Cognida Inc. and its subsidiaries (“we”, “us”, or “our”) are committed to protecting the privacy and security of its customers and employee’s personal information. This Privacy Policy outlines how we collect, use, and disclose your information when you use our website, products, and services. 

We, at Cognida.ai are committed to protecting the information that you share with us and explaining how we collect process and share that information online. When you use our services, you’re trusting us with your information. We understand this is a big responsibility and work hard to protect and entrust your information to keep it secure. 

1. Background
   This Policy provides an overview of how Cognida.ai’s information of “data subjects” (hereinafter referred to as “You or your”) and their personal data are collected, how they’re handled, and how their privacy is protected. In this policy, “we”, “us” and “our” may refer to Cognida.ai, Cognida Inc. or its subsidiaries and affiliates. 
2. Services Provided by Cognida.aiCognida.ai is a new age artificial intelligence solutions company that’s working on solving customer problems using our artificial intelligence and machine learning platform “Zuno”. Using Zunō, our AI & ML platform, we provide predictive and prescriptive analytics trends, using the customers data and enabling decision intelligence to them, providing an end-to-end solution enabling businesses solving complex problems using insights from the data.
3. Information we collect
   

   We may collect personal information from you when you interact with our website, products, or services. This information may include:-

   • Personal identification information (e.g., name, email address, phone number). 
   • Payment information (e.g., credit card details) if you make a purchase.
   • Usage data (e.g., IP address, browser type, pages visited) collected automatically when you use our website or services. 
   • Any other information you provide to us voluntarily.
4. How we use your information
   We may use the information we collect for various purposes, including: 
   • Providing, maintaining, and improving our products and services. 
   • Communicating with you, including responding to your inquiries and providing customer support. 
   • Personalizing your experience and delivering relevant content and advertisements. 
   • Processing payments and fulfilling orders. 
   • Analyzing usage trends and preferences. 
   • Complying with legal obligations. 
5.  Data sharing and disclosure
   We may share your information with third parties for the following purposes: 
   • With service providers who assist us in operating our business and providing our products and services (e.g., hosting providers, payment processors). 
   • With our affiliates and partners for marketing and promotional purposes, where you have consented to such sharing. 
   • In response to legal requests or to protect our rights, property, or safety, or the rights, property, or safety of others. 
   • In connection with a business transaction, such as a merger, acquisition, or sale of assets. 

   We will not sell or rent your personal information to third parties for their marketing purposes without your explicit consent. 

6. Data Security
   We take reasonable measures to protect the security of your personal information and prevent unauthorized access, disclosure, alteration, or destruction. However, please note that no method of transmission over the internet or electronic storage is 100% secure.
   6.1 What are your data protection rights?
   Cognida.ai wants to ensure you are fully aware of your data protection rights. Every user is entitled to the following:
   
   • The right to access – You have the right to request Cognida.ai copies of your data. We may charge you a small fee for this service. 
   • The right to rectification – You have the right to request that Cognida.ai correct any information you believe is inaccurate. You also have the right to request Cognida.ai to complete information you believe is incomplete. 
   • The right to erasure — You have the right to request that Cognida.ai erase your data, under certain conditions.
   • The right to restrict processing – You have the right to request Cognida.ai to restrict the processing of your personal data, under certain conditions. The right to restrict processing – You have the right to request that Cognida.ai restrict processing your data under certain conditions.
   • The right to object to processing – You have the right to object to Cognida.ai ‘s processing of your data, under certain conditions. 
   • The right to data portability – You have the right to request that Cognida.ai transfer the data that we have collected to another organization, or directly to you, under certain conditions.
   • If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email. 
     Email us at: Cognida_IT@Cognida.ai 
7. Comprehensive PII Inventory Clause
   1. Identification of PII:
   Cognida.ai maintains a detailed inventory of Personally Identifiable Information (PII) that it collects, processes, and stores. PII includes but is not limited to names, addresses, email addresses, phone numbers, identification numbers, financial information, and any other information that can directly or indirectly identify individuals.
   2. Types of PII collected:
   The PII inventory encompasses all types of personal data collected through various channels, including but not limited to our websites, mobile applications, customer interactions, and third-party sources.
   3. Purpose of PII Collection:
   PII is collected for specific and lawful purposes, including but not limited to providing products and services, customer support, marketing communications, and compliance with legal obligations. Each category of PII collected is aligned with these purposes.
   4. Data Categories and Sources
   The inventory categorizes PII based on sensitivity and relevance to business operations. Sources of PII include direct interactions with individuals, automated technologies such as cookies and analytics tools, and information obtained from third parties where permissible under applicable laws.
   5. Data Retention and Deletion Practices
   Cognida.ai adheres to a documented data retention policy that specifies the retention periods for different categories of PII based on legal, operational, and business needs. PII is retained only for as long as necessary to fulfill the purposes outlined in this Policy and in accordance with legal requirements. Upon expiry of the retention periods or upon request, PII is securely deleted or anonymized.
   6. Security Measures:
   We implement appropriate technical and organizational measures to protect PII from unauthorized access, disclosure, alteration, or destruction. These measures include encryption, access controls, regular security assessments, and employee training on data protection principles.
   7. Updates to PII Inventory:
   The PII inventory is regularly reviewed and updated to reflect changes in data processing activities, new types of collected data, and compliance with evolving legal and regulatory requirements.
   8. Access to PII Inventory:
   Individuals have the right to request access to their PII held by Cognida.ai. Requests should be submitted in accordance with the procedures outlined in the “Individual Rights” section of this Policy.
   
8. GovernanceCognida.ai is committed to protecting the privacy and security of personal data in accordance with applicable data protection laws and regulations in US & India where its operational. 

   In the United States, data protection laws are primarily focused on specific sectors and aspects of privacy rather than a comprehensive, overarching federal law similar to the GDPR in the European Union. Here are some key federal and state laws that address data protection and privacy concerns in the US:
   

   • Health Insurance Portability and Accountability Act (HIPAA): Regulates the use and disclosure of protected health information (PHI) by healthcare providers, health plans, and healthcare clearinghouses. 
   • Gramm-Leach-Bliley Act (GLBA): Requires financial institutions to explain their information-sharing practices to customers and to safeguard sensitive data. 

   Many states have laws requiring businesses to notify individuals of security breaches involving their personal information and we would be complying to the same as well.  

   In India, data protection is primarily governed by the Personal Data Protection Act which was passed in Aug 2023. The Act applies to the processing of digital personal data within India where such data is collected online, or collected offline and is digitised.  It will also apply to such processing outside India if it is for offering goods or services in India. 

   We will only collect, process, and share your personal data where we have a lawful basis to do so under applicable law. This includes situations where you have provided consent, where processing is necessary for the performance of a contract, or where processing is necessary for our legitimate interests, and those interests do not override your fundamental rights and freedoms. 

9.  Data Retention and Data Deletion Practices Clauses
   1. Data Retention Policy:
   a) Cognida maintains a documented data retention policy that governs the retention periods and deletion practices for personal data collected and processed by the organization.
   b) The retention periods are determined based on legal, regulatory, operational, and business requirements relevant to the purposes for which the personal data was collected.
   2. Retention Periods:
   a) Personal data is retained only for as long as necessary to fulfill the purposes outlined in this Policy and as required by applicable laws and regulations.
   b) Retention periods may vary depending on the category of personal data and the specific context of its processing. Typical retention periods are specified as follows:
   i) Customer account information is retained for 3 years after the end of the customer relationship, transaction records are retained for 7 years for tax and audit purposes. Employment records are kept for 2 years post the employee leaves the organization. 
   3. Data Deletion Procedures
   a) Upon expiration of the retention periods or upon request from individuals (where applicable), personal data will be securely deleted, anonymized, or archived in accordance with our data retention policy. 
   b) Data deletion procedures include ensuring that all copies of personal data are identified and securely deleted or anonymized from our systems, databases, backups, and third-party service providers where feasible and permissible under contractual obligations. 
   4. Exceptions to Deletions
   Certain legal or regulatory obligations may require us to retain personal data for longer periods than specified in our retention policy. In such cases, we will ensure that the personal data is protected and used only for the purposes outlined in this Policy.
   5. Review and Update:
   This data retention and deletion practices clause, including the associated data retention policy, is periodically reviewed and updated to reflect changes in our data processing activities, legal and regulatory requirements, and business practices.
   6. Individual rights:
   Individuals have the right to request deletion of their personal data where permitted by law. Requests should be submitted in accordance with the procedures outlined in the “Individual Rights” section of this Policy.
   
10. Cookie Management
    1. Types of Cookies Used: Cognida.ai uses cookies and similar tracking technologies (collectively referred to as “cookies”) on its websites and applications. These may include essential cookies necessary for the functioning of the site, analytical/performance cookies to analyze user behavior, functionality cookies to enhance user experience, and targeting/advertising cookies to personalize content and ads.
    2. Consent to Cookies
    By using our website or application, you consent to the use of cookies as described in this Cookie Management clause and in our Privacy Policy. You can manage your cookie preferences and consent settings through our cookie consent banner or settings provided on the website or application.
    3. Managing Cookie Preferences
    You have the option to control and manage cookies through your browser settings or through our cookie consent banner/settings. You can block cookies, delete existing cookies, or set preferences to receive notifications when cookies are placed. Please note that blocking or deleting cookies may affect your browsing experience and functionality of our website or application.
    4. Types of Cookies & Purposes
    a) Essential Cookies: Necessary for the operation of our website or application. These cookies enable core functionalities such as security, network management, and accessibility. 
    b) Analytical/Performance Cookies: Used to analyze how users interact with our website or application, track website performance, and improve user experience. 
    c) Functionality Cookies: Enhance the usability of our website or application by remembering user preferences and settings.
    d) Targeting/Advertising Cookies: Used to deliver relevant advertisements to users based on their interests and browsing behavior.
    5. Third-Party Cookies: We may allow third-party service providers (e.g., analytics providers, advertising networks) to place cookies on our websites or applications to perform services on our behalf. These cookies are subject to the third parties’ own privacy policies and cookie management practices.
    6. Cookie Settings: You can adjust your cookie settings at any time through our cookie consent banner or settings provided on our website or application. Changes to cookie settings may require refreshing the page for the changes to take effect.
    7. Updates to Cookie Management: This Cookie Management clause, including our use of cookies and how you can manage your preferences, may be updated from time to time to reflect changes in our practices or legal requirements. We recommend reviewing this policy periodically for any updates.
    8. Contact Information: If you have any questions or concerns about our use of cookies or this Cookie Management clause, please contact us at dpo@cognida.ai.
    
11. Data Breach Reporting and Data Protection Officer Details 
    1. Data Breach Reporting
    a) Notification Obligations: In the event of a data breach involving personal data, Cognida.ai will promptly assess the breach to determine its scope and impact on individuals.
    b) Notification to Individuals: If the breach is likely to result in a high risk to the rights and freedoms of individuals, Cognida.ai will notify affected individuals without undue delay, providing information about the nature of the breach and recommended measures to mitigate potential adverse effects. 
    c) Notification to Regulatory Authorities: Cognida.ai will comply with applicable data protection laws and regulations regarding the notification of data breaches to relevant regulatory authorities. Notifications will be made in accordance with timelines and requirements specified in applicable laws. 
    d) Contact Information: Individuals affected by a data breach can contact dpo@cognida.ai for further assistance and information regarding the breach.
    2. Data Protection Officer (DPO) Details
    • Designation of DPO: Cognida.ai has appointed a Data Protection Officer (DPO) to oversee the organization’s data protection strategy and ensure compliance with data protection laws and regulations. 
    • Contact Information: 
    • Name: Swarna Kumar 
    • Position: Data Protection Officer 
    • Email: dpo@cognida.ai 
    • Roles and Responsibilities: The DPO’s responsibilities include: 
    • Monitoring compliance with data protection laws and internal data protection policies. 
    • Providing advice and guidance on data protection impact assessments (DPIAs) and ensuring they are conducted where necessary. 
    • Serving as the point of contact for individuals and regulatory authorities regarding data protection matters. 
    • Reporting Structure: The DPO reports directly to CEO and the Board to ensure independence and effectiveness in carrying out their duties.
      

    3. Updates to Data Breach Reporting and DPO Details
    This section of the Data Privacy Policy, including data breach reporting procedures and DPO details, will be reviewed and updated as necessary to reflect changes in data protection practices, legal requirements, and organizational structure.

12. Privacy Policy of other websites
    Cognida.ai website contains links to other websites. Cognida.ai privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy. 
    1. Your choices
    You have the right to access, update, or delete your personal information. You may also opt-out of receiving marketing communications from us by following the instructions provided in the communication. 
    2. Children’s privacy
    Our products and services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe that we have collected personal information from a child under 13, please contact us immediately. 
    3. Changes to this Privacy Policy
    We may update this Privacy Policy from time to time by posting the revised version on our website. Your continued use of our website, products, or services after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. 
    4. Contact Us
    If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at dpo@cognida.ai.