Privacy Policy | Cognethics
Legal

Privacy Policy

Last updated: March 24, 2026

1Who We Are

Cognethics LLC ("Cognethics," "we," "us," or "our") is an enterprise software company headquartered in Atlanta, GA. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at cognethics.com and use our platform services.

2Information We Collect

Information You Provide

  • Contact form submissions: name, work email address, company name, area of interest, and any message you provide when booking a demo or contacting us.
  • Account information: when you create a platform account, we collect your name, email, organization details, and role.
  • Communications: records of correspondence when you contact us for support or other inquiries.

Information Collected Automatically

  • Log data: IP address, browser type, operating system, referring URLs, pages visited, and timestamps.
  • Device information: device type, screen resolution, and unique device identifiers.

Cookies

Our website sets one first-party cookie (_a4t_vid) that assigns an anonymous visitor ID. This cookie is used solely to understand site traffic patterns — it is not used for advertising and is not shared with third parties.

We honor Do Not Track (DNT) browser signals. When DNT is enabled, no tracking data is collected and the cookie is not set. You may also block this cookie through your browser settings without affecting site functionality.

Information We Do Not Collect

  • We do not sell, rent, or trade your personal information to third parties.
  • We do not use your data to train AI models.

3How We Use Your Information

  • To respond to your demo requests and inquiries.
  • To provide, maintain, and improve our platform services.
  • To send you relevant updates about your account or our services (you can opt out at any time).
  • To detect, prevent, and address security issues and abuse.
  • To comply with legal obligations.

4Legal Basis for Processing (GDPR)

Cognethics processes customer data in the AWS region and availability zone you select. For customers with EEA, UK, or Swiss personal data, our standard Data Processing Addendum (DPA) provides Standard Contractual Clauses (Module 2 — controller-to-processor, EU 2021/914) and addresses cross-border transfer safeguards. To execute the DPA, send us the request form below and select the legal / DPA request type.

For personal data we process directly (for example, when you submit our contact form), we rely on the following legal bases:

  • Consent: when you submit the contact form, you consent to us processing your data for the stated purpose.
  • Legitimate interest: to operate and improve our services, provided this does not override your rights.
  • Legal obligation: to comply with applicable laws and regulations.

5Data Storage and Security

  • Your data is stored on AWS infrastructure in the region and availability zone you select.
  • All data is encrypted in transit (TLS 1.2+) and at rest.
  • Access to personal data is restricted to authorized personnel on a need-to-know basis.
  • We maintain complete audit trails of all data access.
  • Our platform architecture is designed for multi-tenant data isolation — your data is never accessible to other customers.

6Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy. Contact form submissions are retained for the duration of our business relationship. You may request deletion of your data at any time (see Section 8).

7Sub-processors

We use a limited number of sub-processors to operate the Services:

  • Amazon Web Services (AWS): infrastructure hosting in the AWS region and availability zone you select. Compute, storage, database, networking, and managed security. Covered by DPA + BAA.
  • Anthropic: large language model inference for AI features. Accessed via the Anthropic API and via AWS Bedrock (US regions). Covered by DPA.
  • Cloudflare: CDN, DDoS protection, and Cloudflare Tunnel routing. Processes request metadata only (IP, timestamp, User-Agent, referrer); no document content traverses Cloudflare in plaintext. Covered by DPA.
  • Google (Gemini API): large language model inference for specific extraction workflows (e.g., healthcare EOB extraction, technical specification extraction, invoice parsing). US regions. Covered by DPA.

We do not share your personal data with advertising networks, data brokers, or analytics platforms.

8Your Rights

Depending on your location, you may have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate data.
  • Deletion: request deletion of your personal data.
  • Portability: request your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interest.
  • Withdraw consent: withdraw consent at any time where processing is based on consent.

To exercise any of these rights, send us the request form below. We will respond within 30 days.

9Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

10Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date.

11Contact Us

For questions about this Privacy Policy, or to exercise any of the rights listed in Section 8, send us the form below. We respond within 30 days.

Privacy request

All fields marked required help us verify the request and respond to the right person. Your submission goes only to our privacy team.