Privacy Policy

1. Introduction

Cognostrix ("Company," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, web application, API, and related services (collectively, the "Service").

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

This Privacy Policy should be read together with our Terms of Service and Risk Disclaimer.

2. Information We Collect

2.1 Information You Provide

Account Information:

• Email address
• Name (optional)
• Authentication credentials (if using an identity provider such as AWS Cognito, your password is handled by that provider; we do not store your password)
• Company name (if applicable)
• Billing address

Payment Information:

• If you purchase a paid subscription: credit/debit card details (processed by our payment processor; we do not store full card numbers)
• Billing and subscription history

Communications:

• Support requests and correspondence
• Feedback and survey responses

Preferences:

• Watchlist selections
• Notification preferences
• Dashboard settings

2.2 Information Collected Automatically

Usage Data:

• Pages and features accessed
• Forecasts viewed
• API calls made
• Time spent on the Service

Device Information:

• IP address
• Browser type and version
• Operating system
• Device identifiers

Cookies and Similar Technologies:

• Session cookies (required for authentication)
• Preference cookies (to remember your settings)
• Analytics cookies (to understand Service usage, if enabled)

2.3 Information from Third Parties

Authentication Providers:

If you sign in using a third-party service (e.g., Google), we receive basic profile information as permitted by that service.

Payment Processor:

If and when payments are enabled, our payment processor provides us with transaction confirmations and billing status.

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Provision

• To create and maintain your account
• To provide forecasts and features based on your subscription tier or pilot scope
• To process payments and manage billing
• To personalize your experience

3.2 Communication

• To send service-related notifications (e.g., forecast updates, account alerts)
• To respond to your inquiries and support requests
• To send marketing communications where required by law and with your consent

3.3 Improvement and Analytics

• To understand how users interact with the Service
• To improve features and functionality
• To develop new products and services
• To conduct research and analysis

3.4 Security and Compliance

• To detect and prevent fraud and abuse
• To enforce our Terms of Service
• To comply with legal obligations

4. Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

5. Information Sharing

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party vendors who assist us in operating the Service, including:

• Cloud Hosting: Amazon Web Services (AWS) — EU-North-1 region
• Payment Processing: Stripe or similar providers (if paid subscriptions are enabled)
• Email Delivery: Transactional email service providers
• Analytics: Analytics providers (if enabled)

All service providers are contractually obligated to protect your information and use it only for authorized purposes.

5.2 Legal Requirements

We may disclose information if required to do so by law or in response to:

• Subpoenas, court orders, or legal process
• Requests from government authorities
• Protection of our rights, property, or safety

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity as part of that transaction.

5.4 With Your Consent

We may share your information with third parties when you have given explicit consent to do so.

6. Data Retention

We retain your personal information for as long as necessary to:

• Maintain your account and provide the Service
• Comply with legal obligations
• Resolve disputes and enforce agreements

Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

7. Your Rights

7.1 Rights for All Users

You have the right to:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and personal information by contacting us
• Data Portability: Request to receive your data in a structured, machine-readable format
• Opt-Out: Unsubscribe from marketing communications

7.2 Additional Rights (EEA, UK, Switzerland)

If you are in the EEA, UK, or Switzerland, you also have the right to:

• Object to processing based on legitimate interests
• Restrict processing in certain circumstances
• Withdraw consent at any time (without affecting prior processing)
• Lodge a complaint with a supervisory authority

7.3 Exercising Your Rights

To exercise your rights, contact us at:

• Email: privacy@cognostrix.com
• Subject: "Privacy Rights Request"

We will respond within the timeframes required by applicable law.

8. Cookies and Tracking

8.1 Types of Cookies We Use

8.2 Managing Cookies

You can control cookies through:

• Browser settings
• Our cookie consent banner when you first visit
• Account settings (where available)

Blocking essential cookies may prevent you from using parts of the Service.

8.3 Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. Because there is no consistent industry standard for responding to these signals, we do not currently respond to DNT browser requests. You can manage cookie preferences through our cookie banner and browser settings.

9. Data Security

We implement appropriate technical and organizational measures to protect your information.

9.1 Technical Measures

• Encryption in transit (TLS)
• Encryption at rest for stored data
• Secure authentication via managed identity providers (e.g., AWS Cognito)
• Role-based access controls and least-privilege principles

9.2 Organizational Measures

• Appropriate vetting of personnel with access to production systems
• Security awareness practices
• Incident response procedures
• Periodic security reviews

9.3 Data Location

Your data is stored in Amazon Web Services (AWS) data centers located in the EU-North-1 (Stockholm) region, subject to EU data protection standards.

9.4 Breach Notification

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law and without undue delay.

10. International Data Transfers

If you access the Service from outside the European Economic Area, your data may be transferred to and processed in Sweden or other countries where we or our service providers operate.

Where required, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

11. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected such information, we will delete it promptly.

12. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we do, we will update the "Last Updated" date at the top of this page and, where appropriate, notify users through the Service or by email.

Your continued use of the Service after such updates constitutes acceptance of the revised policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:

You also have the right to lodge a complaint with your local data protection authority.

15. Supplemental Information by Region

15.1 California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect and use
• Request deletion of your personal information
• Opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising)
• Not be discriminated against for exercising your rights

Categories of Information Collected:

• Identifiers (email, name, IP address)
• Commercial information (subscription history)
• Internet activity (usage data)

To exercise these rights, contact privacy@cognostrix.com.

15.2 Nevada Residents

Nevada residents may opt out of the sale of personal information. We do not sell personal information as defined under Nevada law.

15.3 Brazilian Residents (LGPD)

If you are a Brazilian resident, you have rights under the Lei Geral de Proteção de Dados (LGPD), similar to those described in Section 7.