Privacy Policy

1. Who we are

CogniLead is a product operated by Medishift (a Switzerland-based entity; CogniLead GmbH is in formation). The service is offered at cognilead.ai. The controller for the personal data described in this policy is the operating entity above.

For any privacy-related question, write to privacy@cognilead.ai. For Data Protection Officer matters specifically, write to dpo@cognilead.ai.

2. What we collect

We collect three categories of personal data about our users:

a. Account data

• Email address
• Display name
• OAuth provider identifier when you sign in with Github or Google
• Workspace name you choose during onboarding
• Jurisdiction selection (CH or EU) configured at signup

b. Operational data

• API request logs: HTTP method, path, status code, source IP, user-agent — persisted to the api_calls table for debugging and abuse prevention
• Session cookies necessary to keep you signed in
• CSRF tokens used to protect form submissions

c. Customer-uploaded data

When you use CogniLead as a customer, you upload data about third parties (signals, leads, suppressions, sends, evidence packs). That data is processed under the Data Processing Agreement in which you are the controller and CogniLead is the processor. It is not the subject of this policy.

3. Legal basis

We rely on two grounds under the GDPR for processing the personal data described above:

• Contract performance — Article 6(1)(b). Account data and session cookies are necessary to provide the service you have asked us to provide.
• Legitimate interest — Article 6(1)(f). Operational logs, abuse prevention, security monitoring, and limited marketing communications to our own prospects rely on our legitimate interest in operating the service safely and reaching relevant business contacts. You can object at any time using the contact details below.

We do not use consent (Article 6(1)(a)) as the primary lawful basis for any of the categories above; we do not run any consent-based tracking. If we ever introduce a feature that requires consent, you will be asked explicitly and may withdraw at any time.

4. Retention

• Account data: kept until your account is deleted, then a 30-day grace window for recovery before hard deletion.
• API request logs: 90 days, after which they are aggregated for security analytics and the raw rows are dropped.
• Financial records: 7 years, as required by Swiss accounting and tax law (CO 958f). This is the only retention period that survives account deletion.
• Backups: 30-day rolling snapshots in the same jurisdiction (see Security). A deletion request propagates to backups within one full rotation cycle.

5. Sub-processors

We use the following sub-processors to deliver the service. Each one has a Data Processing Agreement with us. The same list applies to the DPA you sign with us as a customer.

• Supabase — authentication and Postgres database. EU region by default. DPA available.
• Resend — transactional and product emails. DPA available.
• Vercel and Cloudflare — application hosting and edge network. DPA available.
• Stripe — billing (activated only when paid plans are enabled). DPA available.
• LLM providers (per tenant choice): Gemini (Google), OpenAI, Mistral, Anthropic, Infomaniak. Only the providers you explicitly configure with a key receive any data. CogniLead does not select an LLM on your behalf.

6. International transfers

Account data, operational logs, and customer-uploaded data are stored in either the European Union or Switzerland, depending on the jurisdiction you select at signup. Data is never moved across this boundary by CogniLead.

The only situation in which data leaves the EU or Switzerland is if you, as a customer, explicitly configure a non-EU LLM provider (for example, US-based OpenAI or Anthropic) using your own API key. In that case the personalization step calls the provider you chose, and your configuration is the authority for that transfer. We execute Standard Contractual Clauses with our default LLM sub-processors where required.

7. Your rights

Under the GDPR and the Swiss revFADP you have the following rights over your personal data:

• Access — request a copy of what we hold about you.
• Rectification — correct anything that is wrong.
• Erasure — ask us to delete your data.
• Portability — receive your data in a machine-readable format.
• Restriction — limit how we use your data.
• Objection — object to processing based on legitimate interest.
• Withdrawal — withdraw any consent you may have given.

We honor these requests within 30 days. To exercise any of them, either use your data dashboard, email privacy@cognilead.ai, or use the programmatic Data Subject Rights endpoint at /api/v1/dsr. You also have the right to lodge a complaint with your supervisory authority (for Switzerland: the FDPIC).

8. Cookies

We use strictly necessary cookies only: a session cookie that keeps you signed in, and a CSRF token that protects form submissions. We do not use analytics cookies, marketing cookies, advertising pixels, third-party tracking tags, or fingerprinting. There is no cookie banner because there is nothing to opt out of.

9. Security

We treat security as part of the product. TLS 1.3 for all traffic, MFA enforced on the dashboard, Postgres Row Level Security keyed on tenant identifier, daily encrypted backups in a separate region of the same jurisdiction. The full posture is documented at /legal/security.

10. Changes

We will give you at least 30 days notice for any material change to this policy, by email to the address on your account and by a visible notice on the dashboard. Non-material changes (typos, clarifications) are published silently with an updated date at the top of this page.

11. Contact

Privacy questions: privacy@cognilead.ai.
DPO matters: dpo@cognilead.ai.