Privacy Policy
Last updated: January 12, 2026
1. Who we are
Cortexeec S.A.S., with Tax ID 1793215847001 and domicile at Av. República del Salvador N36-140 and Suecia, Edificio Mansión Blanca, 8th floor, Suite 803, Quito, Ecuador, is responsible for the processing of personal data collected through the cortexeec.com website (hereinafter, the Platform).
2. Who this policy applies to
This policy applies to any natural person over 18 years of age, resident or not in Ecuador, who visits the Platform, completes the contact form, opens an investor account or interacts with our digital campaigns operated from Ecuadorian territory.
3. What data we process
We process: (i) identification data such as name, ID or passport number, address and date of birth; (ii) contact data such as email and phone number; (iii) financial data provided during the KYC and anti-money-laundering process; (iv) technical data about your device and web session; and (v) cookie preferences declared via Google Consent Mode v2.
4. Legal basis
Processing is carried out under the Ecuadorian Personal Data Protection Act (LOPDP), in force since 2021 and amended in 2025, and the specific rules issued by the Superintendencia de Compañías, Valores y Seguros for Collaborative Financing Platforms.
5. Why we use your data
Data is used to: execute the contractual relationship; comply with KYC, anti-money-laundering and counter-terrorism financing obligations; issue tax certificates for the SRI; send operational communications; measure advertising campaign performance with prior consent; and respond to requirements from competent authorities.
6. With whom we share data
We share information, under confidentiality and data processor agreements, with: Ecuadorian notaries and property registries; law firms that handle mortgage enforcement procedures; local financial entities that custody funds; cloud technology providers located in the United States and Brazil; and regulatory authorities when required by law.
7. Retention periods
We retain data for the duration of the contractual relationship and for a minimum of ten subsequent years, in accordance with article 50 of the General Regulation to the Securities Market Law. Cookie data is retained according to the chosen category and never beyond twelve months without renewed consent.
8. Your rights
You have the right to access, rectify, delete, object to, port and restrict the processing of your data, as well as not to be subject to individual automated decisions. You can exercise these rights by writing to privacidad@cortexeec.com with a copy of your ID document. We will respond within a maximum of fifteen business days.
9. Security measures
We apply encryption in transit and at rest, multi-factor authentication for internal staff, environment segregation and semi-annual technical audits performed by an external firm certified in ISO 27001.
10. Changes to this policy
Any material change will be communicated by email at least fifteen days before it takes effect. The current version will always be published on this page with the last update date.
11. Data Protection Officer contact
Our Data Protection Officer is Ing. Carolina Vélez Andrade, reachable at dpo@cortexeec.com or at the physical address indicated in section 1.