Skip to main content

 

Privacy Policy

Cognida Inc. and its subsidiaries (“we”, “us”, or “our”) are committed to protecting the privacy and security of its customers and employee’s personal information. This Privacy Policy outlines how we collect, use, and disclose your information when you use our website, products, and services.

We, at Cognida.ai are committed to protecting the information that you share with us and explaining how we collect process and share that information online. When you use our services, you’re trusting us with your information. We understand this is a big responsibility and work hard to protect and entrust your information to keep it secure.

Our services are designed to facilitate operational, financial, and statistical analysis. We do not collect, store, or process Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA). As our systems do not handle PHI, the specific privacy and security provisions of HIPAA do not apply to our services. Nevertheless, we are committed to robust data governance and can provide HIPAA-compliant environments upon request, subject to a separate written agreement.

  1. Background: This Policy provides an overview of how Cognida.ai’s information of “data subjects” (hereinafter referred to as “You or your”) and their personal data are collected, how they’re handled, and how their privacy is protected. In this policy, “we”, “us” and “our” may refer to Cognida.ai, Cognida Inc. or its subsidiaries and affiliates.
  2. Services Provided by Cognida.ai: Cognida.ai is a new age artificial intelligence solutions company that’s working on solving customer problems using our artificial intelligence and machine learning platform “Zunō”. Using Zunō, our AI & ML platform, we provide predictive and prescriptive analytics trends, using the customers data and enabling decision intelligence to them, providing an end-to-end solution enabling businesses solving complex problems using insights from the data.
  3. Information we collect: We may collect personal information from you when you interact with our website, products, or services. This information may include:
    • Personal identification information (e.g., name, email address, phone number).
    • Payment information (e.g., credit card details) if you make a purchase.
    • Usage data (e.g., IP address, browser type, pages visited) collected automatically when you use our website or services.
    • Any other information you provide to us voluntarily.
    • Aggregated or anonymized data for analytical and benchmarking purposes.
    • Non-personal usage data to enhance system performance and user experience.
    • Client contact and account information necessary for service delivery, billing, or communication.
    • Personal information of US employees for employment and compliance purposes.
  4. How we use your information: We may use the information we collect for various purposes, including:
    • Providing, maintaining, and improving our products and services.
    • Communicating with you, including responding to your inquiries and providing customer support.
    • Personalizing your experience and delivering relevant content and advertisements.
    • Processing payments and fulfilling orders.
    • Analyzing usage trends and preferences.
    • Complying with legal obligations.
  5. Data sharing and disclosure: We may share your information with third parties for the following purposes:
    • With service providers who assist us in operating our business and providing our products and services (e.g., hosting providers, payment processors).
    • With our affiliates and partners for marketing and promotional purposes, where you have consented to such sharing.
    • In response to legal requests or to protect our rights, property, or safety, or the rights, property, or safety of others.
    • In connection with a business transaction, such as a merger, acquisition, or sale of assets.
    • We do not engage with third-party service providers in any capacity involving ePHI. We may share the personal information of US employees with vendors in India for purposes of validation and verification, in accordance with applicable laws and contractual safeguards.

    Client Responsibilities

    Clients are responsible for ensuring that:

    • No PHI is submitted through our systems, APIs, or platforms unless explicitly agreed upon in a BAA.
    • All data uploaded to our systems is scrubbed or anonymized prior to transmission.
    • Their use of our services complies with all applicable privacy and data protection laws, including HIPAA where relevant.

    We will not sell or rent your personal information to third parties for their marketing purposes without your explicit consent. We do not request, store, or process:

    • Names or other identifiers linked to individual health records
    • Health plan beneficiary numbers
    • Medical records or diagnoses linked to individuals
    • Biometric identifiers used for treatment or billing
  6. Data Security: We take reasonable measures to protect the security of your personal information and prevent unauthorized access, disclosure, alteration, or destruction. However, please note that no method of transmission over the internet or electronic storage is 100% secure.Although we do not process PHI, we maintain industry-standard security controls, including:
    • Encryption of data in transit and at rest
    • Role-based access controls
    • Audit logs and activity monitoring
    • Regular third-party security assessments
    • Independent assurance engagements such as SOC 2 and ISO certifications

    We do not collect unnecessary information, particularly health-related data. These measures help ensure a secure environment for the non-PHI
    data we handle.

    6.1 What are your data protection rights?

    Cognida.ai wants to ensure you are fully aware of your data protection rights. Every user is entitled to the following:

    • The right to access – You have the right to request Cognida.ai copies of your data. We may charge you a small fee for this service.
    • The right to rectification – You have the right to request that Cognida.ai correct any information you believe is inaccurate. You also have the right to request Cognida.ai to complete information you believe is incomplete.
    • The right to erasure – You have the right to request that Cognida.ai erase your data, under certain conditions.
    • The right to restrict processing – You have the right to request Cognida.ai to restrict the processing of your personal data, under certain conditions.
    • The right to object to processing – You have the right to object to Cognida.ai’s processing of your data, under certain conditions.
    • The right to data portability – You have the right to request that Cognida.ai transfer the data that we have collected to another organization, or directly to you, under certain conditions.
    • If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email.

    Email us at:
    dpo@cognida.ai

  7. Comprehensive PII Inventory Clause
    1. Identification of PII: Cognida.ai maintains a detailed inventory of Personally Identifiable Information (PII) that it collects, processes, and stores. PII includes but is not limited to names, addresses, email addresses, phone numbers, identification numbers, financial information, and any other information that can directly or indirectly identify individuals.
    2. Types of PII collected: The PII inventory encompasses all types of personal data collected through various channels, including but not limited to our websites, mobile applications, customer interactions, and third-party sources.
    3. Purpose of PII Collection: PII is collected for specific and lawful purposes, including but not limited to providing products and services, customer support, marketing communications, and compliance with legal obligations. Each category of PII collected is aligned with these purposes.
    4. Data Categories and Sources: The inventory categorizes PII based on sensitivity and relevance to business operations. Sources of PII include direct interactions with individuals, automated technologies such as cookies and analytics tools, and information obtained from third parties where permissible under applicable laws.
    5. Data Retention and Deletion Practices: Cognida.ai adheres to a documented data retention policy that specifies the retention periods for different categories of PII based on legal, operational, and business needs. PII is retained only for as long as necessary to fulfill the purposes outlined in this Policy and in accordance with legal requirements. Upon expiry of the retention periods or upon request, PII is securely deleted or anonymized.
    6. Security Measures:We implement appropriate technical and organizational measures to protect PII from unauthorized access, disclosure, alteration, or destruction. These measures include encryption, access controls, regular security assessments, and employee training on data protection principles.
    7. Updates to PII Inventory: The PII inventory is regularly reviewed and updated to reflect changes in data processing activities, new types of collected data, and compliance with evolving legal and regulatory requirements.
    8. Access to PII Inventory: Individuals have the right to request access to their PII held by Cognida.ai. Requests should be submitted in accordance with the procedures outlined in the “Individual Rights” section of this Policy.
  8. Governance: Cognida.ai is committed to protecting the privacy and security of personal data in accordance with applicable data protection laws and regulations in US & India where its operational. In the United States, data protection laws are primarily focused on specific sectors and aspects of privacy rather than a comprehensive, overarching federal law similar to the GDPR in the European Union. Here are some key federal and state laws that address data protection and privacy concerns in the US:
    • Health Insurance Portability and Accountability Act (HIPAA): Regulates the use and disclosure of protected health information
      (PHI) by healthcare providers, health plans, and healthcare clearinghouses.
    • Gramm-Leach-Bliley Act (GLBA): Requires financial institutions to explain their information-sharing practices to customers and to safeguard sensitive data.

    Many states have laws requiring businesses to notify individuals of security breaches involving their personal information and we would be complying to the same as well.

    In India, data protection is primarily governed by the Personal Data Protection Act which was passed in Aug 2023. The Act applies to the processing of digital personal data within India where such data is collected online or collected offline and is digitised. It will also apply to such processing outside India if it is for offering goods or services in India.

    HIPAA Applicability:

    We are not classified as a Covered Entity or Business Associate under HIPAA regulations because:

    • We do not receive, create, maintain, or transmit PHI on behalf of any Covered Entity.
    • Our services are structured so that clients are contractually prohibited from transmitting any individually identifiable health information or PHI through our systems.
    • If our services are expanded to include the handling of electronic PHI (ePHI), we will implement all required administrative, physical, and technical safeguards in accordance with HIPAA.
    • Should a client require HIPAA-compliant processing, a separate Business Associate Agreement (BAA) and data handling arrangement must be executed in writing.
    • As we do not interact with ePHI, we are not subject to HIPAA privacy or security requirements.

    We will only collect, process, and share your personal data where we have a lawful basis to do so under applicable law. This includes situations where you have provided consent, where processing is necessary for the performance of a contract, or where processing is necessary for our legitimate interests, and those interests do not override your fundamental rights and freedoms.

  9. Data Retention and Data Deletion Practices Clauses
    1. Data Retention Policy:
      1. Cognida maintains a documented data retention policy that governs the retention periods and deletion practices for personal data collected and processed by the organization.
      2. The retention periods are determined based on legal, regulatory, operational, and business requirements relevant to the purposes for which the personal data was collected.
    2. Retention Periods:
      1. Personal data is retained only for as long as necessary to fulfill the purposes outlined in this Policy and as required by applicable laws and regulations.
      2. Retention periods may vary depending on the category of personal data and the specific context of its processing. Typical
        retention periods are specified as follows:

        1. Customer account information is retained for 3 years after the end of the customer relationship; transaction records are retained for 7 years for tax and audit purposes.
          Employment records are kept for 2 years post the employee leaves the organization.
    3. Data Deletion Procedures
      1. Upon expiration of the retention periods or upon request from individuals (where applicable), personal data will be securely deleted, anonymized, or archived in accordance with our data retention policy.
      2. Data deletion procedures include ensuring that all copies of personal data are identified and securely deleted or anonymized from our systems, databases, backups, and third-party service providers where feasible and permissible under contractual
        obligations.
    4. Exceptions to Deletions: Certain legal or regulatory obligations may require us to retain personal data for longer periods than specified in our retention policy. In such cases, we will ensure that the personal data is protected and used only for the purposes outlined in this Policy.
    5. Review and Update: This data retention and deletion practices clause, including the associated data retention policy, is periodically reviewed and updated to reflect changes in our data processing activities, legal and regulatory requirements, and business practices.
    6. Individual rights: Individuals have the right to request deletion of their personal data where permitted by law. Requests should be submitted in
      accordance with the procedures outlined in the “Individual Rights” section of this Policy.
  10. Cookie Management
    1. Types of Cookies Used: Cognida.ai uses cookies and similar tracking technologies (collectively referred to as “cookies”) on its websites and applications. These may include essential cookies necessary for the functioning of the site, analytical/performance cookies to analyze user behavior, functionality cookies to enhance user experience, and targeting/advertising cookies to personalize content and ads.
    2. Consent to Cookies: By using our website or application, you consent to the use of cookies as described in this Cookie Management clause and in our Privacy Policy. You can manage your cookie preferences and consent settings through our cookie consent banner or settings provided on the website or application.
    3. Managing Cookie Preferences: You have the option to control and manage cookies through your browser settings or through our cookie consent banner/settings. You can block cookies, delete existing cookies, or set preferences to receive notifications when cookies are placed. Please note that blocking or deleting cookies may affect your browsing experience and functionality of our website or application.
    4. Types of Cookies & Purposes
      1. Essential Cookies: Necessary for the operation of our website or application. These cookies enable core functionalities such as security, network management, and accessibility.
      2. Analytical/Performance Cookies: Used to analyze how users interact with our website or application, track website performance, and improve user experience.
      3. Functionality Cookies: Enhance the usability of our website or application by remembering user preferences and settings.
      4. Targeting/Advertising Cookies: Used to deliver relevant advertisements to users based on their interests and browsing behaviour.
    5. Third-Party Cookies: We may allow third-party service providers (e.g., analytics providers, advertising networks) to place cookies on our websites or applications to perform services on our behalf. These cookies are subject to the third parties’ own privacy policies and cookie management practices.
    6. Cookie Settings: You can adjust your cookie settings at any time through our cookie consent banner or settings provided on our website or application. Changes to cookie settings may require refreshing the page for the changes to take effect.
    7. Updates to Cookie Management: This Cookie Management clause, including our use of cookies and how you can manage your preferences, may be updated from time to time to reflect changes in our practices or legal requirements. We recommend reviewing this policy periodically for any updates.
    8. Contact Information: If you have any questions or concerns about our use of cookies or this Cookie Management clause, please contact us at dpo@cognida.ai.
  11. Data Breach Reporting and Data Protection Officer Details
    1. Data Breach Reporting
      1. Notification Obligations: In the event of a data breach involving personal data, Cognida.ai will promptly assess the breach to determine its scope and impact on individuals.
      2. Notification to Individuals: If the breach is likely to result in a high risk to the rights and freedoms of individuals, Cognida.ai will notify affected individuals without undue delay, providing information about the nature of the breach and recommended measures to mitigate potential adverse effects.
      3. Notification to Regulatory Authorities: Cognida.ai will comply with applicable data protection laws and regulations regarding the notification of data breaches to relevant regulatory authorities. Notifications will be made in accordance with timelines and requirements specified in applicable laws.
      4. Contact Information: Individuals affected by a data breach can contact dpo@cognida.ai for further assistance and information regarding the breach.
    2. Data Protection Officer (DPO) Details
      • Designation of DPO: Cognida.ai has appointed a Data Protection Officer (DPO) to oversee the organization’s data protection strategy and ensure compliance with data protection laws and regulations.
      • Contact Information:
        • Name: Sumesh Balakrishnan
        • Position: Data Protection Officer
        • Email: dpo@cognida.ai
      • Roles and Responsibilities: The DPO’s responsibilities include:
        • Monitoring compliance with data protection laws and internal data protection policies.
        • Providing advice and guidance on data protection impact assessments (DPIAs) and ensuring they are conducted where necessary.
        • Serving as the point of contact for individuals and regulatory authorities regarding data protection matters.
      • Reporting Structure: The DPO reports directly to CEO and the Board to ensure independence and effectiveness in carrying out their duties.
    3. Updates to Data Breach Reporting and DPO Details: This section of the Data Privacy Policy, including data breach reporting procedures and DPO details, will be reviewed and updated as necessary to reflect changes in data protection practices, legal requirements, and organizational structure.
      1. Privacy Policy of other websites: Cognida.ai website contains links to other websites. Cognida.ai privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.
      2. Your choices: You have the right to access, update, or delete your personal information. You may also opt-out of receiving marketing communications from us by following the instructions provided in the communication.
      3. Children’s privacy: Our products and services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe that we have collected personal information from a child under 13, please contact us immediately.
      4. Changes to this Privacy Policy: We may update this Privacy Policy from time to time by posting the revised version on our website. Your continued use of our website, products, or services after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.
      5. Contact Us: If you have any questions regarding this Privacy Policy or our data practices, to request a HIPAA-compliant engagement, or to report concerns about the collection or disclosure of PHI/PII covered data, please contact us at dpo@cognida.ai.
Skip to content