Privacy Policy
Last Updated: December 21, 2025
Table of Contents
- 1. Introduction
- 2. Information We Collect
- 3. How We Use Information
- 4. How We Share Information
- 5. Data Retention
- 6. International Data Transfers
- 7. Your Rights and Choices
- 8. Additional Information for Residents of Certain Jurisdictions
- 9. Security
- 10. Children’s Privacy
- 11. Changes to This Privacy Policy
- 12. Contact Information
1. Introduction
This Privacy Policy explains how Cogniludus Inc., a corporation organized under the laws of the State of Delaware, United States (“Cogniludus,” “we,” “our,” or “us”), collects, uses, and shares Personal Information about individuals (“you”) when you access or use the Services or otherwise provide Personal Information to us in a context where this Privacy Policy applies.
For purposes of this Privacy Policy, the term “Personal Information,” sometimes referred to as “personal data” under certain privacy laws, means information that identifies, relates to, describes, or can reasonably be linked, directly or indirectly, to an identified or identifiable individual or household. Section 2 (Information We Collect) provides more detail about the types of Personal Information we collect.
For purposes of this Privacy Policy, the term “Services” (as defined in our Terms of Use) means, collectively, our websites, web applications, application programming interfaces (“APIs”), sample code, documentation, related waitlist features, and any other products or services we make available to you.
This Privacy Policy forms part of the “Agreement” between you and Cogniludus, as that term is defined in our Terms of Use. Capitalized terms used but not defined in this Privacy Policy have the meanings given to them in our Terms of Use.
This Privacy Policy does not apply to websites, products, services, software, content, or other materials that we do not own or control, including, without limitation, those that the Services may rely on, interoperate with, be integrated with, or provide links to, nor does it apply to information we process about our own employees, contractors, or job applicants in the context of their relationship with Cogniludus. Those activities may be governed by separate privacy policies or privacy notices.
If you and Cogniludus have entered into a separate written agreement or order form for the Services that is signed by both parties and expressly supersedes this Privacy Policy for specific processing of Personal Information, that separate agreement or order form will control to the extent of any conflict with this Privacy Policy with respect to the subject matter of that separate agreement or order form, and this Privacy Policy will apply to the extent of any remaining conflict and to any processing of Personal Information not covered by that separate agreement or order form.
For residents in certain jurisdictions, additional or different rights and disclosures may apply. Please see Section 8 (Additional Information for Residents of Certain Jurisdictions) for more details.
We may update this Privacy Policy from time to time as described in Section 11 (Changes to This Privacy Policy).
By accessing or using the Services in any manner, or by otherwise providing Personal Information to us in a context where this Privacy Policy applies, you acknowledge that you have read this Privacy Policy. If you do not agree with this Privacy Policy, you may not access or use the Services or provide Personal Information to us.
We are currently in the waitlist stage, and the Services are limited. As we launch additional features, our data practices may change, and we may update this Privacy Policy accordingly.
2. Information We Collect
We collect different types of information about you depending on your access to and use of the Services.
2.1 Information You Provide to Us
We collect information that you provide directly to us. This information may include:
Waitlist sign-ups.
If you join our waitlist for early access, we collect your email address.
Direct communications.
If you contact us, we collect the content of your communication, any information you choose to include, and associated metadata about the communication.
2.2 Information We Collect Automatically
We automatically collect information through your device and our systems. This information may include:
Reference information.
If you access our websites using a link that includes a reference identifier, we collect that identifier.
Environment information.
We collect environment information that your device makes available, such as your platform type, operating system name, browser name, browser language, time zone, and time zone offset.
Diagnostic and error information.
We collect information that our systems generate for diagnostic and error tracking purposes.
We do not use cookies or similar tracking technologies on our websites for targeted advertising or cross-site tracking.
We do not use third-party analytics tools on our websites. However, our third-party service providers and related tools may provide us with email engagement information described in Section 2.3.
We may store IP addresses in logs and similar technical information and use them only for purposes described in this Privacy Policy, including, without limitation, maintaining security, preventing misuse of the Services, understanding how the Services are accessed and used, and pursuing our legal, compliance, and enforcement purposes.
2.3 Information We Receive from Third Parties
We may receive information from third parties. This information may include:
Logs and related technical information from our third-party service providers.
Email delivery information, email engagement information, such as opens and link clicks, and related technical information, from our third-party service providers.
Our third-party service providers may collect technical information, such as IP addresses, timestamps, and other log data, as part of providing their services to us. Their use of this information is governed by their privacy policies and, where applicable, their agreements with us. We use this information only for the purposes described in this Privacy Policy.
2.4 Aggregated or De-Identified Information
We may aggregate or de-identify information we collect so that it no longer identifies, relates to, describes, or can reasonably be linked, directly or indirectly, to an identified or identifiable individual or household (“Aggregated or De-Identified Information”). We may use Aggregated or De-Identified Information for any purpose permitted by applicable law. Where we do so, we will not attempt to re-identify individuals from such information, and we will take reasonable steps to require any recipients of Aggregated or De-Identified Information to refrain from attempting to re-identify individuals, where appropriate.
2.5 Sensitive Information
We do not intentionally seek to collect sensitive categories of Personal Information. Sensitive information includes data such as government identification numbers; precise location data; health information; or information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric data, or information about sex life or sexual orientation.
We ask that you do not include this type of information in your access to or use of the Services or in your communications with us. If you choose to provide sensitive Personal Information anyway, you do so voluntarily. We will process such information in accordance with this Privacy Policy and applicable law, and we may delete or minimize it where appropriate.
3. How We Use Information
We use the information described in Section 2 for the purposes set out in this Section 3. We may use third-party service providers to help us perform these activities, as described in Section 4 (How We Share Information).
3.1 Service Provision and Operation
We use information to provide, operate, maintain, and support the Services. This includes using information to:
provide the Services;
operate and maintain our infrastructure and systems; and
provide customer care and technical support.
3.2 Communications
We use information to communicate with you. This includes using information to:
send messages and updates about the Services;
understand, measure, analyze, and evaluate the effectiveness of our communications, including, without limitation, by analyzing email engagement information;
respond to inquiries and requests; and
provide information about changes to this Privacy Policy, our Terms of Use, or any other terms, policies, guidelines, or agreements that we make available to you for the Services.
You may have choices about certain communications, as described in Section 7 (Your Rights and Choices).
3.3 Security and Misuse Prevention
We use information to maintain security and prevent misuse of the Services. This includes using information to:
detect, investigate, and prevent fraud, abuse, security incidents, and other harmful or illegal activity;
monitor access to and use of the Services for security, reliability, and acceptable use;
enforce any applicable limits or restrictions;
investigate and address technical issues and incidents; and
maintain logs and diagnostic information to support security, troubleshooting, and reliability.
3.4 Service Improvement and Usage Understanding
We use information to improve the Services and understand how they are accessed and used. This includes using information to:
plan, design, develop, and test the Services and new features; and
understand, measure, analyze, and evaluate how the Services are accessed and used.
We may use Aggregated or De-Identified Information to help us perform these activities.
3.5 Legal, Compliance, and Enforcement
We use information for our legal, compliance, enforcement, and administrative purposes. This includes using information to:
comply with applicable laws, regulations, legal processes, or governmental or regulatory requests;
respond to lawful requests from courts, regulators, law enforcement, or other authorities;
establish, exercise, or defend legal claims;
enforce this Privacy Policy, our Terms of Use, and any other terms, policies, guidelines, or agreements that we make available to you for the Services;
maintain appropriate business, compliance, and legal records;
protect our rights, property, and interests; and
help protect the rights, property, and safety of our users and the public.
4. How We Share Information
We share the information described in Section 2 in the circumstances set out in this Section 4.
4.1 Service Providers
We may share information with our third-party service providers who help us provide, operate, maintain, and support the Services; communicate with you; maintain security and prevent misuse of the Services; improve the Services and understand how they are accessed and used; and pursue our legal, compliance, enforcement, and administrative purposes. This includes third-party service providers that:
provide infrastructure and cloud services;
provide communications and messaging services;
provide corporate, legal, and compliance services;
provide financial and payment services; and
provide other operational services in connection with the Services.
These third-party service providers may access, process, or store Personal Information as part of providing their services to us. Their use of Personal Information is governed by their privacy policies and, where applicable, their agreements with us.
4.2 Affiliates
We may share information with our affiliates, meaning entities that control, are controlled by, or are under common control with Cogniludus.
These affiliates may access, process, or store Personal Information as part of supporting the purposes described in this Privacy Policy. They may use Personal Information only for those purposes and in a manner consistent with this Privacy Policy.
4.3 Professional Advisors
We may share information with our professional advisors. This includes professional advisors that:
legal counsel;
accountants and auditors; and
other professional advisors.
These professional advisors may access, process, or store Personal Information as part of providing their services to us. Their use of Personal Information is governed by their privacy policies and, where applicable, their agreements with us. They are typically bound by confidentiality and other professional or contractual obligations.
4.4 Business Transfers
We may share information in connection with, or during negotiations of, a business transaction involving Cogniludus. This includes:
a merger, acquisition, or sale of all or part of our assets;
a corporate reorganization, financing, or restructuring; or
a bankruptcy, insolvency, or similar event.
In such cases, Personal Information may be transferred as part of the transaction, subject to any legal requirements and any commitments we make at that time.
4.5 Legal Requirements and Protection of Rights
We may share information when we believe that doing so is reasonably necessary. This includes sharing information to:
comply with applicable laws, regulations, legal processes, or governmental or regulatory requests;
respond to lawful requests from courts, regulators, law enforcement, or other authorities;
establish, exercise, or defend legal claims;
enforce this Privacy Policy, our Terms of Use, and any other terms, policies, guidelines, or agreements that we make available to you for the Services;
protect our rights, property, and interests; and
help protect the rights, property, and safety of our users and the public.
4.6 Other Disclosures
We may share information with third parties when you ask us to do so, give us your consent, or otherwise direct us to do so.
We may also share Aggregated or De-Identified Information.
5. Data Retention
We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including, without limitation, to provide, operate, maintain, and support the Services; to communicate with you; to maintain security and prevent misuse of the Services; to improve the Services and understand how they are accessed and used; and for our legal, compliance, enforcement, and administrative purposes.
We generally:
retain waitlist information while you are on the waitlist to communicate with you, and for a reasonable period afterward to maintain appropriate business, compliance, and legal records;
retain communications for a reasonable period to communicate with you, to maintain security and prevent misuse of the Services, and to maintain appropriate business, compliance, and legal records;
retain reference, environment, diagnostic, error, and similar technical information for a reasonable period to maintain security and prevent misuse of the Services, to improve the Services and understand how they are accessed and used, and to maintain appropriate business, compliance, and legal records; and
retain Aggregated or De-Identified Information for as long as we have a legitimate business need.
Our third-party service providers may retain information in accordance with their privacy policies and, where applicable, their agreements with us.
If you request deletion of your Personal Information, we will take reasonable steps to delete it or convert it into Aggregated or De-Identified Information, in each case in our active records, subject to any information we are required or permitted to retain under applicable law or where we have a legitimate business need to do so.
Copies of information may remain in routine backups for a limited period of time and are intended to be deleted in the ordinary course of our backup procedures.
When information is no longer needed for the purposes described in this Privacy Policy, we will take reasonable steps to delete it or convert it into Aggregated or De-Identified Information.
6. International Data Transfers
We process Personal Information in the United States and in other countries where we, our affiliates, our third-party service providers, and our professional advisors operate. These countries may have data protection laws that are different from the laws of your country of residence and, in some cases, may not be as protective.
We may transfer Personal Information to other countries for the purposes described in this Privacy Policy, including, without limitation, to provide, operate, maintain, and support the Services; to communicate with you; to maintain security and prevent misuse of the Services; to improve the Services and understand how they are accessed and used; and for our legal, compliance, enforcement, and administrative purposes. This may include transfers to our affiliates, our third-party service providers, or our professional advisors that are located outside your country of residence or that access Personal Information from another country.
Where required by applicable law, we use legal mechanisms, such as contractual protections, to help protect Personal Information in connection with such transfers.
By accessing or using the Services in any manner, or by otherwise providing Personal Information to us in a context where this Privacy Policy applies, you acknowledge that your Personal Information may be transferred to and processed in the United States and other countries where we, our affiliates, our third-party service providers, and our professional advisors operate.
7. Your Rights and Choices
Regardless of where you live, subject to legal limitations, you may:
request access to or a copy of your Personal Information;
request correction of Personal Information that is inaccurate or incomplete;
request deletion of your Personal Information;
request that we limit or restrict certain processing of your Personal Information;
object to certain processing of your Personal Information; or
request additional information about how we process your Personal Information.
You can contact us to exercise these rights using the details in Section 12 (Contact Information). We may need to verify your identity before responding to certain requests. In some cases, we may be unable to fully accommodate a request where we are permitted or required to do so under applicable law, and we will explain our reasons if we decline or limit a request.
You can also manage certain communications from us. For example, you can unsubscribe from promotional or other non-essential communications by following the instructions in those communications or by contacting us using the details in Section 12 (Contact Information). We may still communicate with you about the Services for non-promotional purposes, such as security notices or legal and compliance updates.
8. Additional Information for Residents of Certain Jurisdictions
Depending on where you live, applicable law may provide you with additional or different rights regarding your Personal Information or require us to provide you with specific disclosures about how we process your Personal Information.
8.1 Residents of the European Economic Area (EEA), the United Kingdom (UK), and Switzerland
If you are in the EEA, the UK, or Switzerland, the data protection law of your jurisdiction may provide you with additional or different rights regarding your Personal Information or require us to provide you with specific disclosures about how we process your Personal Information.
As described in Sections 2 and 3 of this Privacy Policy, we collect and use Personal Information for the purposes described there, including, without limitation, to provide, operate, maintain, and support the Services; to communicate with you; to maintain security and prevent misuse of the Services; to improve the Services and understand how they are accessed and used; and for our legal, compliance, enforcement, and administrative purposes. As described in Sections 4, 5, and 6, we share, retain, and transfer Personal Information as described in those sections.
8.1.1 Lawful Bases for Processing
Where the data protection law of the EEA, the UK, or Switzerland applies, we process Personal Information on one or more of the following legal bases:
Performance of a contract and taking steps at your request.
We process Personal Information where this is necessary:
to provide, operate, maintain, and support the Services;
to communicate with you; and
to perform our contracts with you or take steps at your request before entering into a contract.
Legitimate interests.
We process Personal Information based on our legitimate interests, where those interests are not overridden by your interests or fundamental rights and freedoms. These legitimate interests include:
to provide, operate, maintain, and support the Services;
to communicate with you;
to maintain security and prevent misuse of the Services;
to improve the Services and understand how they are accessed and used;
to maintain appropriate business, compliance, and legal records;
to establish, exercise, or defend legal claims.
to enforce this Privacy Policy, our Terms of Use, and any other terms, policies, guidelines, or agreements that we make available to you for the Services;
to protect our rights, property, and interests; and
to help protect the rights, property, and safety of our users and the public.
Compliance with legal obligations.
We process Personal Information where necessary to:
comply with applicable laws, regulations, legal processes, or governmental or regulatory requests; and
respond to lawful requests from courts, regulators, law enforcement, or other authorities.
Consent.
We process Personal Information where you have given your consent. Where we rely on consent, you may withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before it was withdrawn.
8.1.2 Additional Rights
If you are in the EEA, the UK, or Switzerland, you may have, subject to legal limitations, the right to:
request access to your Personal Information;
request correction of Personal Information that is inaccurate or incomplete;
request deletion of your Personal Information;
request restriction of the processing of your Personal Information;
object to the processing of your Personal Information where we process it based on our legitimate interests, in which case we will stop such processing unless we have compelling legitimate grounds or the processing is required for legal reasons; and
request to receive your Personal Information in a structured, commonly used, and machine-readable format and to have it transmitted to another controller, where technically feasible.
You can contact us to exercise these rights using the details in Section 12 (Contact Information). We may need to verify your identity before responding to certain requests. In some cases, we may be unable to fully accommodate a request where we are permitted or required to do so under applicable law, and we will explain our reasons if we decline or limit a request.
8.1.3 Complaints to Supervisory Authorities
If you are in the EEA, the UK, or Switzerland, you also have the right to lodge a complaint with a data protection authority or supervisory authority, in particular in the country where you live or work or where you believe an infringement of data protection law has occurred. We encourage you to contact us first, so that we can try to address your concerns directly.
8.2 California Residents
If you are a California resident, California law may provide you with additional or different rights regarding your Personal Information or require us to provide you with specific disclosures about how we process your Personal Information.
As described in Sections 2 and 3 of this Privacy Policy, we collect and use Personal Information for the purposes described there, including, without limitation, to provide, operate, maintain, and support the Services; to communicate with you; to maintain security and prevent misuse of the Services; to improve the Services and understand how they are accessed and used; and for our legal, compliance, enforcement, and administrative purposes. As described in Sections 4, 5, and 6, we share, retain, and transfer Personal Information as described in those sections.
For purposes of California law, we do not “sell” or “share” Personal Information, and we do not use or disclose sensitive Personal Information to infer characteristics about you or for purposes that are not permitted under California law. Because we do not sell or share Personal Information or process it for targeted advertising, certain opt-out rights available under California law are not relevant to our current data practices.
If you are a California resident, you may have rights under California law, subject to legal limitations, to request, for example: access to or a copy of your Personal Information; correction or deletion of your Personal Information; that we limit or restrict certain processing of your Personal Information; or that we provide information about our data practices. We will not discriminate against you in a manner prohibited by California law for exercising any rights you may have under California law.
You can contact us to exercise these rights using the details in Section 12 (Contact Information). We may need to verify your identity before responding to certain requests. In some cases, we may be unable to fully accommodate a request where we are permitted or required to do so under applicable law, and we will explain our reasons if we decline or limit a request.
8.3 Other U.S. State Laws
If you live in a U.S. state with a comprehensive privacy law, for example, Colorado, Connecticut, Utah, Virginia, or other states that may adopt similar laws, that law may provide you with additional or different rights regarding your Personal Information that are similar to some of the rights described above.
As described in Sections 2 and 3 of this Privacy Policy, we collect and use Personal Information for the purposes described there, including, without limitation, to provide, operate, maintain, and support the Services; to communicate with you; to maintain security and prevent misuse of the Services; to improve the Services and understand how they are accessed and used; and for our legal, compliance, enforcement, and administrative purposes. As described in Sections 4, 5, and 6, we share, retain, and transfer Personal Information as described in those sections.
For purposes of those state privacy laws, we do not “sell” or “share” Personal Information, as those terms may be defined under applicable state privacy laws, and we do not process Personal Information for targeted advertising or for profiling in furtherance of decisions that produce legal or similarly significant effects about you. Because we do not sell or share Personal Information, process it for targeted advertising, or engage in such profiling, certain opt-out rights available under those state privacy laws are not relevant to our current data practices.
If you live in a U.S. state with a comprehensive privacy law, you may have rights under that law, subject to legal limitations, to request, for example: access to or a copy of your Personal Information; correction or deletion of your Personal Information; that we limit or restrict certain processing of your Personal Information; or that we provide information about our data practices. We will not discriminate against you in a manner prohibited by applicable state law for exercising any rights you may have under that law.
You can contact us to exercise these rights using the details in Section 12 (Contact Information). We may need to verify your identity before responding to certain requests. In some cases, we may be unable to fully accommodate a request where we are permitted or required to do so under applicable law, and we will explain our reasons if we decline or limit a request.
8.4 Other Regions
If you live in a jurisdiction that has its own privacy laws, those laws may provide you with additional or different rights regarding your Personal Information or require us to provide you with specific disclosures about how we process your Personal Information.
You can contact us to exercise these rights using the details in Section 12 (Contact Information). We may need to verify your identity before responding to certain requests. In some cases, we may be unable to fully accommodate a request where we are permitted or required to do so under applicable law, and we will explain our reasons if we decline or limit a request.
9. Security
We use technical and organizational measures designed to protect Personal Information from accidental or unlawful destruction, loss, alteration, or unauthorized access, use, or disclosure.
Our measures may include, for example, using encryption in transit, such as HTTPS, for information transmitted over public networks; using encryption at rest when storing information, where supported by our systems and third-party service providers; and limiting access to Personal Information to personnel who need it to perform their job duties in connection with the Services and who are subject to appropriate confidentiality obligations.
We also take reasonable steps to select third-party service providers that implement appropriate security measures to protect the information they process on our behalf.
However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.
You are responsible for helping to protect your Personal Information by taking reasonable steps, such as limiting access to the devices and email accounts that you use to access the Services. You should contact us using the details in Section 12 (Contact Information) if you believe your Personal Information has been compromised.
If we become aware of a security incident that affects Personal Information, we will investigate the incident and take steps as required by applicable law, which may include notifying you and/or relevant authorities.
10. Children’s Privacy
The Services are not directed to children under 13 years of age, or any higher minimum age required by applicable law in your jurisdiction (the “Minimum Age”), and we do not knowingly collect Personal Information from children under the Minimum Age.
If you are under the Minimum Age, you may not access or use the Services or provide Personal Information to us. If you are between the Minimum Age and the age of majority in your place of residence, you should access or use the Services only with the permission and under the supervision of a parent or legal guardian.
If we learn that we have collected Personal Information from a child under the Minimum Age, we will take appropriate steps, consistent with applicable law, to delete or de-identify that information and, where appropriate, to disable the related account.
If you are a parent or legal guardian and believe that a child under the Minimum Age has provided Personal Information to us, you should contact us using the details in Section 12 (Contact Information) so that we can take appropriate action.
11. Changes to This Privacy Policy
We may update or modify this Privacy Policy from time to time. If we make changes, we will post the updated Privacy Policy on our website or within the Services and update the “Last Updated” date at the top of this Privacy Policy. Unless we state otherwise, changes take effect when we post the updated Privacy Policy. We may also specify a later effective date in the updated Privacy Policy, in which case the changes will apply from that effective date.
Some changes may be minor, including, without limitation, corrections, clarifications, or formatting changes, and others may be more material. For material changes, we may, where we consider it reasonable and practicable, provide additional notice by email, within the Services, or on our website. However, we are not obligated to provide notice of all changes, and the timing and form of any notice will be determined by us in our reasonable discretion, except where applicable law requires otherwise.
We encourage you to review this Privacy Policy periodically to stay informed about our information practices. If you continue to access or use the Services after an updated Privacy Policy takes effect, you do so under the terms of the updated Privacy Policy.
12. Contact Information
If you have any questions, concerns, or requests about the Services, this Privacy Policy, or how we handle your Personal Information, or if you would like to exercise any rights you may have under applicable law, you can contact us at:
- privacy [at] cogniludus [dot] com
We may also make available contact or request tools within the Services. Where we do so, you may use those tools to contact us or submit requests, and we will handle those requests in accordance with this Privacy Policy and applicable law.
You can also write to us by mail at:
Cogniludus Inc.
2261 Market Street STE 85710
San Francisco, CA 94114
United States