Cogni

Privacy Policy

Effective version: 2026-06-03. This policy explains what Cogni collects, how it is used, who it is shared with, and your rights.

1. What we collect

  • Account data — your email address and authentication identifiers (and your name/avatar if you sign in with Google).
  • Coursework you upload — syllabi, notes, past exams, and similar materials, plus the data we derive from them (topics, schedules, flashcards, study history).
  • Your API keys — the third-party AI keys you provide, stored encrypted in a dedicated secrets vault and used only to make AI requests on your behalf.
  • Usage data — basic operational logs and per-day feature counters used to enforce rate limits and detect abuse.

2. How we use it

We use your data solely to provide the Service: to analyze your materials, generate study content, schedule reviews, and operate, secure, and improve the product. We do not sell your data, and we do not use your coursework to train our own models.

3. Who we share it with (sub-processors)

To run the Service we share data with the following processors. The AI providers are called using your own API key; their handling of your requests is also governed by their terms and your account with them.

  • SupabaseDatabase, authentication, and encrypted file/secret storage.
  • VercelApplication hosting and content delivery.
  • Anthropic (Claude)AI tutoring, syllabus analysis, and study-content generation — called with your own API key.
  • OpenAIText embeddings (search) and text-to-speech (audio overviews) — called with your own API key.
  • GoogleOptional Google sign-in and Google Calendar sync, only if you connect them.

4. AI providers & data retention

When you use AI features, the relevant materials and prompts are sent to Anthropic and/or OpenAI under your own API key. By default, these providers may retain API inputs and outputs for a limited period for abuse-monitoring purposes and do not use API data submitted under standard commercial terms to train their models. Retention and training behavior is governed by your agreement with each provider and the settings on your provider account.

Operator note (remove before launch):confirm each provider’s current data-retention / zero-data-retention and training posture for the API tier you direct users to, and update this section to state it precisely. This sentence should not appear on the live site.

5. Storage & security

Data is stored with our hosting and database providers (Supabase, Vercel). Access is isolated per user at the database level (row-level security), and your API keys are kept in an encrypted vault separate from ordinary application data.

6. Your rights

  • Access / export — you can export your account data from Settings.
  • Deletion — you can delete your account from Settings at any time. Deletion permanently removes your database records, uploaded files, stored secrets, and authentication record.
  • Correction — you can edit your profile and content in the app.

7. Children

The Service is not directed to children under the minimum age stated in our Terms. We do not knowingly collect data from anyone under that age.

8. Changes & contact

We may update this policy; material changes are reflected by a new version number. Questions or privacy requests: support@trycogni.com.