Privacy Policy

1. Introduction

AI CogniFit ("we," "our," or "us") builds tools that help teams quantify AI literacy, efficiency, and cognitive load. During the Open Beta we rely on a small amount of structured telemetry and feedback so we can improve responsibly. This Privacy Policy explains what data we collect, how we use it, and the choices available to you.

2. Information We Collect

2.1 Account & Profile Details

• Email address, name, and role metadata supplied during signup.
• Admin allow-list information (e.g., organization email domain) when applicable.

2.2 Productivity & Assessment Signals

• Task pack selections, timing data, self-ratings, overestimation flags, and TLX workload check-ins.
• Voluntary benchmark edits, feedback submissions, and bug reports.
• AI usage indicators (e.g., whether assistance was used) that you explicitly log inside the app.

2.3 Technical & Analytics Telemetry

• Browser, device, and connection diagnostics captured via Vercel Analytics (aggregated, no PII).
• Optional Mixpanel events such as "productivity pack completed" or "feedback submitted" to understand feature adoption.
• Error traces and performance metrics from Sentry (essential for reliability and security).

2.4 Support & Communications

• Emails, support tickets, and survey responses you send us directly.
• Zapier webhook payloads when you opt into automation flows (e.g., notifications or cohort exports).

3. How We Use Your Information

• Service Delivery: Authenticate users, run task packs, calculate scores, and surface dashboards.
• Analytics & Beta Learnings: Understand which features create value, identify friction, and prioritize roadmap improvements. Optional Mixpanel events are only sent with your consent.
• Product Research: Measure AI literacy, overestimation, and workload trends in aggregate to benchmark teams.
• Security & Reliability: Detect abuse, troubleshoot issues, and maintain service integrity.
• Compliance: Satisfy legal obligations, respond to lawful requests, and uphold our Terms of Service.

4. Analytics, Telemetry & Error Monitoring

We use a small number of trusted tools to monitor the Open Beta. Analytics cookies are optional, and you can change your choice at any time via the cookie banner in the footer.

• Mixpanel (optional): Event analytics for beta metrics (pack completions, feedback submissions, benchmark edits). No prompts, task outputs, or user-generated documents are sent.
• Vercel Analytics (aggregated): Privacy-preserving web metrics (page hits, CLS, LCP). Data is de-identified and used to triage performance regressions.
• Sentry (essential): Error and performance monitoring to keep the platform stable. We scrub payloads and only retain the minimum required diagnostic context.

Declining analytics disables Mixpanel tracking immediately. Essential telemetry (auth sessions, security audits, and Sentry error logs) remains in place to operate the service safely.

5. Data Sharing & Trusted Processors

We never sell your personal data. We only share information with carefully vetted processors who help us deliver the product:

• Supabase: Authentication, database storage, row-level security, and scheduled jobs.
• Vercel: Hosting, edge caching, and web analytics.
• Mixpanel: Optional product analytics (enabled only when you opt in).
• Sentry: Application monitoring and incident response.
• Zapier: Optional integrations you explicitly connect during beta workflows.
• OpenAI & Anthropic: AI processing for prompts you trigger in-product. Model vendors only receive the prompt/response pairs required for that request.

6. AI Processing & Content Safeguards

We leverage AI models to create personalized recommendations, summary insights, and guardrail prompts. Inputs are encrypted in transit, and outputs are marked so you always know when content is AI-generated. You can opt out of AI-assisted flows in your settings or by choosing manual-only tasks.

7. Data Security

Security is built into every layer: TLS for data in transit, encryption-at-rest through Supabase, principle-of-least-privilege access, audit logging, and regular penetration and dependency checks. Service role keys and admin actions are segregated in separate environments.

8. Data Retention

We retain assessment history, self-ratings, and benchmark edits while your account is active so teams can measure progress over time. You may request deletion at any point, and we will purge personal data (including analytics identifiers) within 30 days except where retention is legally required.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access and obtain a copy of your data.
• Correct or update inaccurate information.
• Request deletion or anonymization of personal data.
• Restrict or object to certain processing activities.
• Export data in a portable format.
• Withdraw consent for analytics or marketing communications at any time.

Submit requests to privacy@aicognifit.com. We respond within 30 days.

10. Cookies & Preference Management

Our consent banner lets you choose between essential cookies only or full analytics. Essential storage covers authentication tokens, security protections, feature flags, onboarding tour dismissal, and necessary accessibility preferences. Analytics cookies (Mixpanel + Vercel) are optional. You can revisit your choice anytime by reopening the banner in the site footer or clearing the aicognifit-consent cookie.

11. Children's Privacy

AI CogniFit is built for adult professionals. We do not knowingly collect information from children under 13. If you believe a child has provided us data, please contact us so we can delete it promptly.

12. International Data Transfers

We operate primarily from the United States and European Union. When data crosses borders, we apply appropriate safeguards such as Standard Contractual Clauses (SCCs) and maintain regional backups to honor data residency commitments.

13. Changes to This Policy

We review the policy before each major release. Material updates will be announced in-app or via email. Continued use of the service after changes become effective constitutes acceptance.

14. Contact & Data Controller

AI CogniFit is the data controller for personal information processed through this platform.

For Terms of Service, see our Open Beta terms.