# Privacy Policy **Last Updated:** November 25, 2025 *** ## What is CortexShield? CortexShield is a Chrome extension that blocks ads and rewards you with points. Connect your wallet, block ads, earn points that can be exchanged for $CORTEX tokens on BASE blockchain. *** ## Important Disclaimers ### Beta Program & Token Rewards **CortexShield is currently in beta/early access.** * **Points are tracked** and accumulate as you block ads (100 ads = 1 point) * **Token claiming will be available** when the CortexShield Dashboard goes live * **Token rewards are planned but not guaranteed** → Points represent a potential claim on future $CORTEX tokens, subject to: * Final tokenomics and conversion ratios (TBD) * Regulatory compliance requirements * Continued project development * Technical implementation and audits **No Purchase Necessary**: CortexShield is free. You are not purchasing tokens. You are earning points through ad blocking that may be exchangeable for $CORTEX tokens when claiming becomes available. **No Guaranteed Value**: Points have no inherent monetary value. Future $CORTEX tokens may fluctuate in value or have no monetary value. **Use at Your Own Risk**: By using CortexShield, you acknowledge that token rewards are aspirational. We make no representations or guarantees about future token value, liquidity, conversion ratios, or claiming availability. **Right to Modify**: We reserve the right to modify the points system, conversion ratios, token distribution, or program terms with reasonable notice to users. **No Investment Advice**: Nothing in CortexShield constitutes financial, investment, or tax advice. Consult professionals for guidance. *** ## What Data We Collect **We collect the minimum data necessary to provide the service:** ### 1. **Wallet Address** Your public EVM wallet address (e.g., `0x1234...abcd`) **Why**: Required to track your points and enable token claiming **Privacy impact**: Low (wallet addresses are public blockchain data) *** ### 2. **Points Balance** Total points you've earned from blocking ads **Why**: Required to track your rewards **Privacy impact**: None (just a number, no browsing data) *** ### 3. **Blocked Ad Count** How many ads you've blocked (100 ads = 1 point) **Why**: Display statistics in the extension **Privacy impact**: None (cumulative count only) *** ### 4. **Block History** (Local Only) Which ad domains were blocked (e.g., `doubleclick.net`, `googlesyndication.com`) **Why**: Show per-domain breakdown in Block History tab **Storage**: **Local device only** (never uploaded to cloud) **Privacy impact**: Low (stays on your device) *** ### 5. **Extension Settings** (Local Only) Whether ad blocking is enabled or disabled **Why**: Remember your preferences **Storage**: **Local device only** (never uploaded to cloud) **Privacy impact**: None (device-specific preference) *** ### 6. **Website Whitelist** (Local Only) Sites where you've chosen to allow ads **Why**: Remember which sites you want to support **Storage**: **Local device only** (never uploaded to cloud) **Privacy impact**: Low (stays on your device) *** ## What We DON'T Collect ### ❌ **Browsing History** We **never** track which websites you visit. **How we enforce this**: Extension doesn't have permissions to access browsing history. Code doesn't track navigation events. *** ### ❌ **Personal Information** No names, emails, phone numbers, or physical addresses. **How we enforce this**: No sign-up form. Wallet address is the only identifier. *** ### ❌ **Private Keys** We **never** have access to your wallet's private keys. **How we enforce this**: Extension only accepts wallet address (pasted text). No signature required in extension. *** ### ❌ **Page Content** We don't read or store the content of pages you visit. **How we enforce this**: Extension doesn't have `` read permission. Content scripts only inject CSS. *** ### ❌ **Device Fingerprinting** We don't collect device identifiers, screen size, fonts, or other fingerprinting data. **How we enforce this**: No fingerprinting scripts. No analytics that track devices. *** ## How We Use Your Data ### What We Do * **Track your rewards** → Link points to your wallet address * **Show statistics** → Display how many ads you've blocked * **Enable multi-device sync** → Same wallet = same points across devices * **Process token claims** → Convert points to $CORTEX tokens (when claiming goes live) ### What We DON'T Do * ❌ **Sell your data** → We don't sell data to advertisers or brokers * ❌ **Profile you** → We don't build user profiles or analyze behavior * ❌ **Track your activity** → We don't monitor which sites you visit *** ## Where Your Data is Stored ### On Your Device (Local Storage) **Stored in `local storage`:** * Wallet address * Total points * Blocked ad count * Block history (per-domain breakdown) * Website whitelist * Extension settings (toggle state) **Persistence**: Until you clear it or uninstall the extension *** ### In the Cloud (cloud storage) **Stored in points table:** * Wallet address * Total points * Last sync timestamp **Important**: Your browsing history and which sites you've blocked stay **LOCAL ONLY** and are **never** uploaded to the cloud. **Encryption**: Data encrypted in transit (TLS) and at rest (AES-256) *** ## Third-Party Services ### cloud storage (Database) **What we share**: Wallet address, total points, last sync timestamp **Why**: Cloud storage for multi-device sync **Their privacy policy**: [supabase.com/privacy](https://supabase.com/privacy) **Encryption**: All data encrypted in transit and at rest *** ### Base Network **What's on-chain**: $CORTEX token claims (when you claim tokens, transaction recorded on BASE blockchain) **Privacy note**: Blockchain data is public. Anyone can see wallet balances and transactions on Base. *** ### MetaMask (Wallet Provider) **Usage**: Optional. Used for claiming tokens (not required in extension). **What we share**: Nothing. MetaMask runs locally in your browser. **Their privacy policy**: [metamask.io/privacy.html](https://metamask.io/privacy.html) *** ## Your Rights ### 1. **Disconnect Your Wallet** **How**: Extension → Home tab → Click "Disconnect Wallet" **Effect**: * Stops syncing points to cloud * Keeps local data (points, history, settings) * Cloud data remains (not deleted) *** ### 2. **Clear Browsing Data** **How**: Extension → Settings tab → Click "Clear Browsing Data" **Effect**: * ✅ Deletes block history (local) * ✅ Deletes whitelist (local) * ❌ Keeps wallet address * ❌ Keeps total points (local + cloud) **Use case**: Fresh start on tracking, but keep your rewards *** ### 3. **Delete All Your Data** **How**: Extension → Settings tab → "Clear All My Data" (red button) **Effect**: * ✅ Deletes all local data * ✅ Deletes cloud data (wallet + points removed from cloud storage) * ✅ Disconnects wallet * ✅ Resets extension to factory state **Warning**: This action is **permanent** and **cannot be undone**. Your points will be **lost forever**. *** ### 4. **Export Your Data** (Future) **Planned**: Export wallet + points to JSON or CSV **Status**: Not implemented yet (coming soon) *** ## Data Security ### Encryption * **In transit**: All data sent via HTTPS/TLS (encrypted) * **At rest**: cloud storage encrypts cloud storage with AES-256 * **Result**: Your data is protected from interception and breaches *** ### Access Control **Security measures in place:** We use strict access controls to ensure users can only access their own data. Each user's points are tied to their wallet address, and our security system prevents unauthorized access to other users' information. **Result**: Even if someone gains access to our storage systems, they can only see their own data, never anyone else's. *** ### Private Keys **We never ask for private keys.** If anyone claiming to be CortexShield asks for your private keys, it's a scam. **Legitimate flow**: Paste wallet address in extension (no signature). Sign message in dashboard when claiming (proves ownership). *** ## Data Retention ### Local Data **Retention**: Until you manually delete or uninstall extension **Browser actions that delete local data**: * Uninstalling CortexShield * Chrome's "Clear browsing data" (if extension storage selected) * Manual deletion via Settings *** ### Cloud Data **Retention**: Indefinite (until you manually delete) **Automatic deletion**: Data may be deleted after **2+ years of inactivity** (no syncs, no claims) **Manual deletion**: Settings → "Clear All My Data" (permanent) *** ## Data Breaches **What we'll do if a breach occurs:** 1. **Immediate notification** → Email users (if we have emails) or post on website/X 2. **Disclosure** → Explain what data was accessed 3. **Mitigation** → Reset affected accounts, invalidate tokens if necessary 4. **Prevention** → Fix vulnerability, conduct security audit **What's at risk if our cloud storage leaks:** * ✅ Wallet addresses (public data anyway, low risk) * ✅ Points (just numbers, low value to attackers) * ❌ Browsing history (never stored, can't leak) *** ## Children's Privacy **CortexShield is not intended for users under 18.** We don't knowingly collect data from minors. If you're a parent and believe your child provided data to us, contact us and we'll delete it. *** ## International Users **CortexShield is available globally** (Chrome Web Store permitting). **Data storage**: cloud storage servers (location varies by cloud storage deployment) **Your rights**: Same as above (access, deletion, export) *** ## Updates to This Policy **We may update this privacy policy occasionally.** **When we do:** * "Last Updated" date at the top will change * Material changes will be announced on website/X * Continued use of extension = acceptance of new policy **How to stay informed**: Check this page periodically or follow us on X for announcements. *** ## Contact Us **Questions about privacy or your data?** **Email**: **Website**: **Chrome Extension**: **Response time**: Within 7 days for privacy-related inquiries *** ## Legal Compliance ### Data Protection Laws **We comply with:** * Data minimization principles (only collect what's needed) * User rights (access, deletion, portability) * Transparency (clear privacy policy) **We don't track, so compliance is simple**: No user profiling, no cross-site tracking, no consent fatigue. *** ## Summary (TL;DR) **What we collect**: * ✅ Wallet address + total points (synced to cloud) * ✅ Block history + whitelist (local only, never synced) **What we DON'T collect**: * ❌ Browsing history (never tracked) * ❌ Personal info (no sign-up required) * ❌ Private keys (never asked) **Your rights**: * ✅ Delete your data anytime (Settings → "Clear All My Data") * ✅ Disconnect wallet anytime (stops cloud sync) * ✅ Use extension without wallet (local-only mode) **Privacy promise**: We don't track where you browse. We can't sell what we don't collect. Your privacy is protected by design. *** **End of Privacy Policy** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cortexshield.gitbook.io/cortexshield-docs/privacy-and-security/privacy-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.