Privacy Policy
Last updated: 3 July 2026
1. Introduction
CogniVertex Inc. ("CogniVertex," "we," "us," or "our") is committed to protecting the privacy of individuals whose personal information we collect. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard personal information when you visit cognivertex.pro, contact us, enrol in programs, or use our applied cognitive AI platform and related professional services.
We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, substantially similar provincial privacy legislation in Alberta, British Columbia, and Quebec. By using our website or services, you acknowledge that you have read and understood this policy.
CogniVertex is the data controller for personal information collected through our website and direct client relationships. When we process data on behalf of enterprise clients under a services agreement, we act as a data processor and the client's privacy policy and data processing addendum govern that processing.
2. Information we collect
2.1 Information you provide directly
We collect personal information that you voluntarily submit through contact forms, program enrolment, service agreements, campus visits, email correspondence, and platform account registration. This may include:
- Full name, job title, and organisation name
- Email address, telephone number, and mailing address
- Messages and enquiry details submitted via our contact form
- Billing and payment information for program and service fees
- Consent records, including PIPEDA consent checkboxes
- Credentials and authentication data for platform accounts
- Feedback, survey responses, and support tickets
2.2 Information collected automatically
When you visit our website, we automatically collect certain technical information through cookies, server logs, and similar technologies. This may include IP address, browser type and version, operating system, referring URL, pages viewed, time and date of visits, and device identifiers. See our Cookie Policy for details on cookie categories and management options.
2.3 Information from third parties
We may receive personal information from referral partners, event organisers, publicly available professional directories, and enterprise clients who invite team members to platform workspaces. We require third parties to have lawful authority to share such information and we use it only for the purposes described in this policy or as otherwise disclosed at collection.
2.4 Client data processed on the platform
When enterprise clients deploy the CogniVertex platform, we process business documents, workflow data, and user interactions on their behalf. This client data is governed by the applicable services agreement and data processing addendum. This Privacy Policy focuses on personal information relating to website visitors, prospects, and direct CogniVertex account holders.
3. How we use personal information
We use personal information for the following purposes, relying on consent, contractual necessity, or legitimate interests as appropriate under PIPEDA:
- Responding to enquiries and providing requested information about programs and services
- Processing program enrolment, service contracts, and billing
- Delivering platform access, training, and professional services
- Communicating service updates, security notices, and administrative messages
- Improving our website, platform, and user experience through analytics
- Complying with legal obligations, including tax reporting and regulatory requests
- Protecting against fraud, abuse, and security threats
- Conducting research and development on platform features using anonymised or aggregated data
We do not use personal information for automated decision-making that produces legal or similarly significant effects without human review. AI features within our platform operate on client-controlled data under client-configured policies.
4. Legal basis and consent
Under PIPEDA, we obtain meaningful consent before collecting, using, or disclosing personal information, except where permitted or required by law. Implied consent may suffice for obvious purposes such as responding to a direct enquiry. Express consent is required for sensitive uses, marketing communications, and cross-border transfers where risk warrants additional transparency.
You may withdraw consent at any time, subject to legal or contractual restrictions. Withdrawal does not affect the lawfulness of processing prior to withdrawal. Contact us using the details in Section 12 to manage consent preferences.
5. Disclosure of personal information
We do not sell personal information. We may disclose personal information to:
- Service providers — Cloud hosting, email delivery, payment processing, analytics, and customer-relationship management vendors bound by confidentiality and data-protection obligations
- Professional advisers — Lawyers, accountants, and auditors under professional privilege
- Enterprise clients — Where you participate in a client's platform workspace as their employee or contractor
- Legal authorities — When required by court order, subpoena, or applicable law
- Business transactions — In connection with a merger, acquisition, or asset sale, with notice to affected individuals where required
We require service providers to process personal information only for specified purposes and to implement appropriate security measures. A list of sub-processors is available upon request for enterprise clients.
6. Cross-border transfers
By default, we store and process personal information in Canada. Some service providers may process data in the United States or other jurisdictions. When personal information is transferred outside Canada, we assess the destination's privacy protections and implement contractual safeguards, including standard contractual clauses where appropriate.
Cross-border transfers for platform client data require explicit configuration and documented consent under the client's governance policies. Contact your organisation's administrator or our privacy team for residency options including Canadian-only processing.
7. Retention
We retain personal information only as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements. Typical retention periods include:
- Contact form submissions: three years from last interaction
- Program and service records: seven years from contract completion for tax and audit purposes
- Platform account data: duration of account plus ninety days after deletion request
- Website analytics: twenty-six months in aggregated form
- Marketing consent records: until consent is withdrawn plus three years for proof of compliance
When retention periods expire, we securely delete or anonymise personal information.
8. Security
We implement administrative, technical, and physical safeguards appropriate to the sensitivity of personal information, including encryption in transit and at rest, role-based access controls, multi-factor authentication for administrative systems, regular vulnerability assessments, and employee privacy training.
Platform client environments are logically isolated with tenant-scoped encryption keys where configured. Security incident response procedures include notification timelines defined in enterprise data processing addenda. We conduct annual third-party penetration testing on internet-facing platform components and remediate critical findings according to documented severity SLAs.
No method of transmission or storage is completely secure. While we strive to protect personal information, we cannot guarantee absolute security. Report suspected security incidents to [email protected] immediately.
9. Your rights
Under PIPEDA, you have the right to:
- Access personal information we hold about you
- Request correction of inaccurate or incomplete information
- Withdraw consent for non-essential processing
- Challenge our compliance with PIPEDA by contacting the Office of the Privacy Commissioner of Canada
We respond to access and correction requests within thirty days unless an extension is permitted. We may request identity verification before fulfilling requests. In Quebec, additional rights under Law 25 may apply, including data portability and de-indexing in certain circumstances.
10. Children
Our website and services are not directed at individuals under sixteen years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will delete it promptly.
11. Changes to this policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be posted on this page with an updated "Last updated" date. Where changes materially affect how we process personal information already collected, we will provide additional notice through email or an in-platform banner for active account holders.
Continued use of our website or services after changes constitutes acceptance of the revised policy where permitted by law. We encourage you to review this page periodically, particularly before submitting new categories of personal information through programme enrolment or platform registration.
12. Contact us
For privacy enquiries, access requests, or complaints:
CogniVertex Inc.
8 King Street East, Suite 100
Kitchener, ON N2G 2K6
Email: [email protected]
Phone: +1 (519) 555-7483
We aim to acknowledge privacy enquiries within five business days and to resolve straightforward access requests within thirty days. Complex requests involving large volumes of archived data may require additional time; we will notify you if an extension is needed under PIPEDA.
If you are unsatisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca. Quebec residents may also contact the Commission d'accès à l'information du Québec regarding matters governed by provincial privacy legislation.