Privacy Policy
Effective Date: January 2026 | Last Updated: January 2026
1. Introduction
CognisRAG ("we," "our," or "us") operates the CognisRAG platform, a document intelligence service accessible at https://cognisrag.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By accessing or using CognisRAG, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms of this policy, please do not access the Service.
2. Information We Collect
2.1 Information You Provide
- Account Information: When you sign in using Google OAuth, we receive your name and email address from Google.
- User Content: Documents, files, and other content you upload to the Service for processing.
- Communications: Any correspondence you send to us, including support requests.
2.2 Information Collected Automatically
- Usage Data: Information about how you interact with the Service, including pages visited, features used, and timestamps.
- Device Information: Browser type, operating system, and device identifiers.
- Log Data: Server logs that record requests made to our Service.
2.3 Cookies and Similar Technologies
We use essential cookies to maintain your session and authentication state. We do not use advertising or tracking cookies.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Authenticate your identity and secure your account
- Process and analyse your uploaded documents using artificial intelligence
- Respond to your enquiries and provide customer support
- Monitor and analyse usage patterns to improve the Service
- Detect, prevent, and address technical issues or security breaches
- Comply with legal obligations
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area, we process personal data under the following legal bases:
- Contractual Necessity: Processing required to provide the Service you requested
- Legitimate Interests: Improving and securing our Service, provided these interests are not overridden by your rights
- Consent: Where you have given explicit consent for specific processing activities
- Legal Obligation: Where processing is required to comply with applicable law
5. Data Sharing and Third-Party Services
We share your information with the following categories of service providers who assist in operating our Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database hosting, file storage, authentication | Account data, uploaded documents, usage data |
| Google Cloud | AI processing (Gemini), OAuth authentication | Document content (for AI analysis), authentication tokens |
| Vercel | Application hosting | Server logs, request data |
These providers process data on our behalf and are contractually obligated to protect your information. We do not sell your personal data to third parties.
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:
- Account Information: Retained until you delete your account
- Uploaded Documents: Retained until you delete them or close your account
- Usage Logs: Retained for up to 12 months for security and analytics purposes
You may request deletion of your data at any time by contacting us.
7. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS/SSL)
- Encryption of data at rest
- Row-level security ensuring users can only access their own data
- Regular security assessments
However, no method of transmission over the Internet is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate or incomplete data
- Erasure: Request deletion of your personal data
- Data Portability: Request a copy of your data in a machine-readable format
- Restriction: Request that we limit processing of your data
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Where processing is based on consent, withdraw that consent at any time
To exercise these rights, contact us using the details in Section 12.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. When we transfer data internationally, we implement appropriate safeguards to protect your information.
10. Children's Privacy
The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Material changes will be communicated via email or a prominent notice on the Service.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:
Email: me@abiolafatunla.com
For users in the European Economic Area, you also have the right to lodge a complaint with your local data protection authority.