Privacy Policy

Welcome to Cognoska (“we”, “us”). We respect your privacy and are committed to protecting your personal data. This policy explains what we collect, how and why we process it, with whom we share it, how long we keep it, and the rights you can exercise under GDPR. Controller: Cognoska (contact details below). If you use our services from the EU/EEA, GDPR applies.

We process the following categories of data, depending on how you use Cognoska: • Identity & Account Data (via Clerk): email address, name (if provided), profile image (optional), authentication identifiers. Passwords are managed by Clerk and are not stored by us. • Profile Data (via Supabase): language preference, subscription status, topic preferences (AI), consent flags (marketing/data processing), timestamps (created, last login), avatar URL. • Billing Data (via Stripe): billing name, address, VAT ID (if provided), transaction metadata. We do not store full payment card data; Stripe processes it on our behalf. • Usage & Technical Data: IP address, device/browser information, log data, pages viewed, and interactions necessary for security, performance, and service analytics. • Communication Data: your settings for email notifications, newsletter opt‑ins (double opt‑in), and any messages you send to us. • Content Inputs for AI: text you submit for generating summaries or digests. Personal data should not be included unless necessary for your use case.

We use your data only when the law allows us to. Legal bases under GDPR: Art. 6(1)(b) contract performance, Art. 6(1)(c) legal obligation, Art. 6(1)(f) legitimate interests, and Art. 6(1)(a) consent. Main purposes: • Account & Authentication (Clerk) – to create/manage your account and keep sessions secure. (Art. 6(1)(b)) • Service Delivery & Personalization (Supabase) – to store your profile, preferences, and show relevant content. (Art. 6(1)(b)) • Subscriptions & Payments (Stripe) – to process payments, handle invoices/receipts, detect fraud. (Art. 6(1)(b)/(c)) • AI Content Generation (OpenAI) – to generate daily and periodic scientific paper digests. We minimize personal data in prompts. (Art. 6(1)(f)) • Security, Logs, Performance (Vercel/Supabase) – to operate, secure, and improve our platform. (Art. 6(1)(f)) • Emails & Notifications – transactional emails (e.g., login codes, invoices) without consent; newsletters/marketing only with your prior consent (double opt‑in). (Art. 6(1)(a)/(b)) • Compliance – tax and accounting retention duties. (Art. 6(1)(c))

We do not sell your personal data. We share it only with processors and partners necessary to run Cognoska: • Authentication: Clerk (EU/US) • Database & Storage: Supabase (EU or US region, configured by us) • Hosting & Delivery: Vercel (EU/US) • Payments: Stripe (EU/US) • AI Processing: OpenAI (US/EU infrastructure as available) • Email Delivery (transactional/opt‑in): reputable email service provider All processors are bound by Data Processing Agreements (DPAs). Where data may be transferred outside the EU/EEA (e.g., to the US), Standard Contractual Clauses (SCCs) are used.

We keep personal data only as long as necessary for the purposes above: • Account & Profile Data: kept while your account is active. Upon deletion, we delete or anonymize within 30 days (backups may persist for a limited period). • Billing/Invoices: kept 6–10 years to meet legal obligations. • Logs/Technical Data: kept for a short period for security and operations unless longer retention is required by law. • AI Inputs/Outputs: retained only as long as needed to provide the feature and improve reliability, not for unrelated profiling.

You can exercise the following rights under GDPR: • Access your data • Rectify inaccurate data • Erase data (“right to be forgotten”) where applicable • Restrict processing • Object to processing based on legitimate interests • Data portability • Withdraw consent at any time (affects future processing only) • Lodge a complaint with your supervisory authority To exercise rights, contact us using the details below.

We use cookies and similar technologies: • Essential: required for login, security, and core functionality. These cannot be disabled. • Preferences: store language and UI settings and are used only with your consent. You can change your choices anytime via the cookie settings widget on our site. Legal bases: Art. 6(1)(b) for essential; Art. 6(1)(a) for preferences.

Contact us: info@cognoska.com International transfers: Some providers (Clerk, Stripe, Vercel, OpenAI, email provider) may process data outside the EU/EEA. We rely on DPAs and the EU Standard Contractual Clauses (SCCs). We also implement technical and organizational measures (encryption in transit, access controls, least‑privilege). Changes to this policy will be posted here with a new “Last updated” date.