CogniStream Privacy Policy
Last Updated: February 18, 2025
Introduction
CogniStream Ltd ("CogniStream," "we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy describes how we collect, use, store, and protect information when you use our platform, website, and services (collectively, the "Services").
This Privacy Policy should be read alongside our Terms of Service. By using our Services, you agree to the collection and use of information as described in this policy.
If you do not agree with our policies and practices, please do not use our Services.
1. Key Definitions
"Personal Data" means any information relating to an identified or identifiable natural person.
"Processing" means any operation performed on Personal Data.
"Data Controller" means the entity that determines the purposes and means of processing Personal Data.
"Data Processor" means the entity that processes Personal Data on behalf of the Data Controller.
"Research Data" means data collected during research interviews and studies conducted through our Services.
"Business Client" means any business entity using our Services to conduct research.
"Interview Participant" means any individual participating in research interviews through our Services.
2. Our Role and Responsibilities
We act as both a Data Controller and a Data Processor:
- We are a Data Controller for information we collect about our Business Clients and website visitors
- We are a Data Processor for Research Data collected on behalf of our Business Clients
- We process data in compliance with the EU General Data Protection Regulation (GDPR) and the EU AI Act
3. Information We Collect
3.1 Business Client Data
When you register as a Business Client, we collect:
- Contact information (name, email, phone number)
- Business information (company name, role, address)
- Account credentialsPayment information
- Service usage data
- Communications with us
3.2 Interview Participant Data
When you participate in research interviews, we collect:
- Basic identification data (first name)
- Voice recordings and transcripts
- Photos and videos of you
- Emotional expressions from voice prosody
- Research responses and feedback
- Technical data about service usage
- Demographic information provided voluntarily
3.3 Collection of Other Information
We and our service providers may collect Other Information in a variety of ways, including:
From you, on surveys or in studies
Information you provide in research studies and surveysFeedback and responses to questionnaires
Your browser or device
Certain information is collected by most browsers or automatically through your device, such as Media Access Control (MAC) addressComputer type (Windows or Mac)Screen resolution; Operating system name and version; Device manufacturer and model; Language; Internet browser type and version; Name and version of the Offerings you are using.
We use this information to ensure that the Offerings function properly.
Cookies
Cookies are pieces of information stored directly on the computer that you are using. Cookies allow us to collect information such as: Browser type; Time spent on the Offerings; Pages visited; Language preferences; Traffic data;
We and our service providers use this information for: Security purposes; Facilitating navigation; Displaying information more effectively; Personalizing your experience; Gathering statistical information about Offerings usage; improving design and functionality; Understanding usage patterns; Resolving user questions; Selecting and displaying relevant offersTracking responses to online advertising;
If you do not want information collected through cookies, most browsers allow you to automatically decline cookies or choose whether to accept cookies from specific websites.
You may refer to http://www.allaboutcookies.org/manage-cookies/index.html for more information. However, declining cookies may cause some inconvenience in your use of the Offerings and may prevent you from receiving relevant advertising or offers.
Pixel tags and other similar technologiesPixel tags:
Also known as web beacons and clear GIFs, pixel tags may be used to: Track user actions on the Offerings; Track email recipient actions; Measure marketing campaign success; Compile usage statistics and response rates
Analytics: We use Google Analytics and PostHog, which use cookies and similar technologies to: Collect and analyze Offerings usage information; Report on activities and trends; Collect information about other website, app, and online resource usage; Track user journeys and interactions; Analyze feature usage and product analytics;
You can learn about Google's practices at www.google.com/policies/privacy/partners/ and opt out by downloading the Google Analytics opt-out browser add-on at https://tools.google.com/dlpage/gaoptout.
You can learn about PostHog's practices at https://posthog.com/privacy. PostHog processes data within the European Union, and we have a Data Processing Agreement in place with them to ensure GDPR compliance.
4. How We Use Your Information
4.1 Business Client Data
We process this data to:
- Provide and maintain our Services
- Process payments
- Send service notifications
- Provide customer support
- Improve our Services
- Comply with legal obligations
- Send marketing communications (with consent)
4.2 Interview Participant Data
We process this data to:
- Facilitate research interviews
- Generate insights using AI analysis
- Improve our AI models
- Create anonymized research reports
- Ensure service quality and security
4.3 Legal Bases for Processing
We process Personal Data under the following legal bases:
- Contract performance
- Legal obligations
- Legitimate interests
- Consent
5. AI Processing and Automated Decision-Making
5.1 AI Technology Use
Our Services use AI technology for:
- Conducting research interviews
-Analyzing voice patterns and prosodic features
- Generating research insights
- Service improvement
5.2 AI Safeguards
We implement the following safeguards:
- Clear disclosure of AI use
- Human oversight of AI systems
- Regular testing for bias and accuracy
- Monitoring of AI system performance
- Compliance with EU AI Act requirements
- Our Services analyze speech prosody and acoustic features to identify patterns & emotional expressions in vocal expressions.
- We do not make claims about measuring emotions directlyNo use for identification purposes
5.3 Automated Decision-Making
We do not use AI for decisions that significantly affect individuals
Research insights are provided in aggregate form
Individual responses are pseudonymized
6. Data Sharing and Disclosure
We may share your Personal Data with:
- Service providers who assist in delivering our Services
- Business Clients (for Research Data they commissioned)
- Legal authorities when required by law
- Potential buyers in case of business transfer
We require all third parties to respect data security and comply with data protection laws.
7. International Data Transfers
We store and process data in the European Union. If we transfer data outside the EU, we ensure:
- Adequate safeguards are in place
- Standard Contractual Clauses are implemented
- Recipients provide appropriate security measures
- Transfers comply with applicable data protection laws
8. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption of data in transit and at rest
- Access controls and authentication
- Regular security assessments
- Staff training on data protection
- Incident response procedures
- Regular backups
- Monitoring and logging
9. Data Retention
We retain Personal Data only as long as necessary for the purposes described in this policy:
Business Client data - Duration of the business relationship plus 7 years
Research Data - As specified in our agreement with Business Clients or until the Business Client is no longer using our Services
Technical data - Up to 12 months
Marketing data - Until opt-out
10. Your Rights
Under GDPR and applicable laws, you have the right to:
- Access your Personal Data
- Rectify inaccurate data
- Erase your data (right to be forgotten)
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent
- Lodge a complaint with supervisory authorities
To exercise these rights, contact us at privacy @ cognistream.ai
11. Children's Privacy
We do not knowingly collect or process data from children under 13. If you believe we have collected such data, please contact us immediately.
Children between 13 and 18 years may use our Services only with explicit guardian's consent.
12. Updates to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new policy on our website
- Sending an email to registered users
13. Contact Us
For privacy-related questions or to exercise your rights:
Address: CogniStream Ltd, Baseline, 3rd Floor, 61 Thomas St, The Liberties, Dublin 8, D08 W250, Ireland.
Data Protection Officer Email: privacy @ cognistream.ai
14. Supervisory Authority
You have the right to lodge a complaint with your local data protection authority.
For Ireland, this is the Data Protection Commission, 21 Fitzwilliam Square South, Dublin D02 RD28, Ireland.