Privacy policy.

Account information. Email address, hashed password, and the workspace you create on signup. If you subscribe, billing information is processed by our payment provider on our behalf — we receive an email address and a subscription identifier, never raw card details.

Content you upload. The documents, URLs, transcripts, and conversations you place in your workspace. This content is the substance of the service and is stored only to make it available to you.

Operational data. Server logs (timestamps, request paths, response codes) needed to operate the service. We do not log document text, filenames, chat messages, or query text.

Optional analytics. If you accept analytics cookies, anonymised usage events (e.g. “opened pricing page”, “created knowledge base”) are sent to our analytics provider. We track event names and counts only — never user content.

We use the information above to operate Cognoir: serving your uploaded documents back to you, generating cited answers from them, sending you transactional email (verification, password reset, billing notifications), and billing you for the plan you chose.

We do not use your documents to train AI models — ours or anyone else’s. Our model and embedding providers are contractually prohibited from training on input data sent through our integration. See the training data section of the security page for detail.

We share data only with the subprocessors required to operate the service — hosting providers, the model and embedding vendors, transactional email, billing, error monitoring, and optional analytics. The current list — each provider, its role, and the category of data it receives — is available to customers on request; see the subprocessors section of our security page. We notify customers in advance of changes.

We do not sell personal information. We do not share data with third parties for advertising purposes. We do not embed third-party trackers on marketing pages.

We disclose information only when required by valid legal process and only the minimum required. Where law permits, we notify the affected customer before responding.

We use a small number of strictly-necessary cookies to keep you signed in and remember interface preferences. Analytics cookies are loaded only after you accept the consent banner. See the cookie policy for the full list and retention windows.

EU and UK users have GDPR rights of access, rectification, erasure, restriction, portability, and objection. You can exercise these rights directly from your workspace settings: export every byte of your data within 24 hours of request, delete individual documents and conversations at any time, or delete your entire account.

Account deletion is irreversible and removes all documents, conversations, generated materials, and personal data within minutes. A minimal deletion record (date and account ID, no content) is retained for seven years for fraud and abuse protection. Operational detail is on the security page.

You can lodge a complaint with your local supervisory authority (for example, the ICO in the UK, the CNIL in France, the AEPD in Spain) at any time.

EU and UK customer data is stored and processed in EU regions when EU hosting is requested at signup. US customer data is stored and processed in US regions. Where data crosses borders for processing by our subprocessors, the transfer relies on Standard Contractual Clauses or an equivalent lawful mechanism.

Cognoir is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided personal information to us, email privacy@cognoir.app and we will delete it.

We will update this policy as the product changes. Material changes are announced by email to active customers at least 30 days before they take effect. The date this page was last updated is shown at the top.

Questions about this policy or about how we handle your data? Email privacy@cognoir.app. Security issues should go to security@cognoir.com.