Last updated: 27 May 2026 CognitoSage Technologies Pvt. Ltd.

1. What we collect

When you use cognitosage.com or our products, we collect what’s needed to make them work, and nothing else. Specifically:

  • Account data — name, work email, organisation, role. Provided by you when you sign up.
  • Candidate data — resumes, profiles, interview content, scoring outputs. Provided by your organisation, processed under your control.
  • Usage data — what features you use, when, for how long. Used to improve the product and to enforce your plan’s quotas.
  • Technical data — IP address, browser, device type. Used for security and to keep the platform up.

2. Where it lives

If you choose self-hosted, all candidate data lives on your infrastructure. We never see it. We don’t have credentials to it. If we need to debug an issue, we ask for logs, not data.

If you choose managed cloud, your data is stored in the region you choose (India, EU, US) on encrypted volumes. We use industry-standard providers (AWS, Google Cloud). Encryption at rest and in transit. Keys rotated quarterly.

3. Who we share it with

Nobody, except:

  • Sub-processors we use to run the platform — cloud hosting, email delivery, error monitoring. Each one is GDPR-compliant. The full list is available on request.
  • Legal authorities, if we are legally required to. We will fight overbroad requests. We will notify you of any request unless prohibited by law.

We do not sell data. We do not share data with advertisers. We do not train models on your candidate data without your written authorisation.

4. Your rights (GDPR, CCPA, DPDP)

You have the right to access your data, correct it, delete it, export it, restrict its processing, and object to its processing. Email privacy@cognitosage.com and we will respond within 30 days.

For candidates whose data is processed by our customers: your data subject rights go through the customer (they are the data controller). We are the data processor. We will support any customer DSAR response within 14 days.

5. Security

We hold ourselves to enterprise-grade security practices: GDPR-ready and CCPA-aligned, with India’s DPDP Act in scope. Self-hosting lets you keep regulated data entirely within your own infrastructure. SOC 2 is on our roadmap. We welcome responsible disclosure of security issues (security@cognitosage.com).

6. Cookies

We use the minimum number of cookies needed to keep the site working: session, authentication, and one analytics cookie (Plausible — no personal data, no third-party sharing). No advertising cookies. No tracking pixels.

7. Children

Our products are for organisations hiring adults. We do not knowingly collect data about anyone under 18.

8. Changes

If we materially change this policy, we will email customers 30 days before the change takes effect. The last-updated date at the top of this page is always current.

9. Contact

CognitoSage Technologies Pvt. Ltd. · Hyderabad, Telangana 500032, India · privacy@cognitosage.com · +91 98494 42250.

Data Protection Officer: dpo@cognitosage.com. EU Representative on request.