PRIVACY POLICY
Last updated: May 7, 2026
1. Controller
Baden Campus GmbH ("we", "us", "our") is the operator of the Cortiv platform. This privacy policy explains how we collect, process, and protect your personal data when you use our mobile application and web platform (collectively, the "Service").
2. Data We Collect
2.1 Account Data
When you sign in via a third-party identity provider (e.g. Google), we receive your email address, display name, and a unique identifier. We do not receive or store your password.
2.2 Audio Recordings
The core function of Cortiv is recording meetings and voice memos. When you start a recording, audio is captured via your device's microphone and uploaded to our infrastructure for processing. You may delete any recording at any time.
2.3 AI-Generated Content
Audio recordings are processed by our speech-to-text AI system to produce text transcripts. These transcripts may be further analysed by our AI pipeline to generate meeting summaries, draft documents, and structured knowledge entries. All AI-generated outputs are clearly labelled as such within the Service.
2.4 User-Generated Content
Text you enter — including edited transcripts, draft titles, descriptions, and notes — is stored on our infrastructure and associated with your account.
3. AI Processing — Self-Hosted Infrastructure
All AI models used by Cortiv are deployed and operated exclusively on infrastructure controlled by Baden Campus GmbH. This includes speech-to-text transcription, natural language processing, text generation, semantic embeddings, and knowledge graph construction.
- No audio recordings, transcripts, or personal data are transmitted to third-party AI service providers.
- All AI inference runs on servers managed by us. We retain full control over the models, their configuration, and all data processed through them.
- AI models are used solely to provide the Service — never for training, profiling, or purposes unrelated to your use of Cortiv.
- We do not use your data to train or fine-tune AI models.
4. Purpose & Legal Basis
| Purpose | Legal Basis (GDPR) |
|---|---|
| Authentication & account management | Contract performance (Art. 6(1)(b)) |
| Audio transcription & AI processing | Contract performance (Art. 6(1)(b)) |
| Service operation & security | Legitimate interest (Art. 6(1)(f)) |
5. Data Storage & Security
Your data is stored on encrypted, access-controlled infrastructure within the European Economic Area. All data in transit is protected by TLS encryption. Access to personal data is restricted to authorized personnel on a need-to-know basis.
6. Data Sharing
We do not sell, rent, or trade your personal data. We do not share your data with advertising networks. The Service contains no advertisements or cross-app tracking.
Data may be disclosed only in these circumstances:
- Infrastructure providers: Our hosting providers process data on our behalf as sub-processors, subject to data processing agreements ensuring equivalent protection.
- Legal obligation: If required by applicable law, regulation, or binding legal process.
7. Data Retention & Deletion
Your data is retained for as long as your account is active. You may delete individual recordings, transcripts, and drafts at any time through the Service. Deleted data is permanently removed from our infrastructure.
To request deletion of your entire account and all associated data, contact us at the address below.
8. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access the personal data we hold about you (Art. 15)
- Rectify inaccurate or incomplete data (Art. 16)
- Erasure — "right to be forgotten" (Art. 17)
- Restriction of processing (Art. 18)
- Data portability in a machine-readable format (Art. 20)
- Object to processing based on legitimate interest (Art. 21)
- Withdraw consent at any time, where consent is the legal basis (Art. 7(3))
- Lodge a complaint with your supervisory authority
To exercise any of these rights, contact us at the address in Section 13.
9. EU AI Act Compliance (Regulation 2024/1689)
9.1 Risk Classification
Cortiv has been assessed under the EU AI Act and is classified as a limited-risk AI system. The Service does not perform biometric identification, emotion recognition, social scoring, automated decision-making affecting individual rights, or any activity falling under the prohibited or high-risk categories defined in Articles 5 and 6 of the Regulation.
9.2 Transparency (Article 50)
In accordance with the transparency obligations under Article 50 of the EU AI Act:
- AI interaction notice: Users are clearly informed that AI systems process their audio and text data. This notice is provided in the application interface and in this privacy policy.
- AI-generated content labelling: All outputs produced by our AI systems — including transcripts, summaries, drafts, and knowledge graph entries — are machine-generated and labelled as such within the Service.
- No synthetic media: Cortiv does not generate synthetic audio, video, images, or deepfake content. Audio is recorded from real conversations and transcribed — not synthesised.
9.3 Human Oversight
All AI-generated outputs are presented to the user for review before any action is taken. Users may edit, accept, or discard any AI output. No automated decisions with legal or similarly significant effects are made by the system.
9.4 Data Governance
All AI models are deployed on infrastructure controlled by Baden Campus GmbH. No personal data is transmitted to external AI providers. We do not use customer data to train, retrain, or fine-tune AI models. Input data is processed solely to deliver the requested output and is subject to the retention policy described in Section 7.
10. Microphone & Background Audio
Cortiv requests microphone access solely to record meetings and voice memos when you explicitly initiate a recording. The application supports background audio so that recordings continue when the app is not in the foreground (e.g. when your device is locked). Audio is captured only during active recordings — we never record without your explicit action.
11. Cookies & Tracking
The Service uses only essential cookies required for authentication and session management. We do not use analytics trackers, advertising cookies, or cross-app tracking mechanisms.
12. Children's Privacy
Cortiv is a business tool not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children.
13. Contact
For privacy inquiries, data subject requests, or questions about this policy:
Baden Campus GmbH
Email: privacy@badencampus.com
14. Changes to This Policy
We may update this privacy policy to reflect changes in the Service or applicable law. Material changes will be communicated through the Service. The "Last updated" date above indicates the most recent revision. Continued use of the Service after changes constitutes acceptance.