Last updated: May 2025
Core Energy Ltd ("Company", "we", "us", or "our") operates the Core platform, accessible at core-energy.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use any part of Core — including DDT Core, the Nuclear Marketplace, and Core Networking Hub.
Please read this policy carefully. By accessing or using Core, you agree to the collection and use of information described here. If you do not agree, please discontinue use of the platform.
1. Information We Collect
a) Information You Provide Directly
- Account Registration: Full name, email address, password, job title, company name, and profile photo when you create a Core account.
- Profile Information: Professional details such as your industry role, expertise areas, bio, and cover image that you choose to display publicly.
- Marketplace Listings: Product names, descriptions, pricing, availability, and contact details submitted when listing nuclear products or equipment.
- Content & Communications: Posts (Pulses), comments, likes, direct messages (Cells), and connection requests (Bonds) you create or send within the platform.
- DDT Core Queries: Research questions and prompts you submit to DDT Core for AI-powered analysis.
- Contact Form: Name, email, and message content submitted via our Contact page.
b) Information Collected Automatically
- Log Data: IP address, browser type and version, pages visited, time and date of visit, time spent on pages, and other diagnostic data.
- Device Information: Device type, operating system, and unique device identifiers.
- Cookies & Tracking: Session cookies required for authentication and platform functionality. See Section 7 for details.
- Usage Analytics: Aggregated data about how features are used — such as DDT Core query frequency, marketplace interactions, and networking activity — to improve platform performance.
2. How We Use Your Information
We use the information we collect to:
- Create, maintain, and secure your Core account
- Deliver the core features of the platform — DDT Core research queries, Marketplace listings, Networking connections, and direct messaging
- Personalise your experience and surface relevant content, suppliers, or connections
- Process and respond to your DDT Core queries using AI-assisted analysis
- Send transactional notifications such as connection requests, new messages, and account alerts
- Improve, debug, and develop new features of the Core platform
- Monitor for fraud, abuse, and security threats
- Comply with legal obligations and enforce our Terms of Service
- Respond to enquiries submitted through our Contact page
We do not use your data for third-party advertising or sell your personal information to any third party.
3. Data Sharing & Third-Party Services
We do not sell, trade, or rent your personal information. We share data only with the trusted third-party services necessary to operate the platform:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, and real-time data | Account credentials, profile data, posts, messages, marketplace listings |
| OpenAI | AI-powered DDT Core query processing and embeddings | DDT Core query text only — no personally identifiable information is sent |
| Cohere | Semantic reranking for DDT Core search results | Anonymised document chunks — no personal data |
| Cloudflare | Bot protection (Turnstile CAPTCHA) and security | IP address and browser signals during signup/login |
All third-party providers are contractually required to handle your data securely and only for the purpose for which it was shared.
We may also disclose your information if required to do so by law, court order, or government authority, or to protect the rights, property, or safety of Core Energy Ltd, its users, or the public.
4. Data Storage & Security
Your data is stored on Supabase's secure cloud infrastructure, protected by industry-standard encryption at rest and in transit (TLS/SSL). We implement additional security measures including:
- Row-Level Security (RLS) policies ensuring users can only access their own data
- JWT-based session authentication with server-side validation
- Content Security Policy (CSP) and other HTTP security headers
- Rate limiting on AI query endpoints to prevent abuse
- File upload restrictions and server-side validation
Despite our best efforts, no method of transmission or storage over the internet is 100% secure. We cannot guarantee absolute security but commit to maintaining commercially reasonable safeguards.
5. Data Retention
We retain your personal data for as long as your account is active or as needed to provide our services. Specifically:
- Account data is retained until you delete your account or request deletion.
- DDT Core query history is retained to support conversation continuity and platform improvement. You may request deletion at any time.
- Marketplace listings remain visible until you remove them or your account is closed.
- Direct messages are retained as long as either participant's account remains active.
- Log and analytics data is typically retained for up to 12 months in aggregated, anonymised form.
6. Cookies
Core uses essential cookies required for platform operation:
- Authentication cookies: Issued by Supabase to maintain your logged-in session. These are strictly necessary and cannot be disabled.
- Security cookies: Used by Cloudflare Turnstile during signup and login to distinguish humans from bots.
We do not use advertising cookies, third-party tracking cookies, or analytics cookies that track you across other websites.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Update inaccurate or incomplete data via your profile settings.
- Deletion: Request deletion of your account and all associated personal data.
- Portability: Request an export of your data in a machine-readable format.
- Restriction: Request that we limit processing of your data in certain circumstances.
- Objection: Object to processing of your data for certain purposes.
To exercise any of these rights, please contact us at privacy@core-energy.io. We will respond within 30 days.
8. Children's Privacy
Core is a professional B2B platform intended for individuals aged 18 and over. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that a minor has provided us with personal data, we will promptly delete it.
9. Links to Third-Party Websites
The Core platform may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently. This Privacy Policy applies solely to information collected by Core Energy Ltd through the Core platform.
10. Changes to This Policy
We may update this Privacy Policy periodically. When we make material changes, we will update the "Last updated" date at the top of this page. Continued use of Core after changes are posted constitutes your acceptance of the revised policy.
11. Contact Us
- Company: Core Energy Ltd
- Address: Port Richey, Florida, USA
- Email: privacy@core-energy.io