Legal

Privacy Policy

Last updated: June 2026

CogneiAI ("we", "our", "us") provides an AI-powered business operations platform that helps you understand and run your business — including bank-statement conversion, financial analysis, e-commerce and marketing insights, an AI assistant, and team collaboration tools. This policy explains what data we collect, how we use it, who we share it with, and your rights.

1. Information We Collect

• Account & identity: Your email address and a hashed password when you register. If you sign in with Google, we receive your name and email from your Google profile. For team accounts, we store the email addresses and roles of users you invite.
• Financial documents & data: Bank or financial statements (PDFs) you upload. The original file is processed and the temporary copy is deleted from our servers shortly after; the extracted transactions, balances, categories and analysis are stored in your account so we can power your dashboard and ledger.
• Connected business accounts: If you connect third-party services, we access and store data from them to provide the dashboards you request, including: Shopify (orders, products, inventory, revenue, and customer details such as names, addresses and order history); Meta / Facebook & Instagram (ad-account spend and performance metrics); and PostEx or similar logistics providers (shipment and delivery status).
• AI assistant & business context: Information you provide to train or guide your AI — business configuration, goals, notes, and the messages you send to the AI chat. To enable retrieval, we generate and store vector representations of this content scoped to your account.
• Productivity & founder data: If you use the founder/operations tools, we store the tasks, notes, goals, routines, and personal performance metrics (e.g. sleep target, workout plan) you enter.
• Usage & billing data: Subscription plan and status, seat count, feature usage, and AI usage metrics (token counts and estimated cost) used for limits and billing.
• Payment data: Card payments are processed entirely by Stripe. We do not see or store full card numbers — only a customer/subscription reference and invoice history.
• Technical data: Basic log and session data needed to operate and secure the service.

2. How We Use Your Data

• To provide the conversion, analysis, dashboard, AI assistant, and collaboration features you request.
• To generate insights and recommendations specific to your business.
• To enforce plan limits (including per-plan user/seat limits) and manage billing and subscriptions.
• To operate, secure, debug, and improve the service.
• To send transactional and account-related communications.

3. AI Processing & Training

We use third-party AI providers (currently DeepSeek) to process your prompts and business data and generate responses. Your business data is used to tailor the AI assistant to your own account only — it is kept separate per business and is not used to train models that are shared across other customers. We do not sell your data or use it to train public/third-party foundation models for unrelated purposes.

4. Third-Party Services & Sub-processors

We rely on trusted providers to operate the platform. Depending on the features you use, your data may be processed by:

• Stripe — payments and subscription billing.
• DeepSeek — AI language processing.
• MongoDB Atlas — primary database storage.
• Qdrant — vector storage for AI retrieval.
• Cloudflare R2 — secure file/object storage.
• Google — optional sign-in (OAuth).
• Shopify, Meta (Facebook/Instagram), PostEx — only where you connect those accounts, to retrieve the business data you ask us to display.

These providers process data on our behalf under their own security and privacy commitments. We share data with them only as needed to deliver the service.

5. Data Retention

Original uploaded files are removed from our servers shortly after processing. Extracted financial data, connected-account data, AI context, and other account content are retained while your account is active so the product remains useful to you. When you delete your account, we delete or anonymise associated personal data, except where we are required to retain certain records (e.g. invoices) to meet legal or accounting obligations.

6. Data Security

All data is transmitted over HTTPS. Passwords are hashed using bcrypt and never stored in plain text. Access to connected-account tokens and account data is restricted. We do not sell your personal data or share it with third parties for their own marketing.

7. Your Rights

You have the right to access, correct, export, or delete your personal information. You can delete your account and associated data from your account settings, or by emailing us at support@cogneiai.com. You may also disconnect any linked third-party account (e.g. Shopify or Meta) at any time, which stops further data retrieval from that service.

8. Cookies

We use minimal cookies and similar storage for authentication and session management. See our Cookie Policy for details.

9. Changes to This Policy

We may update this policy as the product evolves. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, by notifying you.

10. Contact

For privacy-related questions or requests, contact us at support@cogneiai.com.