Політика Конфіденційності

Cognitify OÜ is the controller of the personal data processed under this Policy. You can reach us about any privacy matter using the details below.

We have not appointed a Data Protection Officer, as we are not required to do so under Article 37 of the GDPR. Privacy enquiries are handled at the contact above.

Depending on how you interact with us, we may process the following categories of personal data:

• Identity and contact data — name, email address, phone number, company name, and any details you include when you contact us or join a waitlist;
• Usage and technical data — IP address, device and browser type, operating system, pages viewed, referring URLs, and similar information collected automatically;
• Communications — the content of messages you send us and our correspondence with you;
• Consent and preferences — your cookie and marketing choices.

We do not intentionally collect special categories of personal data (such as health, biometric, or political data), and we ask that you do not send such data to us.

• Directly from you — when you fill in a form, join a waitlist, email us, or otherwise communicate with us;
• Automatically — through cookies and similar technologies when you use the Website (see "Cookies and Analytics" below);
• From third parties — for example analytics and infrastructure providers acting on our behalf.

We only process your personal data where we have a lawful basis under Article 6 of the GDPR:

• Performance of a contract — to provide the Services you request and respond to your enquiries;
• Legitimate interests — to operate, secure, and improve the Website and Services, understand how they are used, and prevent fraud and abuse, where these interests are not overridden by your rights;
• Consent — to set non-essential cookies and send marketing communications where required; you may withdraw consent at any time;
• Legal obligation — to comply with applicable laws, accounting requirements, and lawful requests from authorities.

We use a single analytics service (Google Analytics) to understand how the Website is used. Analytics and other non-essential cookies are set only after you give consent through our cookie banner, and consent defaults to denied until you choose. You can change or withdraw your choice at any time via the banner or your browser settings.

We do not sell your personal data. We may share it with:

• Service providers (processors) — hosting, infrastructure, and analytics providers who process data on our behalf under written data-processing terms;
• Professional advisers and authorities — where required to comply with the law, exercise or defend legal claims, or respond to lawful requests;
• Successors — a buyer or successor entity in a merger, acquisition, or reorganisation, subject to this Policy.

Some of our providers are located outside the European Economic Area (EEA). Where we transfer personal data outside the EEA, we rely on an adequacy decision of the European Commission or on appropriate safeguards such as the EU Standard Contractual Clauses. You may request a copy of the safeguards in place using the contact details above.

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. When data is no longer needed, we delete it or irreversibly anonymise it.

Subject to the conditions set out in the GDPR, you have the right to:

• Access — obtain confirmation of, and a copy of, the personal data we hold about you;
• Rectification — have inaccurate or incomplete data corrected;
• Erasure — ask us to delete your data (the "right to be forgotten");
• Restriction — ask us to restrict processing in certain circumstances;
• Data portability — receive your data in a structured, commonly used, machine-readable format;
• Objection — object to processing based on legitimate interests, or to direct marketing;
• Withdraw consent — withdraw any consent you have given, at any time, without affecting processing carried out beforehand.

To exercise any of these rights, contact us at privacy@cognitify.ai. We will respond within one month, as required by the GDPR. Exercising your rights is free of charge unless a request is manifestly unfounded or excessive.

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit and at rest, access controls, and audit logging. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

The Services are intended for businesses and are not directed to children. We do not knowingly collect personal data from children under the age of 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

We may update this Privacy Policy from time to time. The latest version will always be posted on this page with a new effective date, and we will notify you of material changes where required by law.

For any question about this Policy or how we handle your data, contact us:

If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, www.aki.ee) or with the supervisory authority in your country of residence. This Policy is governed by the laws of the Republic of Estonia and the GDPR.