1. What we collect
When you use cognitosage.com or our products, we collect what’s needed to make them work, and nothing else. Specifically:
- Account data — name, work email, organisation, role. Provided by you when you sign up.
- Candidate data — resumes, profiles, interview content, scoring outputs. Provided by your organisation, processed under your control.
- Usage data — what features you use, when, for how long. Used to improve the product and to enforce your plan’s quotas.
- Technical data — IP address, browser, device type. Used for security and to keep the platform up.
2. Where it lives
If you choose self-hosted, all candidate data lives on your infrastructure. We never see it. We don’t have credentials to it. If we need to debug an issue, we ask for logs, not data.
If you choose managed cloud, your data is stored in the region you choose (India, EU, US) on encrypted volumes. We use industry-standard providers (AWS, Google Cloud). Encryption at rest and in transit. Keys rotated quarterly.
3. Who we share it with
Nobody, except:
- Sub-processors we use to run the platform — cloud hosting, email delivery, error monitoring. Each one is GDPR-compliant. The full list is available on request.
- Legal authorities, if we are legally required to. We will fight overbroad requests. We will notify you of any request unless prohibited by law.
We do not sell data. We do not share data with advertisers. We do not train models on your candidate data without your written authorisation.
4. Your rights (GDPR, CCPA, DPDP)
You have the right to access your data, correct it, delete it, export it, restrict its processing, and object to its processing. Email privacy@cognitosage.com and we will respond within 30 days.
For candidates whose data is processed by our customers: your data subject rights go through the customer (they are the data controller). We are the data processor. We will support any customer DSAR response within 14 days.
5. Security
We hold ourselves to enterprise-grade security practices: GDPR-ready and CCPA-aligned, with India’s DPDP Act in scope. Self-hosting lets you keep regulated data entirely within your own infrastructure. SOC 2 is on our roadmap. We welcome responsible disclosure of security issues (security@cognitosage.com).
6. Cookies
We use the minimum number of cookies needed to keep the site working: session, authentication, and one analytics cookie (Plausible — no personal data, no third-party sharing). No advertising cookies. No tracking pixels.
7. Children
Our products are for organisations hiring adults. We do not knowingly collect data about anyone under 18.
8. Changes
If we materially change this policy, we will email customers 30 days before the change takes effect. The last-updated date at the top of this page is always current.
9. Contact
CognitoSage Technologies Pvt. Ltd. · Hyderabad, Telangana 500032, India · privacy@cognitosage.com · +91 98494 42250.
Data Protection Officer: dpo@cognitosage.com. EU Representative on request.