← Back to Cognisos

Last updated May 13, 2026

Privacy Policy

Cognisos (“we”, “us”, “our”) operates the cognisos.ai website and related services. This policy explains what data we collect, why, how we protect it, and your rights regarding that data.

Information We Collect

  • Account data — email address and authentication credentials when you create an account (via Supabase Auth).
  • Demo request data — name, email, company, job title, company size, tools used, and use case description when you submit our contact form.
  • Usage analytics — anonymized page views and interaction data collected via Google Analytics, only when you consent to analytics cookies.
  • Auth event analytics — authentication events (sign-up, login) including OAuth provider, collected via PostHog, only when you consent to analytics cookies.
  • API usage — request metadata (timestamps, token counts, compression metrics) associated with your API key for billing and performance monitoring.

How We Use Your Data

  • To provide, maintain, and improve our services.
  • To respond to demo requests and communicate about our products.
  • To monitor service health and prevent abuse.
  • To comply with legal obligations.

Legal Basis for Processing

For users in the European Economic Area (EEA) and United Kingdom, we process personal data under the following lawful bases (GDPR Article 6):

Processing ActivityLegal BasisRetention
Account creation & authenticationContract performance (Art. 6(1)(b))Until account deleted
API service delivery & billingContract performance (Art. 6(1)(b))24 months after last use
Demo requestsLegitimate interests (Art. 6(1)(f)) — responding to business inquiries24 months
Transactional emailsContract performance (Art. 6(1)(b))Duration of account
Analytics (Google Analytics, PostHog)Consent (Art. 6(1)(a))~26 months (GA default); 12 months (PostHog)
Security & fraud preventionLegitimate interests (Art. 6(1)(f)) — protecting service integrity30 days

Data Sharing

We do not sell your personal data. We share data only with service providers that help us operate. Each provider is bound by data processing agreements and their own privacy commitments:

  • Supabase — authentication and database storage
  • Vercel — website hosting and edge infrastructure
  • Resend — transactional email delivery
  • Google Analytics — anonymized usage metrics (consent-gated)
  • PostHog — auth event analytics (consent-gated)
  • Stripe — payment processing

International Data Transfers

Our service providers are primarily based in the United States. If you are located in the EEA, UK, or Switzerland, your personal data may be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for these international transfers. Each provider below processes data in the US under SCCs:

  • Supabase (database & auth) — US-based
  • Vercel (hosting) — US-based
  • Resend (email) — US-based
  • Google Analytics — US-based
  • PostHog (us.i.posthog.com) — US-based
  • Stripe (payments) — US-based

Data Retention

Account data is retained while your account is active. Demo request data is retained for up to 24 months. Analytics data is retained per Google Analytics default settings. You may request deletion of your data by contacting us at privacy@cognisos.ai.

Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, restrict processing of, or export your personal data, and to object to processing based on legitimate interests. To exercise these rights, contact privacy@cognisos.ai. We will respond within 30 days.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know — request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete — request deletion of your personal information, subject to certain exceptions.
  • Right to Correct — request correction of inaccurate personal information.
  • Right to Opt Out of Sale/Sharing— we do not sell personal information. However, our use of Google Analytics may constitute “sharing” personal data with a third party for cross-context behavioral advertising purposes under CPRA. You may opt out by declining analytics cookies using the cookie banner or the “Cookie preferences” link in our site footer. We also honor the Global Privacy Control (GPC) browser signal as an automatic opt-out.
  • Right to Non-Discrimination — we will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a California privacy request, contact privacy@cognisos.ai with the subject line “California Privacy Request”.

Terms of Service

By accessing or using Cognisos services, you agree to these terms. If you do not agree, do not use our services.

Use of Service

You may use our API and tools for lawful purposes in accordance with these terms. You are responsible for maintaining the confidentiality of your API keys and account credentials.

Acceptable Use

You agree not to:

  • Use the service to violate any applicable law or regulation.
  • Attempt to gain unauthorized access to our systems or other users' data.
  • Transmit malware, spam, or other harmful content through our services.
  • Reverse-engineer, decompile, or disassemble our proprietary algorithms.
  • Exceed rate limits or abuse the service in a manner that degrades performance for others.

Intellectual Property

You retain ownership of all data you submit to our services. We retain ownership of our platform, algorithms, and any derived models. Compression outputs generated by our service may be used freely by you.

Limitation of Liability

Our services are provided “as is” without warranty. To the maximum extent permitted by law, Cognisos shall not be liable for indirect, incidental, or consequential damages arising from your use of the service.

Changes

We may update these terms from time to time. For material changes, we will notify registered users by email at least 14 days before the change takes effect. Continued use of the service after that date constitutes acceptance of the updated terms.

Cookie Policy

We use cookies and similar technologies to operate our site and, with your consent, to understand how visitors use it. This policy explains each cookie we use.

Essential Cookies

These are required for the site to function (authentication state, session management). They cannot be disabled without breaking core features.

Analytics Cookies

We use Google Analytics to understand how visitors use our site. These cookies are only set when you click “Accept” on our cookie banner. Analytics data is anonymized and not shared with advertisers. We use Google Consent Mode v2 to ensure no tracking occurs until you provide explicit consent.

Managing Cookies

You can change your cookie preference at any time using the “Cookie preferences” link in our site footer, which will re-display the consent banner. You can also disable cookies entirely in your browser settings. Browsers with the Global Privacy Control (GPC) signal enabled are automatically opted out of analytics cookies on your first visit.

Cookie Inventory

The following cookies may be set by our site:

NameProviderPurposeTypeExpiry
sb-*-auth-tokenSupabaseStores your authenticated session so you stay logged inEssential7 days (refresh token)
analytics_consentCognisosStores your analytics cookie preference (granted/denied)Essential1 year
_gaGoogle AnalyticsDistinguishes unique users for aggregate traffic analysisAnalytics (consent)2 years
_ga_XXXXXXXXXXGoogle AnalyticsMaintains session state for GA4 measurementAnalytics (consent)2 years

Analytics cookies are only set after you click “Accept” in the consent banner.

Questions about these policies? Contact us at privacy@cognisos.ai