Privacy Policy

Last updated: July 2026


Who we are

This website (corybot.com) and the Cory products are provided by FUNdation, Hibbelenstr. 10, 51107 Cologne, Germany. FUNdation is the controller responsible for the personal data described in this policy. You can reach us at info (at) fundation.one; full company details are in our Impressum. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable German data protection law.

What this policy covers

This policy covers this website and the free "taste of Cory" preview offered on it - the in-page assistant and optional hands-free voice. The installable Cory products (the Cory browser extension for Chrome and Edge, and Cory Co-Writer for Microsoft Word) are privacy-first by design: your chats, memory, and preferences stay locally in your browser or document, and you bring your own AI provider key. Those products are distributed through the Chrome Web Store and Microsoft Marketplace and are governed by the information shown on their store listings.


What we collect on this website

Server logs

When you visit, our hosting provider automatically records standard technical data - such as your IP address, browser type, referring page, and the date and time of the request - in server logs. We use this only to operate, secure, and troubleshoot the site. Legal basis: our legitimate interest in a secure, functioning website (Art. 6(1)(f) GDPR). The site is hosted on Netlify; hosting and content delivery are performed by our hosting/CDN providers acting as processors.

Cookies and analytics

This website sets no advertising or tracking cookies and uses no third-party analytics. We do not build profiles of visitors.

If you contact us

If you email us, we process the information you provide (such as your name, email address, and message) in order to respond. Legal basis: our legitimate interest in replying to you, and, where relevant, steps taken at your request (Art. 6(1)(f) and (b) GDPR).


AI Features and Sub-processors (Cory)

The free preview lets you type or speak to Cory. When you do, your message - your text, or a transcript of your speech - is sent to AI providers acting as our processors, solely to generate Cory's reply in real time. We do not store these conversations on our own servers, and provider API keys are held server-side and are never exposed to your browser. Legal basis: our legitimate interest in providing the assistant you chose to use (Art. 6(1)(f) GDPR).

The AI sub-processors that may process this input are:

  • OpenAI - powers the hands-free voice (understanding your speech and speaking Cory's replies). OpenAI does not use data submitted through its API to train its models by default and offers a Data Processing Agreement. See openai.com/policies.
  • Groq - powers Cory's text answers. Groq is contractually not permitted to train on API inputs or outputs, offers Zero-Data-Retention, and provides a GDPR Data Processing Agreement with Standard Contractual Clauses. See groq.com/privacy-policy.

If we change the provider used for Cory's answers, this list is updated accordingly. Please avoid sharing sensitive personal information in the free Cory preview.


International data transfers

Some of our AI sub-processors are based outside the EU/EEA (for example in the United States). Where personal data is transferred to them, the transfer is covered by appropriate safeguards, such as the EU Standard Contractual Clauses together with the providers' Data Processing Agreements.

How long we keep data

We keep server logs only for the limited period needed for security and operation. We do not store the content of your Cory preview conversations on our own servers. Emails you send us are kept only as long as needed to handle your request and to meet any legal retention obligations.

Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, or object to the processing of your personal data, as well as the right to data portability. You also have the right to lodge a complaint with a supervisory authority - for us, the competent authority is the data protection authority of North Rhine-Westphalia, Germany. To exercise any of these rights, contact us at info (at) fundation.one.

Changes to this policy

We may update this policy as our services evolve. The current version is always available on this page; where changes are material, we may highlight them here or notify you by email where appropriate.