Privacy Policy

1. Introduction
CoreOS (“CoreOS”, “we”, “us”, or “our”) is an AI-powered commercial intelligence platform developed by CSM, an Irish company based in the European Union. CoreOS helps business owners, founders, and leadership teams consolidate operational, financial, marketing, and sales data from connected platforms and analyse that data using AI-driven tools and agents to support informed strategic decision-making.

We are committed to protecting your privacy and handling your personal data in a transparent, lawful, and secure manner, in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Irish data protection laws.

This Privacy Policy explains:
• What data we collect
• How and why we use it
• The legal bases for processing
• How data is stored and protected
• Your rights under GDPR

2. Data Controller
For the purposes of GDPR, the data controller is:
CSM
63 Woodside, Rathfarnham, Dublin 14, Ireland
Email: hello@core-os.ai

‍3. Scope of This Policy
This Privacy Policy applies to:
• The CoreOS website (core-os.ai)
• The CoreOS platform and related services
• Any communications or interactions you have with CoreOS

It does not apply to third-party websites, platforms, or services that you may connect to CoreOS. Those services are governed by their own privacy policies.

4. Data We Collect

Personal Data You Provide Directly
We may collect personal data when you:
• Visit our website
• Create an account
• Request a demo or contact us
• Use the CoreOS platform
• Communicate with us

This may include:
• Name
• Email address
• Company name
• Job title or role
• Contact details
• Account credentials
• Communications with us

Data from Connected Platforms
When you connect third-party platforms, CoreOS accesses read-only data depending on the service connected.

Google Ads: Advertising spend, clicks, conversions, cost per conversion
Google Analytics (GA4): Users, sessions, engagement, events, revenue
Google Search Console: Clicks, impressions, CTR, average position, keywords
Microsoft: Name and email for authentication only
Xero: Profit and loss data and accounts receivable (read-only)
LinkedIn Ads: Ad spend, clicks, impressions, conversions
Meta Ads: Ad spend, clicks, impressions, conversionsCoreOS does not create, modify, or delete data in any connected platform.

Automatically Collected Data
We may automatically collect:
• IP address
• Device and browser type
• Operating system
• Usage and interaction data
• Referring URLs
• Date and time of access

5. Legal Bases for Processing
We process personal data under the following legal bases:
• Consent
• Contractual necessity
• Legitimate interests
• Legal obligation

You may withdraw consent at any time.

6. How We Use Your Data
We use data to:
• Provide and operate the CoreOS platform
• Connect authorised data sources
• Display dashboards and reports
• Generate AI-driven insights
• Improve platform performance
• Communicate with you
• Ensure security and compliance

We do not sell personal data.

7. AI and Automated Processing
CoreOS uses AI systems to analyse data and generate insights.

Important notes:
• AI outputs are informational only
• CoreOS does not make legally binding decisions
• AI recommendations support human decision-making
• Your data is not used to train public AI models

8. Data Sharing and Processors
We may share data with trusted service providers acting as data processors, including hosting, AI services, email delivery, monitoring, and support tools. All processors are contractually bound to GDPR standards.

9. International Data Transfers
Where data is transferred outside the EEA, appropriate safeguards are applied, including Standard Contractual Clauses or adequacy decisions.

10. Data Retention and Deletion
• Disconnected integrations: data deleted or anonymised within 30 days
• Deleted accounts: data deleted or anonymised within 90 days
• Legal retention obligations may apply

11. Security Measures
We use encryption, access controls, secure infrastructure, and monitoring to protect data. No system is entirely risk-free, but reasonable safeguards are in place.

12. Your GDPR Rights
You have the right to:
• Access your data
• Correct inaccurate data
• Request deletion
• Restrict or object to processing
• Data portability
• Withdraw consent
• Lodge a complaint with the Irish Data Protection Commission

Requests can be sent to hello@core-os.ai.

13. Cookies
We use cookies and similar technologies. You can manage preferences via our Cookie Policy and Cookie Settings.

14. Changes to This Policy
We may update this policy from time to time. The “Last updated” date reflects the current version.

15. Contact Us
Email: hello@core-os.ai
CSM
63 Woodside, Rathfarnham, Dublin 14, Ireland