Privacy policy
Effective 2026-07-06. Cognoio is in invite-only early access; this policy will be updated as the product evolves, and material changes will be announced to account holders by email.
Who we are
Cognoio ("we") is operated from Sweden. Contact for anything in this policy: privacy@cognoio.com.
What we collect
Account data: your email address and a password. The password is sent over an encrypted connection and stored only in hashed form by our authentication provider; we do not retain your raw password. Waitlist signups store only the email you submit.
Google Calendar (if you connect it): event metadata such as titles, times, and attendees, read-only. We cannot create, change, or delete your events.
Gmail (if you connect it): message metadata only, meaning subjects, sender and recipient headers, labels, and timestamps. We use Google's metadata-only scope, which means we technically cannot read message bodies or attachments, and we never ask for a scope that could. By default we read only your Inbox; you choose which labels are included.
Slack and Notion (workspace integrations, currently in private testing): messages and pages from workspaces that explicitly install the integration, filtered by your own access in those tools.
Product telemetry: errors are reported to Sentry with technical context; we do not run advertising trackers.
How we use it
To render your own feed, timeline, recap, and daily plan; and to generate AI summaries, briefs, answers, and rankings for you. AI processing sends relevant excerpts of your data (for example, calendar event titles or email subjects) to Anthropic's API. Under Anthropic's commercial terms this data is not used to train their models. We never sell your data, never share it with advertisers, and never use one customer's data to serve another.
Cognoio's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Access model
Your data is visible only to your own account. Every read path in the product, including the AI features, is enforced by row-level security keyed to your user, and AI answers can only cite items you could already see yourself.
Retention and deletion
Gmail metadata is kept for at most 90 days. When you disconnect Gmail we stop ingestion immediately and delete your stored email metadata; a small amount of derived data (for example, an email subject already summarized into your work graph) is cleared on a rolling basis after that. Disconnecting any source stops ingestion for it. To delete your account and all associated data in full, email privacy@cognoio.com; we will complete the deletion within 30 days and confirm it.
Where your data lives (sub-processors)
Supabase (database and authentication), Anthropic (AI processing), Vercel (web hosting), Hostinger (application server hosting, EU), Sentry (error reporting), and Google (the APIs you connect). We will keep this list current as infrastructure changes.
Your rights
If you are in the EU/EEA you have the rights the GDPR gives you: access, rectification, erasure, restriction, portability, and objection. Email privacy@cognoio.com to exercise any of them. You can also complain to your local data protection authority (in Sweden, IMY).