?
WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
HOW DO WE HANDLE YOUR SOCIAL LOGINS?
HOW LONG DO WE KEEP YOUR INFORMATION?
HOW DO WE KEEP YOUR INFORMATION SAFE?
DO WE COLLECT INFORMATION FROM MINORS?
WHAT ARE YOUR PRIVACY RIGHTS?
CONTROLS FOR DO-NOT-TRACK FEATURES
DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
DO WE MAKE UPDATES TO THIS POLICY?
HOW CAN YOU CONTACT US ABOUT THIS POLICY?
HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
1) WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
names
phone numbers
email addresses
mailing addresses
job titles
usernames
passwords
contact preferences
contact or authentication data
billing addresses
debit/credit card numbers
Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we may process financial data related to your account with us for the purpose of processing and releasing payments.
Payment Data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number and the security code associated with your payment instrument. All payment data is handled and stored by Stripe. You may find their privacy policy link(s) here: https://stripe.com/privacy.
Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, like your Facebook, X, or other social media account. If you choose to register in this way, we will collect certain profile information about you from the social media provider, as described in the section called “HOW DO WE HANDLE YOUR SOCIAL LOGINS?” below.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
Information automatically collected
In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies. You can find out more about this in our Cookie Policy: https://cortado-ai.com/cookies.
The information we collect includes:
Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings, and information about your activity in the Services (such as date/time stamps, pages and files viewed, searches, and other actions you take, such as which features you use), as well as device event information (such as system activity, error reports, and hardware settings).
Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
Location Data. We collect location data such as information about your device’s location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your device’s location setting. However, if you choose to opt out, you may not be able to use certain aspects of the Services.
Google API.
Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Information collected from other sources
In Short: We may collect limited data from public databases, marketing partners, social media platforms, and other outside sources.
In order to enhance our ability to provide relevant marketing, offers, and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, social media platforms, and other third parties. This information includes mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, social media profiles and URLs, and custom profiles for purposes of targeted advertising and event promotion.
If you interact with us on a social media platform using your social media account (e.g., Facebook or X), we receive personal information about you from such platforms such as your name, email address, and gender. You may have the right to withdraw your consent to processing your personal information. Learn more about withdrawing your consent. Any personal information that we collect from your social media account depends on your social media account’s privacy settings. Please note that the use of your information by the social media provider is not governed by this Privacy Policy.
2) HOW DO WE PROCESS YOUR INFORMATION?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, ensure security and prevent fraud, and to comply with the law. We may also process your information for other purposes with your consent.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
To facilitate account creation and authentication and otherwise manage user accounts.
To deliver and facilitate the delivery of services to you.
To respond to user inquiries and offer support.
To send administrative information to you, such as details about our products and services or changes to our terms and policies.
To fulfill and manage your orders, payments, returns, and exchanges.
To request feedback regarding your use of our Services.
To send you marketing and promotional communications (in accordance with your preferences).
To deliver targeted advertising by developing and displaying personalized content based on your interests and location (see our Cookie Policy for more details).
To post testimonials that may contain personal information.
To protect our Services through fraud monitoring and prevention.
To evaluate and improve our Services, products, marketing, and your experience.
To identify usage trends and determine the effectiveness of our marketing and promotional campaigns.
To comply with our legal obligations, respond to legal requests, and defend our legal rights.
3) WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
In Short: We only process your personal information when we believe it is necessary and have a valid legal reason (i.e., legal basis) to do so under applicable law—whether based on your consent, to comply with laws, to provide you with services, to fulfill contractual obligations, to protect your rights, or to further our legitimate business interests.
If you are located in Canada, this section applies to you.
We may process your information if you have given us specific permission (express consent) or where consent can be inferred (implied consent). You can withdraw your consent at any time.
In some exceptional cases, we may be legally permitted to process your information without your consent, including but not limited to:
When collection is in the interests of an individual and consent cannot be obtained in a timely way
For investigations and fraud detection and prevention
For business transactions, provided certain conditions are met
When necessary to assess, process, or settle an insurance claim
For identifying injured, ill, or deceased persons and communicating with next of kin
When there are reasonable grounds to suspect financial abuse
If disclosure is required by a subpoena, warrant, court order, or similar legal process
When the information is produced in the course of employment or for journalistic, artistic, or literary purposes
When the information is publicly available and specified by regulations
4) WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
In Short: We may share your personal information in specific situations and with certain third parties.
We may need to share or transfer your information in connection with business transfers, such as mergers, sales of company assets, financing, or acquisitions.
5) DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
In Short: We may use cookies and other tracking technologies to collect and store your information.
We may use cookies and similar tracking technologies (e.g., web beacons and pixels) to gather information when you interact with our Services. These technologies help us maintain the security of our Services, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.
We also permit third parties and service providers to use tracking technologies on our Services for analytics and advertising. These technologies may be used to display and tailor advertisements to your interests or send abandoned shopping cart reminders, depending on your communication preferences. If such tracking is considered a “sale” or “sharing” under applicable US state laws, you can opt out by following the process outlined in section 13 below.
Specific details on our use of tracking technologies and how to refuse certain cookies are provided in our Cookie Policy: https://cortado-ai.com/cookies.
Google Analytics
We may share your information with Google Analytics to track and analyze the use of our Services. The features we may use include remarketing, display network impressions reporting, and demographics and interests reporting. To opt out of Google Analytics tracking across our Services, please visit https://tools.google.com/dlpage/gaoptout or use other opt-out mechanisms available.
6) DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
In Short: We offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies.
As part of our Services, we offer AI Products to enhance your experience and provide innovative solutions. These include, but are not limited to, AI bots, AI automation, natural language processing, AI translation, AI document generation, AI search, AI predictive analytics, and image analysis.
Use of AI Technologies
We provide these AI Products through third-party service providers (e.g., AWS AI, OpenAI, Anthropic). When you use our AI Products, your input, output, and personal information may be shared with and processed by these providers to enable the functionality of these tools. You must not use the AI Products in any way that violates the terms or policies of any AI service provider.
7) HOW DO WE HANDLE YOUR SOCIAL LOGINS?
In Short: If you register or log in using a social media account, we may access certain information about you from that provider.
Our Services allow you to register or log in using your third-party social media account (such as Facebook or X). If you choose to do so, we will receive certain profile information from the social media provider. This information may include your name, email address, friends list, profile picture, and any other data you choose to make public.
We will use this information solely for the purposes described in this Privacy Policy. Please note that we do not control and are not responsible for how your social media provider uses your personal information; we encourage you to review their privacy policies.
8) HOW LONG DO WE KEEP YOUR INFORMATION?
In Short: We retain your personal information only as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
We will keep your personal information only for as long as it is necessary for the purposes set out in this Privacy Policy. If no longer required, we will delete or anonymize your personal information, or, if deletion is not possible (for example, if the information is stored in backup archives), we will securely store and isolate it until deletion is possible.
9) HOW DO WE KEEP YOUR INFORMATION SAFE?
In Short: We implement a combination of organizational and technical security measures to protect your personal information.
We have implemented appropriate and reasonable technical and organizational security measures to safeguard any personal information we process. However, no transmission or storage method is 100% secure, so we cannot guarantee that hackers or other unauthorized third parties will never be able to defeat our security measures. Please use our Services only in a secure environment.
10) DO WE COLLECT INFORMATION FROM MINORS?
In Short: We do not knowingly collect data from or market to children under the age of 18.
We do not knowingly collect, solicit, or market to children under 18, nor do we knowingly sell their personal information. By using our Services, you represent that you are at least 18 or that you are the parent or guardian of a minor and consent to their use of the Services. If we learn that personal information from children under 18 has been collected, we will take reasonable steps to delete such data promptly. If you believe that we may have collected data from a child under 18, please contact us at harry@cortado-ai.com.
11) WHAT ARE YOUR PRIVACY RIGHTS?
In Short: Depending on your location, you have rights regarding your personal information, including the right to review, change, or terminate your account.
In some regions (for example, Canada), you have certain rights under applicable data protection laws. These may include the right to: • Request access to a copy of your personal information
Request rectification or erasure of your personal information
Request restriction of processing
Data portability
Not be subject to automated decision-making
You can exercise these rights by contacting us using the details provided in section 15 below.
Withdrawing your consent:
If we process your personal information based on consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing prior to the withdrawal.
Opting out of marketing communications:
You can unsubscribe from marketing communications by following the unsubscribe instructions in our emails or by contacting us. Even if you opt out, we may still send you service-related communications as necessary.
Account Information:
You may update your account settings or contact us to review or change your information, or even to terminate your account. If you request termination, we may retain some information to prevent fraud, troubleshoot issues, or comply with legal obligations.
For further details, please see our Cookie Policy: https://cortado-ai.com/cookies.
If you have questions about your privacy rights, please email us at support@cortado-ai.com.
12) CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems and applications offer a Do-Not-Track (“DNT”) feature. However, because no uniform standard for DNT signals has been finalized, we do not currently respond to DNT browser signals or any similar mechanism. If a standard is adopted in the future that we must follow, we will update this Privacy Policy accordingly.
California law requires that we explain our response to DNT signals. As there is no industry or legal standard in place, we currently do not respond to DNT signals.
13) DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: U.S. residents from certain states (including California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia) may have additional rights regarding access to and control over their personal information.
Categories of Personal Information We Collect
Over the past 12 months, we have collected the following categories of personal information:
A. Identifiers:
Contact details such as real name, alias, postal address, telephone or mobile number, unique personal identifier, online identifier, IP address, email address, and account name.
Collected: YESB. Personal information as defined in the California Customer Records statute:
Name, contact information, education, employment, employment history, and financial information.
Collected: NOC. Protected classification characteristics:
Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data.
Collected: NOD. Commercial information:
Transaction information, purchase history, financial details, and payment information.
Collected: NOE. Biometric information:
Fingerprints and voiceprints.
Collected: NOF. Internet or other similar network activity:
Browsing history, search history, online behavior, interest data, and interactions with websites and applications.
Collected: NOG. Geolocation data:
Device location.
Collected: NOH. Audio, electronic, sensory, or similar information:
Images and audio, video or call recordings created in connection with our business activities.
Collected: NOI. Professional or employment-related information:
Business contact details, job title, work history, and professional qualifications if you apply for a job with us.
Collected: NOJ. Education Information:
Student records and directory information.
Collected: NOK. Inferences drawn from collected personal information:
Information used to create a profile or summary about an individual’s preferences and characteristics.
Collected: NOL. Sensitive personal Information:
Collected: NO
We may also collect additional personal information when you interact with us in person, online, by phone, or by mail (for example, through customer support, surveys, or contests).
We will use and retain the collected personal information as needed to provide the Services or for:
• Category A – as long as the user has an account with us
• Category H – as long as the user has an account with us
Sources of Personal Information:
Learn more about the sources of personal information we collect in section 1.
How We Use and Share Personal Information:
Learn more in section 2.
Will your information be shared with anyone else?
We may disclose your personal information with our service providers under a written contract. Learn more in section 4.
We have not sold or shared personal information for business or commercial purposes in the past 12 months.
Your Rights:
You have rights under certain U.S. state data protection laws, which include the right to know whether we are processing your data, to access and correct your data, to request deletion, and to obtain a copy of your data. You also have the right to non-discrimination for exercising these rights. Additional rights may be available depending on your state.
14) DO WE MAKE UPDATES TO THIS POLICY?
In Short: Yes, we may update this Privacy Policy as needed to remain compliant with applicable laws.
We may update this Privacy Policy periodically. An updated “Revised” date will appear at the top of the policy when changes are made. If material changes occur, we may notify you by posting a policy or by directly sending you a notification. We encourage you to review this policy frequently.
15) HOW CAN YOU CONTACT US ABOUT THIS POLICY?
If you have questions or comments about this policy, you may contact our Data Protection Officer (DPO) by:
Email: harry@cortado-ai.com
Phone: +1 202 470 3780
Mail:
Cortado, Inc.
Data Protection Officer
8 THE GREEN STE B
DOVER, DE 19901-3618
United States
16) HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
Based on the applicable laws of your country or state of residence, you may have the right to request access to, review, update, or delete your personal information, or to withdraw your consent to our processing of your personal information. To make such a request, please contact us at support@cortado-ai.com.