CapabilitiesIntegrationsDocsCatalogPricing
Sign In
Start research

Start

Docs homeChoose the right setup path.Getting startedFirst session, files, briefs, and presentations.

Product

WorkspaceChat, experiments, split panes, and artifacts.Library filesUpload and reuse PDFs, CSVs, docs, and datasets.BriefsCited, scannable research documents.PresentationsTemplated, cited stakeholder decks.DashboardsInteractive, filterable analytics views.

Admin

OrganizationsTeams, billing, roles, and account setup.Security & privacyKeys, stored data, revocation, and privacy posture.

Developers

Developer APIOpenAI-compatible and native agent endpoints.MCP serverUse Cortexa inside Claude, Cursor, Codex, and more.IntegrationsSlack, MCP, API keys, and connected workflows.Tool catalogExplore verified research tools and sources.

Documentation

Docs homeGetting startedWorkspaceLibrary filesBriefsPresentationsDashboardsOrganizationsSecurity & privacyDeveloper APIMCP serverIntegrationsTool catalog
Documentation

Security, privacy & compliance

How Cortexa handles account access, API keys, your research data, encryption, deletion, and regulated data.

Manage API keys
cortexa-research-prod
Created Mar 14 · Last used 41s ago
Active
Secret
sk-cortexa-l••••••••••••••••••••

We store only a SHA-256 hash. Rotating revokes the previous key everywhere it was used — instantly.

Recent traffic
cortexa_research·Cursor (MCP · stdio)41s
/v1/chat/completions·OpenAI SDK3m
cortexa_research·Claude Desktop (MCP)8m

Account access

Sign in with Google or email + password. Passwords are stored only as salted hashes, and sign-in/sign-up are rate-limited to resist abuse.
Private by default
Your sessions and files are visible only to you — sharing is opt-in, per item.
No training on your data
Cortexa does not use your research content or files to train models.

API keys

Keys authenticate the OpenAI-compatible API, native agent streaming, and MCP traffic. The value is shown once; Cortexa stores only a hash.

Revocation is shared

Revoking a key disables it everywhere — API clients, MCP desktop configs, remote MCP clients, and any automation using that token. Name keys per client or environment so you can revoke precisely.

Your research data

It's easiest to reason about the model by separating source material, generated artifacts, and operational metadata.
Uploaded files
Private to you unless you explicitly share them with an org workspace.
Generated outputs
Briefs, decks, analysis, and citations follow the same visibility rules.
Usage metadata
Enough to support billing, abuse prevention, debugging, and admin visibility.
Research disclaimer
Research context only — not medical, legal, financial, or regulatory advice.

Encryption & deletion

Your data is encrypted in transit and at rest, and you can delete your account on your own terms.
Encryption
TLS 1.2+ in transit; encrypted at rest.
Delete your account
Schedule deletion in Settings → Account; erased within 30 days after a recovery window.
What deletion removes
Cascades across sessions, files, artifacts, usage, and payment identifiers.

Compliance & regulated data

What Cortexa offers today — stated plainly, with no over-claiming.
HIPAA / PHI
Not HIPAA-covered by default. No PHI without a BAA; de-identify for research.
GDPR & CCPA
Data-subject rights incl. access and deletion — support@cortexa.sh.
Enterprise reviews
Security reviews, a BAA, or compliance questions: contact support.

See also

Full legal terms live in our Privacy Policy and Terms of Service.
Cortexa.

The agent for research teams. 2.2K+ verified tools across every research discipline, every claim cited.

Product

  • Capabilities
  • Integrations
  • Documentation
  • Tool catalog
  • Pricing

Get started

  • Launch the agent
  • Sign in
  • Developer API
  • MCP server

Support

  • Help center
  • Contact us
  • Terms of Service
  • Privacy Policy

© 2026 Cortexa. All rights reserved.

TermsPrivacy·For research context only · Not medical, legal, or financial advice.