Privacy Policy
Privacy Policy Notice
Last updated 2026/02
PRIVACY NOTICE
This Notice explains how we obtain, use, and disclose your personal information in accordance with the applicable laws. We at Cognician respect your privacy and your rights in relation to the protection of the personal data we collect and process.
When we refer to 'Cognician', we mean Cognician Inc. including its associated and subsidiary companies.
If you have any inquiries about this Privacy Policy, please email our Data Protection Officer (also known as Information Officer) at dpo@cognician.com.
B2B Privacy Policy Addendum
Special Notice for Organization-Provisioned Services
If you are using Cognician as part of an organization-led initiative, Cognician processes your data as a Service Provider (Data Processor) on behalf of your employer or sponsoring organization (the "Client" or "Data Controller").
In these cases, the processing of your personal data (including profile information and program participation data) is a functional and contractual requirement of delivering the service requested by the organization. Cognician does not rely on individual user consent as the legal basis for this processing.
Hierarchy of Terms:
In the event of any conflict between this Addendum and the general Privacy Policy text below, this Addendum shall prevail for all provisioned users. Your data is processed as a functional requirement of the service provisioned by your organization.
The Personal Data We Collect
Looking after your personal data is a huge responsibility for us. We will continue to do our best to protect your personal data as best we can and be transparent about what data we collect and why we collect it. We do not, and never will, engage in practices such as benefiting from selling your personal information to third parties.
The Use of Your Personal Data
The User
We collect and process personal data when you interact with components of our website and platform. This enables us to deliver programs and services that have been provisioned for you, including digital learning experiences known as “cogs” (short for “coaching guides”).
Cogs are bite‑sized digital learning experiences designed to guide users through a single idea, model, process, activity, or skill.
Where services are provisioned by an organization, this processing is carried out as a requirement of the service delivery, rather than on the basis of individual consent.
The Client Organization
As part of agreed scopes of work with client organizations, services may include program reporting such as participation and completion statistics, aggregated results reporting at group level, and aggregated or anonymized content insights.
Where reporting involves personal data, the organization that provisioned the service is considered an authorized recipient, not a third party.
We Collect Your Personal Data for Specific Purposes
We process personal data for the following purposes and legal bases:
- To register and authenticate users on the platform
- To provide programs and services provisioned by an organization
- To meet contractual obligations and agreed service requirements
- To support platform functionality, security, and performance
- To provide technical, operational, and user support
- To communicate with users regarding service‑related matters
Processing for mandatory, organization‑provisioned programs is based on contractual necessity and legitimate interests, rather than consent.
We Collect Both Personal and Non-Personal Data
The data we collect includes:
- Contact information (e.g. name, surname, email address)
- Unique identifiers (e.g. nickname, password)
- User engagement data (e.g. program activity, cog activity, progress tracking)
- Content data (e.g. responses to program prompts), which is shared in aggregated and anonymized form by default
- Optional public data shared within program groups where clearly indicated
- Diagnostic and technical data necessary for platform functionality
- Location identifiers collected by third‑party service providers for analytical purposes
How We Store Your Data
Cognician securely stores data in Microsoft Azure data centers located in the EU (Ireland region).
Retention of Your Personal Data
Cognician retains personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce agreements.
Our Data Protection Officer
We have appointed a Data Protection Officer (DPO) in compliance with GDPR requirements. You can contact our DPO at dpo@cognician.com.
Keeping Your Data Secure
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, in line with industry standards.
Your Data Protection Rights
If you are located in South Africa, the EEA, or the UK, you have the following rights:
- To request access, correction, or updates to your personal data
- To object to the processing of your personal data where applicable
- To request restriction or portability of your personal data
- To lodge a complaint with a data protection authority
For organization‑provisioned services, requests relating to access, deletion, or objection may require coordination with the organization that provisioned the service. Cognician facilitates these requests as a service provider.
Choices for Limiting the Use and Disclosure of Your Personal Data
Where applicable, you may use the controls and mechanisms made available within the Cognician platform to limit certain uses or disclosures of your personal data.
These controls may include program‑specific objection or opt‑out features and preference settings presented within the platform. Where we rely on consent for optional or voluntary features (such as marketing communications), you may manage or withdraw that consent using the options provided at the point of collection or within the relevant forms.
For organization‑provisioned services, core processing activities necessary to deliver the service are based on contractual necessity or legitimate interests and are not subject to opt‑out. Any requests to limit processing in this context may require coordination with the organization that provisioned the service.
Requests may be submitted to dpo@cognician.com.
Unsubscribing from Cognician's Communications
You may unsubscribe from marketing communications at any time using the unsubscribe link in our emails or by contacting dpo@cognician.com.
Service‑related communications necessary for platform operation are not subject to marketing opt‑out.
Sharing Your Information with Third Parties
Personal data may be disclosed to:
- Service providers and sub‑processors acting on our behalf
- Subsidiaries and affiliates supporting service delivery
- Law enforcement or regulatory bodies where legally required
- Parties involved in corporate transactions
A list of sub‑processors is available on our GDPR Sub‑Processors page.
International Transfer of Your Personal Data
Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses
- EU‑U.S. Data Privacy Framework
- Other lawful transfer mechanisms
EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF
Cognician Inc. complies with the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) and the UK Extension to the EU-U.S. DPF Principles, as set forth by the U.S. Department of Commerce. Cognician has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF Principles and the UK Extension to the EU-U.S. DPF Principles. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework Principles (DPF Principles) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
Regulatory Authority
The Federal Trade Commission has jurisdiction over Cognician’s compliance with the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) and the UK Extension to the EU-U.S. DPF Principles.
Dispute Resolution
In compliance with the EU-U.S. DPF Principles and the UK Extension to the EU-U.S. DPF Principles, Cognician commits to:
- cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF Principles and the UK Extension to the EU-U.S. DPF Principles.
- resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the (EU-U.S. DPF Principles) and the UK Extension to the EU-U.S. DPF Principles should first contact Cognician at: dpo@cognician.com
- In addition, and as described in the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) and the UK Extension to the EU-U.S. DPF principles, you also have the option of invoking binding arbitration after other dispute resolution procedures have been exhausted.
Artificial Intelligence (AI) Use at Cognician
At Cognician, we leverage Artificial Intelligence (AI) to enhance the quality and efficiency of our support services, program development, and reporting capabilities. We are committed to ensuring that our use of AI respects your privacy and complies with all relevant data protection standards.
Cookies and Similar Technologies
Cookies
We use cookies and similar technologies to support platform functionality, analytics, and user experience. Users can manage cookie preferences via browser settings.
Regulatory Authority & Dispute Resolution
Cognician complies with the EU‑U.S. Data Privacy Framework and cooperates with relevant supervisory authorities. Complaints may be submitted to dpo@cognician.com.