Effective date: May 1, 2026
Correx AI operates the Correx procurement audit platform at correx.ai. We provide software that helps businesses verify procurement spend, enforce contract terms, and surface billing errors. This privacy policy describes how we collect, use, and protect information when you visit our website or use our service.
For privacy questions, contact us at privacy@correx.ai.
From “Request a trial” submissions: When you submit a trial request form, we collect your email address, company name, and industry. We also automatically log your IP address and browser type for security and abuse prevention.
From account creation: When you accept a trial invitation, we collect your email, full name, and a password (stored in hashed form). We never see your password in plaintext.
From your use of Correx: When you upload procurement documents (invoices, contracts, payment receipts), we receive and process the content of those documents to verify pricing, validate contract terms, and surface findings.
From your browser: We use Microsoft Clarity to understand aggregate website usage patterns and improve usability. Sensitive form fields are masked.
We use collected information to:
We process information where necessary to provide the service, comply with legal obligations, protect security, or pursue legitimate business interests. We do not sell your personal information to third parties.
Customer retains all ownership rights to uploaded documents, extracted data, and generated findings. Correx processes this information solely to deliver the service. We do not claim rights to, license, or repurpose customer documents or findings except as necessary to operate, improve, and secure the service.
Correx may use anonymized and aggregated usage or document-derived metadata to improve the service, provided such data cannot reasonably identify the customer or its vendors.
To extract structured data from your uploaded documents (invoices, contracts, payment receipts), we use Anthropic’s Claude API. Document content including vendor names, dollar amounts, and contract terms is transmitted to Anthropic for processing. Anthropic does not use API inputs to train its models. See Anthropic’s data processing terms at https://www.anthropic.com/legal.
The verification logic that identifies findings runs on our own infrastructure against extracted data — no third-party AI service is involved at finding generation time.
Correx uses the following sub-processors to operate the service:
Information may be processed and stored in the United States. Each sub-processor is bound by its own terms of service and privacy commitments.
When you upload a document, we extract its text content and structured data, store those in our database, and then delete the original file from storage. Extracted text and structured data are retained for the duration of your account.
Pilot signup submissions are retained until you request deletion.
You can request deletion of your account and associated data at any time by emailing privacy@correx.ai. We will complete deletion within 60 days, except where retention is required by law.
Depending on where you live, you may have rights regarding your personal information, including:
To exercise any of these rights, email privacy@correx.ai. We will respond within the timeframe required by applicable law.
California residents (CCPA): California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected and the right to opt out of any sale of personal information. We do not sell personal information.
Canadian residents (PIPEDA): Canadian residents have rights under the Personal Information Protection and Electronic Documents Act, including the right to access and correct personal information.
We use cookies and similar technologies to maintain authenticated sessions, remember your preferences, and analyze website usage (via Microsoft Clarity). You can disable cookies in your browser settings, though some site features may not function correctly without them.
We implement reasonable security measures to protect personal information, including encryption in transit (TLS), encryption at rest, access controls, and audit logging.
If we become aware of a material security incident affecting customer data, we will notify affected customers without unreasonable delay.
Correx is a B2B service not directed to individuals under 18. We do not knowingly collect personal information from children.
We may update this policy from time to time. The “Effective date” at the top reflects the most recent revision. Material changes will be communicated to active customers by email.
For any privacy-related questions, requests, or concerns, contact us at:
Email: privacy@correx.ai