Privacy Policy

1. Introduction

This Privacy Policy explains how Cognimon ("we", "us", or "our") collects, uses, and protects your personal information when you use our study tracking and learning companion platform ("the Service").

We are committed to protecting your privacy and ensuring the security of your personal data. This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

• Account Information: Email address, name (encrypted in our database)
• Authentication Data: Managed by Clerk authentication service
• Profile Information: Timezone, learning preferences, daily goals

2.2 Learning Data

We collect data related to your learning activities:

• Study sessions (duration, topics, activity types)
• Learning goals and progress
• Topic preferences and progress tracking
• Course enrollments and completion data
• Project and resource information

2.3 Technical Information

We automatically collect certain technical information:

• IP address and browser information
• Device information and operating system
• Usage patterns and feature interactions
• Error logs and performance data

2.4 Cookies and Tracking

We use cookies and similar technologies for:

• Essential Cookies: CSRF protection, session management, security
• Functional Cookies: User preferences, theme settings
• Analytics Cookies: Service improvement and usage statistics (anonymised)

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Provision

• Provide and maintain the learning tracking platform
• Process and store your learning data
• Generate progress reports and analytics
• Enable data export functionality

3.2 Communication

• Send service-related notifications
• Respond to your inquiries and support requests
• Notify you of important changes to the service

3.3 Service Improvement

• Analyse usage patterns to improve the service
• Develop new features and functionality
• Create anonymised community insights and statistics

3.4 Security and Compliance

• Protect against fraud and abuse
• Ensure compliance with legal obligations
• Maintain service security and integrity

4. Data Security and Encryption

We implement comprehensive security measures to protect your data:

• Encryption: All personally identifiable information (PII) is encrypted using AES encryption before storage
• Secure Storage: Data is stored in secure, encrypted databases
• Access Controls: Strict access controls and authentication requirements
• Regular Backups: Encrypted backups of your data
• CSRF Protection: Cross-site request forgery protection
• Rate Limiting: Protection against abuse and automated attacks

5. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

• Service Providers: With trusted third-party services (e.g., Clerk for authentication, hosting providers) under strict data protection agreements
• Legal Requirements: When required by law or to protect our rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice)
• Anonymised Data: Aggregated, anonymised statistics for community insights (no personal identification possible)

6. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing of your data
• Rights Related to Automated Decision Making: Information about automated processing

To exercise these rights, please contact us at support@cognimon.com. We will respond within 30 days.

7. Data Retention

We retain your personal data for as long as necessary to provide the service and comply with legal obligations:

• Account Data: Retained while your account is active and for 2 years after closure
• Learning Data: Retained while your account is active, with option for permanent deletion
• Technical Logs: Retained for 12 months for security and debugging purposes
• Legal Requirements: Some data may be retained longer if required by law

8. International Data Transfers

Your data may be transferred to and processed in countries outside the UK. We ensure appropriate safeguards are in place, including:

• Adequacy decisions by the UK government
• Standard contractual clauses
• Binding corporate rules
• Certification schemes

9. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date
• Sending email notifications for significant changes

Your continued use of the service after any changes constitutes acceptance of the updated policy.

11. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.