Last updated: January 2025
Cogniphai ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered pharmaceutical research platform and related services (collectively, the "Services").
This policy applies to all users of our Services, including visitors to our website, registered account holders, and organizations using our platform. By using our Services, you agree to the collection and use of information in accordance with this policy.
We are committed to compliance with applicable data protection laws, including the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy regulations.
We collect several types of information from and about users of our Services:
We use the information we collect for the following purposes:
For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:
Important: We do not use your proprietary research data, clinical trial information, or regulatory submissions to train our AI models. Your research data is processed solely for the purpose of providing our Services to you.
We implement comprehensive, industry-standard security measures to protect your information from unauthorized access, alteration, disclosure, or destruction:
While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information to the best of our ability.
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:
We may share your information with third parties when you have provided explicit consent for such sharing.
We may share information with trusted third-party service providers who assist us in operating our platform, conducting our business, or serving our users. These service providers are bound by strict confidentiality agreements and are only permitted to use your information for the specific purposes we authorize. Categories of service providers include:
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or regulatory agencies). We will only disclose the minimum amount of information necessary to comply with such requests.
We may share information to protect our rights, privacy, safety, or property, or that of our users or others, including to prevent fraud or other illegal activities.
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information. See Section 15 for more details.
Depending on your location and applicable laws, you may have certain rights regarding your personal information. We are committed to helping you exercise these rights:
You have the right to access and receive a copy of your personal data that we hold. You can request access through your account settings or by contacting us at privacy@cogniphai.com.
You have the right to request correction of inaccurate or incomplete information. You can update most information directly through your account settings.
You have the right to request deletion of your personal data, subject to certain exceptions (e.g., legal obligations, ongoing contracts). We will honor deletion requests in accordance with applicable law.
You have the right to object to processing of your data or request restriction of processing in certain circumstances, such as when you contest the accuracy of your data or object to processing for direct marketing purposes.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another service provider, where technically feasible.
Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
To exercise any of these rights, please contact us at privacy@cogniphai.com. We will respond to your request within 30 days and may require verification of your identity to protect your privacy. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.
Cogniphai acts as a data controller for the personal information we collect and process directly from you. For certain processing activities, we may act as a data processor on behalf of your organization, in which case a separate Data Processing Agreement (DPA) will govern that relationship.
We process your personal data based on the following legal grounds under GDPR:
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. See Section 10 for detailed retention periods.
We have appointed a Data Protection Officer (DPO) to oversee our data protection practices. You can contact our DPO at dpo@cogniphai.com or by mail at the address provided in Section 19.
When we transfer personal data from the EEA to countries outside the EEA, we ensure appropriate safeguards are in place. See Section 12 for detailed information about international data transfers.
Cogniphai is committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. When we process Protected Health Information (PHI) on behalf of covered entities or business associates, we do so in accordance with HIPAA requirements.
When we act as a Business Associate under HIPAA, we enter into Business Associate Agreements (BAAs) with covered entities. These agreements establish the permitted and required uses and disclosures of PHI and ensure compliance with HIPAA's Privacy and Security Rules.
We implement administrative, physical, and technical safeguards to protect PHI, including:
We follow the "minimum necessary" standard, accessing and using only the minimum amount of PHI necessary to accomplish the intended purpose.
In the event of a breach of unsecured PHI, we will notify affected covered entities and individuals in accordance with HIPAA breach notification requirements. See Section 16 for our general breach notification procedures.
Individuals have certain rights regarding their PHI, including the right to access, amend, and receive an accounting of disclosures. These rights are typically exercised through the covered entity, but we will assist covered entities in fulfilling these obligations.
We use cookies and similar tracking technologies to collect and store information about your use of our Services. This section explains what cookies are, how we use them, and your choices regarding cookies.
Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and provide information to website owners.
We may also use third-party cookies from service providers for analytics, advertising, and other purposes. These third parties may use cookies to collect information about your online activities across different websites.
Most web browsers allow you to control cookies through their settings. You can set your browser to refuse cookies or to alert you when cookies are being sent. However, disabling certain cookies may limit your ability to use some features of our Services.
Cookie expiration periods: Session cookies expire when you close your browser. Persistent cookies remain for up to 12 months, after which they are automatically deleted. You can manage cookie preferences through your browser settings.
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
When you request deletion of your data or when retention periods expire, we will securely delete or anonymize your personal information using industry-standard methods. However, we may retain certain information if:
Data stored in backup or archive systems may be retained for additional periods but will be deleted in accordance with our retention schedule. We ensure that backup data is subject to the same security measures as active data.
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with certain rights regarding your personal information.
You have the right to request that we disclose:
You have the right to request deletion of your personal information, subject to certain exceptions (e.g., completing transactions, detecting security incidents, complying with legal obligations).
We do not sell your personal information. If we were to sell personal information in the future, California residents would have the right to opt-out of such sales.
We will not discriminate against you for exercising your CCPA rights, including by denying services, charging different prices, or providing a different level of service.
To exercise your CCPA rights, please contact us at privacy@cogniphai.com with "CCPA Request" in the subject line. We will verify your identity before processing your request and respond within 45 days (or as required by law).
Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction.
When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries outside these regions, we ensure appropriate safeguards are in place, including:
Our primary data processing facilities are located in the United States (specifically in AWS data centers in the US East and US West regions). We may also use service providers located in other countries. All transfers are subject to appropriate safeguards as described above.
By using our Services, you consent to the transfer of your information to our facilities and those of our service providers as described in this Privacy Policy.
Our Services are not intended for individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children.
If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at privacy@cogniphai.com. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to delete that information promptly.
We comply with the Children's Online Privacy Protection Act (COPPA) and other applicable laws regarding children's privacy.
Our Services may contain links to third-party websites, services, or applications that are not owned or controlled by Cogniphai. This Privacy Policy does not apply to third-party services.
We are not responsible for the privacy practices of third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.
We may integrate with third-party services to enhance functionality. When you authorize such integrations, you may be sharing information with those third parties. Their use of your information is governed by their own privacy policies.
We use third-party service providers to help us operate our Services. These providers are contractually obligated to protect your information and use it only for the purposes we specify. Categories of service providers include:
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction.
We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
Any successor entity will be bound by the terms of this Privacy Policy and will be required to protect your information in accordance with applicable data protection laws.
In the event of a data breach that compromises your personal information, we will notify affected users and relevant authorities in accordance with applicable law.
In the event of a breach, we will:
When we process personal data on behalf of our customers (acting as a data processor), we enter into Data Processing Agreements (DPAs) that govern the processing relationship.
Our standard DPA includes provisions for:
For Business Associate Agreements (BAAs) under HIPAA, please contact us at privacy@cogniphai.com.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Services after any changes constitutes acceptance of the updated Privacy Policy.
If we make material changes that significantly affect your rights, we will provide additional notice and, where required by law, obtain your consent.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@cogniphai.com
Address: Cogniphai
1041 N Dupont Hwy #1556
Dover, DE 19901
United States
Email: dpo@cogniphai.com
Address: Cogniphai
1041 N Dupont Hwy #1556
Dover, DE 19901
United States
Email: privacy@cogniphai.com
Address: Cogniphai
1041 N Dupont Hwy #1556
Dover, DE 19901
United States
To exercise your privacy rights (access, deletion, portability, etc.), please contact us at privacy@cogniphai.com with your request. We will respond within the timeframes required by applicable law.
If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority: