Sign in Talk to our team
Products
Solutions
EnterprisesStartups Embedded financeFinance automationMarketplaces AccountingBankingHealthcareHospitalityInsuranceMediaReal estateRetail Pricing Docs
Resources
Blog FAQ AboutCompare Contact Talk to our team
Legal

Privacy Policy.

How we collect, use, share, and protect personal information when you use the Cogneris document intelligence platform, our website, and related services.

Last updated: 7 May 2026  ·  Effective date: 7 May 2026

This Privacy Policy explains how Cogneris ("Cogneris", "we", "us", or "our") processes personal information in connection with the Cogneris document intelligence platform, the cogneris.ai website (the "Site"), our APIs, and related services (together, the "Service"). It applies to visitors to our Site, prospective customers, customers, end users authorized by our customers, and other individuals who interact with us.

Cogneris acts as the controller of personal information we collect directly from website visitors and account administrators of our customers. When our customers use the Service to process documents that contain personal data, Cogneris acts as a processor on the customer's behalf, and our processing is governed by the customer's agreement with us, including our Data Processing Addendum ("DPA"). This Policy describes our practices in our capacity as controller. For processing as processor, please contact your Cogneris account administrator.

1. Information we collect

1.1 Information you provide

  • Account information: name, work email, role, company, phone number, and login credentials when you register, request a demo, or contact us.
  • Billing information: billing contact, billing address, and tax identifiers. Card data is collected by our payment processor (Stripe); we do not store full card numbers.
  • Communications: the contents of messages you send us through email, contact forms, support tickets, and meetings.
  • Marketing preferences: opt-ins, event registrations, and content you request.

1.2 Information we collect automatically

  • Usage data: pages viewed, features used, API calls, timestamps, error reports, and performance metrics.
  • Device and connection: IP address, browser type and version, operating system, language, referring URL, and approximate location derived from IP.
  • Cookies and similar technologies: see Section 11.

1.3 Customer Data processed on behalf of customers

Our customers upload documents and configure extraction templates through the Service ("Customer Data"). Customer Data may contain personal data of the customer's employees, contractors, vendors, or end users. When Cogneris processes Customer Data, it does so as a processor on documented instructions from the customer under the customer's agreement and the DPA. We do not determine the purposes of processing Customer Data, and we do not use Customer Data to train or improve generally-available models (see Section 3).

1.4 Information from third parties

  • Authentication providers (e.g. Google, Microsoft) when you sign in with single sign-on.
  • Business data providers for sales prospecting (e.g. company size, industry, public profile information).
  • Service providers who help us operate the Services (analytics, customer support, payments, communications).

2. How we use personal information

We use personal information to:

  • provide, operate, secure, and improve the Services;
  • create and administer accounts, authenticate users, and manage subscriptions;
  • process payments, invoicing, and tax;
  • respond to inquiries, provide customer support, and communicate service-related notices;
  • send marketing communications about Cogneris products, events, and content (subject to your preferences and applicable law);
  • monitor, troubleshoot, prevent fraud, abuse, and security incidents, and enforce our terms;
  • comply with legal obligations, respond to lawful requests, and protect our rights and the rights of others;
  • maintain audit logs as described in our security documentation; and
  • conduct internal analytics and product research using aggregated and de-identified data.

3. AI models and training

Cogneris does not use Customer Data, document content, or extracted fields to train, fine-tune, or evaluate generally-available foundation models or any model made available to other customers. We may use de-identified, aggregated metadata about system performance (such as latency, error rates, and feature usage) to improve the Services. Where we use third-party model providers (such as OpenAI, Anthropic, or Google Vertex), we contractually require that Customer Data sent to those providers is not used to train their models.

4. Legal bases (EEA, UK, Switzerland)

If you are in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for processing personal information are:

  • Performance of a contract — to provide the Services to you or your organization, manage accounts, and provide support.
  • Legitimate interests — to operate, secure, and improve the Services, prevent fraud and abuse, conduct sales and marketing to business contacts, and develop our business, where those interests are not overridden by your rights.
  • Consent — for cookies that are not strictly necessary, certain marketing communications, and where required by applicable law. You can withdraw consent at any time.
  • Legal obligation — to comply with tax, accounting, regulatory, and other legal requirements.

5. How we share personal information

We share personal information with:

  • Sub-processors and service providers who provide infrastructure (Google Cloud), payments (Stripe), email and communications (SendGrid, Twilio), analytics, customer support, and AI model inference (OpenAI, Anthropic, Google Vertex). A current list of sub-processors is available on our Data Protection page.
  • Customers — if you are an authorized user of a customer account, we share your account and usage information with the customer that administers that account.
  • Professional advisors such as auditors, lawyers, and accountants under confidentiality obligations.
  • Authorities and other parties when required by law, in response to a lawful request, or to protect our rights, the safety of users, or the integrity of the Services.
  • Successors in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to confidentiality obligations.

We do not sell personal information for monetary consideration. We do not "share" personal information for cross-context behavioral advertising as those terms are defined under California law.

6. International data transfers

Cogneris operates internationally. Personal information may be transferred to, processed in, and stored in countries other than the country in which it was collected, including the United States and the European Union. Where we transfer personal information from the EEA, the UK, or Switzerland to a country that has not been recognized as providing an adequate level of data protection, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable). You can request a copy of the safeguards we apply by contacting legal@cogneris.ai.

7. Retention

We retain personal information for as long as necessary to provide the Services and for the purposes described in this Policy, including to comply with legal, accounting, and regulatory obligations, resolve disputes, enforce agreements, and maintain audit trails. Customer Data is retained according to the customer's contract and configured retention settings; on termination, Customer Data is deleted or returned in line with the DPA. Our default audit-log retention is seven (7) years. Marketing contact information is retained until you unsubscribe or otherwise object.

8. Your rights

Depending on where you live, you may have the following rights with respect to your personal information:

  • Access — request a copy of the personal information we hold about you.
  • Rectification — request correction of inaccurate or incomplete information.
  • Erasure / deletion — request that we delete personal information, subject to legal exceptions.
  • Restriction — request that we restrict processing in certain circumstances.
  • Objection — object to processing based on legitimate interests or for direct marketing.
  • Portability — receive personal information in a structured, commonly used, machine-readable format.
  • Withdraw consent — where processing is based on consent.
  • Opt out of sale or sharing for cross-context behavioral advertising (California) — Cogneris does not engage in either, but you may submit a request to confirm.
  • Limit use of sensitive personal information (California) — Cogneris does not use sensitive personal information for purposes that require this right, but you may submit a request.
  • Non-discrimination — we will not discriminate against you for exercising your rights.
  • Lodge a complaint with your supervisory authority. For the EU, that is the data protection authority of your country of residence; for the UK, that is the Information Commissioner's Office (ICO).

How to exercise your rights

Submit a request to legal@cogneris.ai. We will verify your identity using information already associated with your account and will respond within the time frame required by applicable law (generally 30 days under GDPR/UK GDPR; 45 days under CCPA/CPRA, extendable as permitted). If your information is processed by Cogneris on behalf of one of our customers (Customer Data), please contact that customer directly; we will support the customer in responding where required.

When we log your request, we email you a receipt with a tracking code. Look up the status and chain-position proof at cogneris.ai/privacy/request/track/.

9. Children

The Services are intended for businesses and are not directed to children. We do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us with personal information, please contact us and we will take appropriate steps to delete it.

10. Security

We implement technical and organizational measures designed to protect personal information, including encryption in transit (TLS 1.3) and at rest (AES-256-GCM), strict tenant isolation, role-based access controls, multi-factor authentication for employees, and continuous monitoring. A summary is available on our Security page. No system is perfectly secure; we encourage you to use a strong, unique password and to notify us of any suspected unauthorized access.

11. Cookies and similar technologies

We use cookies and similar technologies to operate the Site and Platform, remember your preferences, analyze usage, and (where you consent, in jurisdictions that require consent) measure the effectiveness of marketing. You can manage cookie preferences through our cookie banner where shown and through your browser settings. Strictly necessary cookies cannot be disabled. We honor Global Privacy Control (GPC) signals where required.

12. Third-party links

The Site may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy notices.

13. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you by email (where we have your address) or by prominent notice on the Site before the changes take effect. The "Last updated" date at the top of this Policy indicates when it was last revised.

14. How to contact us

For questions about this Policy, to exercise your rights, or to raise a concern, contact:

  • Email: legal@cogneris.ai
  • Postal: Cogneris — Privacy, [Registered office address — to be confirmed]

EU representative (Article 27 GDPR)

Cogneris has appointed an EU representative under Article 27 GDPR for matters relating to the processing of personal data of individuals in the European Economic Area. You may contact the representative directly with any questions or complaints about our processing:

  • Representative: [EU Representative entity name — to be confirmed]
  • Address: [EU Representative address — to be confirmed]
  • Email: eu-rep@cogneris.ai

UK representative (Article 27 UK GDPR)

Cogneris has appointed a UK representative under Article 27 of the UK GDPR for matters relating to the processing of personal data of individuals in the United Kingdom:

  • Representative: [UK Representative entity name — to be confirmed]
  • Address: [UK Representative address — to be confirmed]
  • Email: uk-rep@cogneris.ai

Appointing an Article 27 representative does not affect Cogneris's own responsibility under the GDPR or UK GDPR. Designating a representative is required for controllers and processors that are not established in the EU/UK and are subject to those laws under Article 3(2). If Cogneris maintains an establishment in the EU or the UK, the relevant lead supervisory authority is identified in our records of processing and available on request.

Brazil (LGPD)

If you are in Brazil, Cogneris's LGPD privacy contact is legal@cogneris.ai. You have the right to confirm processing, access your data, request correction or anonymization, request portability, request deletion, obtain information about shared parties, and revoke consent. You may also lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD).

Encarregado / Data Protection Officer: [DPO name — to be confirmed once appointed], reachable at dpo@cogneris.ai.