Privacy Policy

Introduction

COGNIXA LABS LLC ("Cognion," "we," "us," or "our") operates cognion.io, providing independent AI model benchmarking, analysis, and comparison services. We are committed to protecting your privacy and handling your personal data with transparency and care.

This Privacy Policy explains how we collect, use, store, and share your information when you use our website, API services, and related offerings (collectively, the "Services").

Information We Collect

1. Information You Provide

• Account Information: Name, email address, company name, and password when you create an account
• Payment Information: Billing details processed securely through third-party payment processors (we do not store full credit card numbers)
• Communications: Information you provide when contacting us, including support requests, feedback, and inquiries
• API Usage Data: API keys, request logs, and usage metrics for service delivery and billing

2. Information Collected Automatically

• Usage Data: Pages visited, features used, time spent, and interaction patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Tracking: Session cookies, analytics cookies, and preference cookies (see Cookie Policy)
• Performance Data: API response times, error rates, and service availability metrics

3. Information from Third Parties

• Authentication Providers: Profile information from OAuth providers (Google, GitHub) if you use social login
• Payment Processors: Transaction confirmation and billing status from Stripe or similar services
• Analytics Services: Aggregated usage statistics from Google Analytics, Mixpanel, or similar platforms

How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: Provide, maintain, and improve our benchmarking platform and API services
• Account Management: Create and manage your account, authenticate users, and process payments
• Communications: Send service updates, security alerts, billing notifications, and respond to inquiries
• Analytics and Improvement: Analyze usage patterns, identify bugs, optimize performance, and develop new features
• Security: Detect fraud, prevent abuse, enforce terms of service, and protect user data
• Legal Compliance: Comply with applicable laws, regulations, and legal processes
• Marketing: Send promotional emails about new features or services (with opt-out option)

Data Sharing and Disclosure

We do not sell your personal information. We may share your data in the following circumstances:

• Service Providers: Third-party vendors who perform services on our behalf (hosting, analytics, payment processing, email delivery)
• Business Transfers: In connection with mergers, acquisitions, or asset sales, subject to confidentiality obligations
• Legal Requirements: When required by law, court order, or government request
• Protection of Rights: To enforce our terms, protect our rights, or ensure user safety
• With Consent: When you explicitly authorize us to share specific information

Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate or incomplete information
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Receive your data in a structured, machine-readable format
• Opt-Out: Unsubscribe from marketing emails or disable non-essential cookies
• Objection: Object to processing based on legitimate interests
• Restriction: Request limitation of processing in certain circumstances

To exercise these rights, contact us at [email protected]. We will respond within 30 days of receiving your request.

Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Regular security audits and penetration testing
• Access controls and authentication requirements for internal systems
• Secure data centers with physical and network security
• Incident response procedures and breach notification protocols

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data Retention

We retain personal information for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce agreements. Account data is retained while your account is active and for up to 90 days after deletion. API logs are retained for 12 months for billing and debugging purposes. Aggregated, anonymized data may be retained indefinitely for analytics.

International Data Transfers

Your information may be transferred to and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EU/EEA.

Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately for deletion.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes via email or prominent notice on our website. Continued use of our Services after changes constitutes acceptance of the updated policy.

Contact Us