← Back to Home

Summary: We respect your privacy. We collect only what we need to operate our products, protect what we collect on Canadian infrastructure, and never sell your personal information to third parties. Your data is subject to Canadian law — not the US CLOUD Act.

01 Introduction

Fortress Technologies Hub Inc. ("we," "our," or "us") is a federally incorporated Canadian technology company based in Toronto, Ontario. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our websites, products, and services — including CoreMind (coremindx.ai) and API Fortress (api-fortress.fortresstechnologieshub.com), as well as our corporate website at fortresstechnologieshub.com (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

This Privacy Policy applies to all users of our Services, including visitors, registered users, subscribers, and enterprise clients. It does not apply to third-party websites or services linked to or integrated with our Services.

02 Canadian Data Sovereignty

Data Location: Fortress Technologies Hub is proudly built and operated in Canada. All user data, account information, and product data across our Services is stored and processed on servers located exclusively within Canada.

No CLOUD Act Exposure: As a Canadian company operating on Canadian-owned infrastructure, your data is not subject to the US CLOUD Act or any foreign surveillance legislation. The US government cannot compel us to hand over data stored on our systems.

Canadian Jurisdiction: Your data is governed by Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

Infrastructure: Our primary hosting, including AI model inference, databases, voice processing, embeddings, and all core product data, runs on Canadian-owned servers located in Canada. Our commitment to Canadian data sovereignty drives every infrastructure decision we make.

Limited Third-Party Processing: Certain narrow third-party services may process limited data in other jurisdictions. Specifically, payment processing for CoreMind subscriptions is handled by Stripe (which may process payment data in the United States), and image and video generation requests on CoreMind are processed by third-party AI generation providers operating under their own privacy policies. These are the only exceptions, and they are fully disclosed in Section 6 of this Policy.

03 Information We Collect

3.1 Corporate Website Visitors

When you visit fortresstechnologieshub.com, we automatically collect basic usage data including browser type, device type, pages visited, time spent, and referring URLs. We use self-hosted analytics on Canadian infrastructure. We do not use third-party advertising trackers or cross-site tracking cookies.

3.2 CoreMind Users

CoreMind

3.3 API Fortress Enterprise Clients

API Fortress

API Fortress is a B2B enterprise API security platform. It does not process, store, or handle your end users' personal data. The only information we collect from enterprise clients is what is necessary to operate the security service:

Security scan data (WAF logs, RASP events, endpoint reports) consists of technical security metadata — not personal data. This data is stored exclusively on our Canadian servers and is accessible only to your authorized team through your dashboard.

API Fortress does not collect, access, or process the personal data of your end users. It operates at the API layer to detect and block threats, not to inspect or retain underlying business data passing through your APIs.

Payment: API Fortress is a B2B service billed via bank transfer or e-transfer directly to Fortress Technologies Hub. No third-party payment processor is involved.

04 How We Use Your Information

We use the information we collect only for the following purposes:

We do not use your data for advertising, profiling for sale to third parties, or any purpose not listed above.

05 AI Memory and Personalization (CoreMind)

CoreMind

CoreMind may use conversation history and context to provide personalized responses and remember information across sessions ("Memory"). This feature is designed to improve your experience by remembering your preferences, providing contextually relevant responses, and reducing the need to repeat information.

Your Control Over Memory:

No AI Training on Your Data: We do not use your conversations, prompts, or outputs to train our AI models without your explicit consent. Your data is used solely to provide the Service to you.

06 Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following limited circumstances:

6.1 Service Providers

6.2 Legal Requirements

We may disclose your information if required to do so by Canadian law, or in response to valid requests by Canadian public authorities, including to meet national security or law enforcement requirements. As a Canadian company on Canadian infrastructure, we are not subject to US government data requests.

6.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.

6.4 With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so.

07 Data Storage and Security

Data Location: All user data across our Services is stored on secure servers located exclusively in Canada. We do not store personal data outside of Canada, with the narrow exception of payment processing via Stripe as disclosed in Section 6.

Security Measures: We implement industry-standard security measures to protect your data, including:

No Guarantee: While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

08 Data Retention

We retain your personal data for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements.

Retention Periods:

Account Deletion (CoreMind): When you delete your account using the "Forget Me" feature, your personal data will be permanently deleted within 30 days, except where retention is required by law.

09 Cookies and Tracking Technologies

We use cookies and similar technologies on our websites for the following purposes:

We do not use third-party advertising cookies, cross-site tracking cookies, or any analytics tools that send your data to US-based analytics providers.

Cookie Control: You can control cookies through your browser settings. Disabling essential cookies may affect your ability to use certain features of our Services.

10 Your Rights and Choices

As a Canadian company, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). Under PIPEDA and applicable privacy legislation, you have the right to:

To exercise any of these rights, please contact us at [email protected] or use the relevant features in your account settings. We will respond within 30 days, or as required by applicable law.

European Users (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the GDPR, including the right to lodge a complaint with your local data protection authority. We process your data based on: (a) your consent, (b) performance of our contract with you, (c) compliance with legal obligations, and (d) our legitimate interests in providing and improving the Services.

California Residents (CCPA)

If you are a California resident, you have the right to know what personal information is collected, the right to delete your data, and the right to opt out of the sale of personal information. We do not sell your personal data. To exercise your rights, contact us at [email protected].

11 International Data Transfers

As a Canadian company committed to data sovereignty, we store and process all user data in Canada. The only instances where limited data may be processed outside Canada are:

In both cases, only the minimum data necessary for the specific function is shared. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable Canadian privacy laws.

All other data — including your account data, conversations, memories, API Fortress security data, and all core product data — never leaves Canada.

12 Children's Privacy

Our Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected]. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information as quickly as possible.

13 Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page, send an email notification to registered users where applicable, and display a prominent notice within the relevant Service.

Your continued use of our Services after any changes indicates your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

14 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Fortress Technologies Hub Inc.
Suite 2500, 1 Dundas Street West
Toronto, Ontario M5G 1Z3, Canada

Privacy Inquiries: [email protected]
General: [email protected]
Phone: +1 (604) 358-1469