Privacy policy.

Summary

What we collect: the firm name and work email you submit when you request an audit; account data when you create a workspace; usage telemetry on the platform; the public-facing content of your firm site we crawl to compute visibility scores.

What we never collect: privileged client matter content, internal documents from your firm intranet, content behind authentication on your site.

What we never do: sell or rent your data to third parties; train third-party models on your data; share workspace data across competing-firm engagements.

Data we collect

Information you provide

• Audit submissions — firm name, work email, practice area, jurisdiction.
• Workspace data — firm metadata, member email addresses, billing information, integration credentials you authorize.
• Communications — emails to support, sales, or your strategist.

Information collected automatically

• Usage telemetry — pages visited, features used, performance metrics. We use this only to operate and improve the product.
• Device and connection data — IP address, browser type, OS, referrer.
• Cookies and similar — strictly-necessary cookies for session and CSRF, optional analytics cookies (we'll ask first under GDPR and CCPA jurisdictions).

Information from third parties

• Public web content — your firm's public-facing pages, robots-allowed at fetch time. We respect robots.txt and rate-limit conservatively.
• Citation sources — public publications and indices we monitor for citations of your firm.

How we use data

• To run the audit and provide the dashboard.
• To compute visibility, sentiment, share-of-voice, and citation scores.
• To send service notifications, drift alerts, and reports you have configured.
• To improve the product (aggregate, de-identified analytics).
• To comply with legal obligations and respond to lawful requests.

How we share data

We share data with sub-processors strictly necessary to operate the service — see /trust for the current list, which includes our cloud host (AWS), our model providers when explicitly enabled, our email provider, our error-monitoring service, and our payment processor. Each is bound by a data processing agreement.

Workspaces are strictly segregated. Where the same data may concern two firms (e.g., shared public publications), the visibility readings and reports are computed per-workspace and never cross-shared. Where ethical walls between competing firms apply, infrastructure is fully isolated; see /compliance.

Your rights

GDPR / UK GDPR

• Access, rectify, and erase your personal data.
• Restrict or object to processing.
• Data portability — export your workspace at any time.
• Withdraw consent for optional processing.

CCPA / CPRA

• Know what we collect.
• Delete personal information.
• Correct inaccurate personal information.
• Opt out of sale or sharing — we do not sell or share personal information for cross-context behavioral advertising.

To exercise any right, email privacy@cognoverge.com. We respond within 30 days.

Retention

Workspace data is retained for the duration of your contract and 30 days after termination, then deleted unless we're legally required to retain it. Audit submission data not converted to a workspace is deleted within 6 months. Backups are retained for 35 days then rotated.

Security

See /security for our security posture, SOC 2 Type II status, encryption details, and incident-response process. In short: encryption in transit (TLS 1.3) and at rest (AES-256), least-privilege access, audited admin actions, 24/7 monitoring.

International transfers

For customers in the EU and UK we offer EU and UK data residency on Counsel and Enterprise. Where we transfer data outside the EEA we rely on the EU's Standard Contractual Clauses and the EU-US Data Privacy Framework. Our DPF certification is at /trust.

Changes

If we materially change this policy we'll notify you by email and post the change with the date above. Continued use of the service after the effective date constitutes acceptance.

Contact

Data Protection Officer — dpo@cognoverge.com. EU representative — Cognoverge EU Sàrl, 23 Boulevard Royal, L-2449 Luxembourg. UK representative — Cognoverge UK Ltd., 1 Stephen Street, London W1T 1AT.