Privacy Policy

Scope and Roles

This Privacy Policy explains how Cogniself collects, uses, discloses, retains, and protects personal information when you use Cogniself websites, applications, assessments, reports, Jung AI assistant, Cogniself Delta, Growth Hub, shared links, invite flows, Cogniself Pro workspaces, billing, support, and related services. It should be read together with our Terms and Conditions.

• For consumer users, Cogniself generally acts as the business, controller, or similar responsible party for the personal information we collect directly.
• For Cogniself Pro, an organization may act as the controller, business, employer, deployer, or similar responsible party for candidate, team-member, employee, participant, or workspace data. In that context, Cogniself may process data on behalf of the organization and under its instructions, subject to any separate data-processing agreement.
• If you were invited by an organization, recruiter, manager, team lead, partner, or observer, that inviter may receive the information and outputs described in the invite or consent flow.

Information We Collect

The information we collect depends on how you use Cogniself. We may collect the following categories:

• Account and contact data, such as name, email address, authentication identifiers, password credentials or provider IDs, locale, profile preferences, billing status, and support contact information.
• Assessment and report data, such as Big Five responses, contextual answers, scoring outputs, report content, report history, report unlock status, additional report inputs, compatibility or partner invite data, shared report links, and report update records.
• Delta and neurodivergence-screening data, such as ADHD, autism, AuDHD, executive-function, sensory, observer, follow-up, strategy, and result-related responses. Delta is a screening and self-understanding product, not a diagnosis.
• Jung, voice, and Growth Hub data, such as chat messages, assistant context, conversation metadata, voice or audio interaction metadata, transcripts where generated, action plans, goals, check-ins, growth tasks, and related preferences.
• Cogniself Pro data, such as organization details, member roles, project context, recruitment or team settings, candidate and participant records, consent status, invite tokens, linked assessment references, Pro report outputs, billing/license state, and privacy-safe Jung Pro audit metadata.
• Payment and commercial data, such as checkout status, Stripe customer or session identifiers, subscription details, report entitlements, token or credit activity, refund records, tax-related information, and purchase history. We do not intentionally store full card numbers on Cogniself servers.
• Device, usage, and log data, such as IP address, browser type, device identifiers, pages viewed, referral URLs, timestamps, session events, cookie identifiers, approximate location derived from IP address, error logs, security logs, and product analytics.
• Communications and support data, such as emails, forms, survey responses, feedback, demo requests, bug reports, and other messages you send to us.
• Information from third parties, such as authentication providers, payment processors, organization administrators, invite senders, observers, teammates, candidates, partners, analytics providers, fraud-prevention services, and public or licensed research databases.

Sensitive Information

Some Cogniself features can involve sensitive information or inferences, including personality traits, neurodivergence-related screening responses, workplace context, relationship context, participant consent records, and other information that may reveal health-related, employment-related, psychological, or protected-class implications depending on how you use the Services.

• We do not require you to provide sensitive information unless it is needed for the feature you choose to use, such as Delta, Pro participant consent, or a contextual report.
• We do not use assessment responses, Delta responses, Jung chats, Pro participant data, or other sensitive personal information for cross-context behavioral advertising.
• Do not submit protected health information to Cogniself as a HIPAA covered entity or business associate unless we have signed a separate business associate agreement that expressly covers that use.
• If you submit sensitive information about another person, you are responsible for having the legal basis, notice, consent, and authority required to do so.

How We Use Information

We use personal information to:

• provide, operate, authenticate, localize, secure, and maintain the Services;
• administer assessments, score responses, generate reports, unlock paid content, provide Jung assistant context, produce Delta outputs, manage Growth Hub actions, and support Cogniself Pro workspaces;
• process purchases, subscriptions, tokens, credits, invoices, refunds, taxes, fraud checks, and customer support requests;
• send service messages, security notices, consent notices, invite messages, transactional emails, product updates, and lawful marketing communications;
• monitor performance, debug errors, prevent abuse, enforce terms, protect users, investigate fraud or security incidents, and comply with law;
• improve features, evaluate product quality, build aggregate or de-identified insights, and develop new services where permitted by law and our user commitments;
• fulfill legal, accounting, tax, audit, dispute, regulatory, and record-keeping obligations.

AI Processing

Cogniself uses AI and model providers to help generate reports, assistant replies, summaries, voice features, research-supported content, and product recommendations. We may send prompts, user messages, assessment context, report context, transcript text, metadata, and safety instructions to AI providers as needed to provide the feature you request.

• Cogniself does not use AI outputs as final hiring, rejection, diagnosis, treatment, legal, financial, credit, insurance, housing, or similarly significant decisions.
• We design Jung Pro to use report-first and privacy-safe context rather than raw private assessment dumps where possible.
• We do not knowingly use identifiable assessment responses, Delta data, Jung chats, or Pro participant data to train publicly available third-party foundation models unless we tell you and obtain any legally required consent.
• AI outputs may be inaccurate or incomplete. You should not submit information that you do not want processed by AI-enabled systems.

How We Share Information

We disclose personal information only as needed for the purposes described in this Privacy Policy, as directed by you or an authorized organization, or as required by law.

• Service providers and processors, including hosting, database, storage, authentication, payments, email, analytics, error monitoring, customer support, security, research retrieval, AI model, voice, and infrastructure providers.
• Payment processors, such as Stripe, to process payments, subscriptions, refunds, fraud checks, tax calculations, and billing portal access.
• AI and model providers when needed to generate reports, assistant replies, voice outputs, summaries, or other requested features.
• Organization administrators and workspace members according to their role, permissions, project membership, participant consent, and the applicable Cogniself Pro workflow.
• Invite senders, observers, partners, report recipients, or shared-link viewers when you participate in an invite, observer flow, partner flow, or shared report feature.
• Legal, safety, and compliance recipients where needed to comply with law, respond to lawful requests, enforce terms, protect rights, prevent harm, investigate abuse, or defend claims.
• Business transaction recipients if we are involved in a merger, acquisition, financing, reorganization, bankruptcy, asset sale, or similar transaction.
• Aggregate, de-identified, or anonymized information that does not reasonably identify you, where permitted by law.

Cookies, Analytics, and Advertising Choices

We use cookies, local storage, pixels, SDKs, server logs, and similar technologies to keep you signed in, remember preferences, secure the Services, understand performance, measure campaigns, and improve the product. Some pages may use analytics or advertising tools such as Google Analytics, Google Tag Manager, Meta Pixel, or similar services if enabled.

• You can control cookies through your browser settings. Blocking some cookies may break account, checkout, localization, assessment, or security features.
• Where legally required, we will honor applicable opt-out signals or consent choices for targeted advertising, sale, sharing, and sensitive personal information.
• We do not sell personal information for money. If advertising or analytics tools are configured in a way that counts as a sale or share under privacy law, you may have the right to opt out.

California Notice at Collection

If you are a California resident, this section provides additional notice under the CCPA/CPRA. We may collect the following categories of personal information, as described in more detail above: identifiers, customer records, commercial information, internet or electronic network activity, geolocation approximated from IP address, audio or sensory information if you use voice features, professional or employment-related information in Pro contexts, inferences and assessment profiles, and sensitive personal information where you choose to provide it or where it is required for a feature.

• We collect and use these categories for the business and commercial purposes described in this Privacy Policy, including service delivery, security, payments, support, analytics, compliance, product improvement, and communications.
• We disclose categories of personal information to the categories of recipients described in the How We Share Information section.
• We do not knowingly sell or share assessment responses, Delta responses, Jung chats, Pro participant data, payment data, or sensitive personal information for cross-context behavioral advertising.
• We retain each category only as described in the Data Retention section or as otherwise permitted by law.

Legal Bases for EEA, UK, and Similar Regions

Where GDPR, UK GDPR, or similar law applies, our legal bases may include:

• contract necessity, such as creating accounts, delivering reports, processing payments, and providing requested features;
• consent, such as optional marketing, certain cookies, participant consent, Delta or sensitive-feature flows, and optional research or survey participation;
• legitimate interests, such as service improvement, security, fraud prevention, analytics, customer support, and product operations, where those interests are not overridden by your rights;
• legal obligation, such as tax, accounting, dispute, compliance, safety, and regulatory duties;
• explicit consent or another permitted legal basis for special-category data, where such data is processed.

Automated Decision-Making and Profiling

Cogniself generates personality, growth, Delta, and Pro insights using software and AI-assisted processing, but Cogniself does not make final clinical, employment, credit, insurance, housing, legal, financial, or similarly significant decisions about you.

• You should not use Cogniself outputs as the sole basis for decisions that materially affect a person.
• If an organization uses Cogniself in a way that creates automated decision-making, profiling, employment testing, high-risk AI, or a consequential decision under applicable law, that organization is responsible for required notices, lawful basis, impact assessments, audits, human review, appeals, accommodations, and data rights.
• Where the law gives you rights related to automated decision-making or profiling, you may contact us or the responsible organization to exercise those rights.

Data Retention

We keep personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.

• Account, assessment, report, Jung, Delta, Growth Hub, and Pro data may be retained while your account, report, subscription, organization, invite, shared link, or workspace remains active or as needed to provide continuity.
• Payment, tax, billing, audit, fraud, dispute, and legal records may be retained for legally required or commercially reasonable periods.
• Security logs, system logs, analytics data, backups, and diagnostic records may be retained for limited periods unless needed for security, legal, or operational reasons.
• Deletion requests may not remove de-identified data, aggregate data, backup copies before normal expiration, legal records, fraud-prevention records, or organization records that must be preserved for legitimate business or legal reasons.

Your Privacy Rights

Depending on where you live and how you use Cogniself, you may have rights to access, know, correct, delete, port, restrict, object, withdraw consent, opt out of sale or sharing, opt out of targeted advertising, limit sensitive personal information, appeal a rights decision, or complain to a regulator.

• You can make requests through available account settings or by emailing help@cogniself.co.
• We may need to verify your identity and authority before fulfilling a request. Authorized agents may need to provide proof of authority.
• If your information is controlled by a Cogniself Pro organization, we may direct your request to that organization or act on its instructions.
• We will not discriminate against you for exercising non-waivable privacy rights.

International Transfers

Cogniself is based in the United States, and personal information may be processed in the United States and other countries where we or our service providers operate. These countries may have data-protection laws that differ from those in your location.

• Where required, we use appropriate safeguards for international transfers, such as contractual protections, data-processing agreements, standard contractual clauses, or other lawful transfer mechanisms.

Security

We use administrative, technical, and organizational safeguards designed to protect personal information, including access controls, encryption in transit where appropriate, role-based permissions, logging, and security monitoring. No system is perfectly secure, so we cannot guarantee absolute security.

• If we identify a breach that legally requires notice, we will provide notice consistent with applicable breach-notification laws.
• Please contact help@cogniself.co if you believe your account or information has been compromised.

Children and Minors

Cogniself is intended for adults. We do not knowingly collect personal information from children under thirteen (13), and the Services are not intended for users under eighteen (18) unless a specific product flow expressly allows a different age gate and all required consents are satisfied.

• If you believe a child or minor has provided personal information in violation of this policy, contact us and we will take appropriate steps.

Healthcare and HIPAA

Cogniself is not a healthcare provider, health plan, healthcare clearinghouse, HIPAA covered entity, or HIPAA business associate by default. The Services are not designed for diagnosis, treatment, clinical monitoring, or emergency care.

• If you are a covered entity or business associate, do not submit protected health information unless a separate written business associate agreement is in place.
• Delta and related features are screening and self-understanding tools, not medical diagnoses or clinical records.

Changes to This Policy

We may update this Privacy Policy from time to time. The updated policy will be effective when posted unless a later effective date is stated. If changes are material, we may provide additional notice as required by law.

Contact Us

If you have questions about this Privacy Policy or want to exercise privacy rights, contact Cogniself LLC at help@cogniself.co.