MyCorum.ai is committed to protecting your personal data. This policy explains what information we collect, how we use it, and what rights you have over it.
MyCorum.ai is operated by ECOEMIT SOLUTIONS SARL, a French limited liability company (SARL), trading as MyCorum.ai, acting as data controller. As a French entity offering services to EU users, we operate in full compliance with Regulation (EU) 2016/679 (GDPR). For data protection inquiries: [email protected]. See our Legal Information for full company details.
We do not use your deliberation content to train AI models. We do not sell your data to third parties.
| Category | What we collect | When |
|---|---|---|
| Account data | Email, name, authentication credentials (via Clerk) | At registration |
| Deliberation content | Questions and context you submit; Corum Synthesis outputs | Each deliberation |
| Uploaded documents | Files uploaded as deliberation context. Processed and indexed for semantic search. | When uploaded |
| Conversations | Chat messages with MyPilot, conversation metadata | Each message |
| Deliberation profile | AI-extracted profile: expertise level, decision style, domains, recurring blind spots (see Section 6) | After each deliberation |
| Usage data | Mode used, credit consumption, deliberation timestamps, session metadata | Continuously |
| Billing data | Payment method tokens (not full card numbers — via Stripe). Invoices and transaction history. | At payment |
| MCP & connector data | MCP server URLs, connected source metadata (Google Drive, GitHub, Slack, Notion, OneDrive). Encrypted OAuth tokens. | When configured |
| Technical data | IP address, browser type, OS, referring URL, error logs | Automatically |
We do not collect special categories of personal data (health, political opinions, biometric data) as part of our standard service.
| Purpose | Legal basis (GDPR) |
|---|---|
| Providing the deliberation service | Contract performance (Art. 6(1)(b)) |
| Processing payments and managing credits | Contract performance (Art. 6(1)(b)) |
| Sending transactional emails | Contract performance (Art. 6(1)(b)) |
| Personalizing AI responses based on deliberation profile | Legitimate interest (Art. 6(1)(f)) — you may object or disable in Settings |
| Analyzing aggregate usage to improve our service | Legitimate interest (Art. 6(1)(f)) — we do not use your data to train AI models |
| Security monitoring and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Sending product updates (optional) | Consent (Art. 6(1)(a)) |
When you submit a deliberation, your question and context are transmitted to selected AI model providers as part of the inference request. Each provider processes this data under their own terms. MyCorum.ai does not store raw model inputs beyond what is necessary to display your deliberation history.
Current AI providers include systems from major AI research organizations (OpenAI, Anthropic, Google, Mistral AI, and others via OpenRouter). Web search providers when research is enabled: Tavily, Brave Search, Exa. You can always see which providers were used in each deliberation result. Content is screened by our safety system including PII detection.
MyCorum.ai builds a deliberation profile based on your usage: expertise level, decision style, preferred analysis depth, domains of expertise, recurring blind spots. This profile personalizes subsequent AI responses. This profiling does not produce legal effects — you always make the final decision. You may object to profiling or disable profile personalization by contacting [email protected].
We share data only with sub-processors required to operate the platform. We do not sell data. We do not share data with advertisers.
| Sub-processor | Purpose | Location |
|---|---|---|
| Clerk | Authentication and identity management | USA (SCCs/DPF) |
| Supabase | Database and storage | EU (eu-west) |
| Railway | Backend hosting and compute | EU (europe-west4) |
| Vercel | Frontend hosting and CDN | Global edge (SCCs) |
| Stripe | Payment processing | USA (SCCs/DPF) |
| Sentry | Error tracking (anonymized) | USA (SCCs) |
| AI model providers | Deliberation inference (see Section 4) | Varies |
| Search providers | Web research for deliberations | USA (SCCs) |
SCCs = Standard Contractual Clauses (EU Commission Decision 2021/914). DPF = EU-US Data Privacy Framework.
For transfers outside the EEA, we rely on the EU-US Data Privacy Framework (for certified sub-processors) and/or Standard Contractual Clauses (Decision 2021/914). Technical safeguards include TLS 1.2+ encryption for all data in transit and contractual commitments that API data is not used for model training. You may request a copy of relevant SCCs at [email protected].
To exercise any right, contact [email protected]. We respond within 30 days. You may also lodge a complaint with the CNIL or your country's supervisory authority.
MyCorum.ai uses only strictly necessary cookies for authentication.
| Cookie | Purpose | Duration |
|---|---|---|
__session | Clerk authentication session token | Session |
__client_uat | Clerk client-side auth state | 1 year |
We do not use advertising cookies, third-party tracking pixels, or cross-site tracking. These cookies are strictly necessary and exempt from consent requirements under the ePrivacy Directive.
We implement appropriate technical and organizational measures: TLS encryption in transit; encryption at rest (Supabase managed); row-level security ensuring users access only their own data; API authentication via signed JWT tokens; content safety guardrails with PII detection; encrypted OAuth connector credentials (AES-128 + HMAC-SHA256); regular dependency audits.
In the event of a breach likely to risk your rights and freedoms, we will notify the CNIL within 72 hours (GDPR Art. 33). If the risk is high, we will notify you directly (Art. 34), including: nature of the breach, likely consequences, measures taken, and recommended steps for you.
MyCorum.ai is not directed at individuals under 18. We do not knowingly collect data from minors. To report a minor's account: [email protected].
We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users at least 14 days before they take effect.
Data Controller: ECOEMIT SOLUTIONS SARL, trading as MyCorum.ai
Privacy: [email protected]
General: [email protected]