Privacy Policy

Effective Date: January 2026 | Last Updated: January 2026

1. Introduction

CognisRAG ("we," "our," or "us") operates the CognisRAG platform, a document intelligence service accessible at https://cognisrag.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using CognisRAG, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms of this policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you sign in using Google OAuth, we receive your name and email address from Google.
  • User Content: Documents, files, and other content you upload to the Service for processing.
  • Communications: Any correspondence you send to us, including support requests.

2.2 Information Collected Automatically

  • Usage Data: Information about how you interact with the Service, including pages visited, features used, and timestamps.
  • Device Information: Browser type, operating system, and device identifiers.
  • Log Data: Server logs that record requests made to our Service.

2.3 Cookies and Similar Technologies

We use essential cookies to maintain your session and authentication state. We do not use advertising or tracking cookies.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and secure your account
  • Process and analyse your uploaded documents using artificial intelligence
  • Respond to your enquiries and provide customer support
  • Monitor and analyse usage patterns to improve the Service
  • Detect, prevent, and address technical issues or security breaches
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process personal data under the following legal bases:

  • Contractual Necessity: Processing required to provide the Service you requested
  • Legitimate Interests: Improving and securing our Service, provided these interests are not overridden by your rights
  • Consent: Where you have given explicit consent for specific processing activities
  • Legal Obligation: Where processing is required to comply with applicable law

5. Data Sharing and Third-Party Services

We share your information with the following categories of service providers who assist in operating our Service:

ProviderPurposeData Shared
SupabaseDatabase hosting, file storage, authenticationAccount data, uploaded documents, usage data
Google CloudAI processing (Gemini), OAuth authenticationDocument content (for AI analysis), authentication tokens
VercelApplication hostingServer logs, request data

These providers process data on our behalf and are contractually obligated to protect your information. We do not sell your personal data to third parties.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account Information: Retained until you delete your account
  • Uploaded Documents: Retained until you delete them or close your account
  • Usage Logs: Retained for up to 12 months for security and analytics purposes

You may request deletion of your data at any time by contacting us.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of data at rest
  • Row-level security ensuring users can only access their own data
  • Regular security assessments

However, no method of transmission over the Internet is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Data Portability: Request a copy of your data in a machine-readable format
  • Restriction: Request that we limit processing of your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Where processing is based on consent, withdraw that consent at any time

To exercise these rights, contact us using the details in Section 12.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. When we transfer data internationally, we implement appropriate safeguards to protect your information.

10. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Material changes will be communicated via email or a prominent notice on the Service.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Email: me@abiolafatunla.com

For users in the European Economic Area, you also have the right to lodge a complaint with your local data protection authority.