CognetivyCognetivy

Privacy Policy

Effective date: March 20, 2026

1. Who we are

This Privacy Policy describes how Stack Studio AI Inc. ("we," "us," "our") collects, uses, shares, and protects information when you use Cognetivy (the "Service"), including our website and applications.

Where required by law, this policy applies across jurisdictions where the Service is offered.

2. Information we collect

We collect the following categories of information:

Account and identity information

When you create an account or sign in, we process information from Firebase Authentication, which may include your email, email verification status, display name, and profile photo URL.

Organization and membership information

The Service supports organizations/workspaces. We process organization names and membership details (such as roles and statuses) for access control and collaboration.

Billing information

Payment card details are handled by third-party processors (including Stripe). We process subscription-related information and may receive billing identifiers and customer information needed to manage access to paid features (through Stripe/Stigg).

API keys and access metadata

If you create an API key for CLI or other clients, we store key metadata such as a hash of the key and a display prefix (not the raw secret).

Service content (runs, prompts, and outputs)

Cognetivy stores workflow run history, including inputs, outputs, intermediate step results, event logs, and collection item payloads. This data may contain personal data if you provide it in prompts, transcripts, audio, images, or other content used in workflows.

Authentication tokens in your browser

The application stores Firebase session tokens in your browser localStorage to enable authenticated API requests. We may also store an impersonation token in localStorage when a temporary access flow is used.

Analytics and support tooling data

We use analytics and support tools, which may collect identifiers and usage signals, such as your user ID and email (where available), and events like page views and product interactions. These tools can include: Mixpanel (and browser tracking), Google Analytics (website), LogRocket (debugging), and Intercom (support messaging).

3. How we use information

We use information for purposes including:

- Providing, operating, and maintaining the Service

- Authenticating and authorizing users and organizations

- Executing workflows and providing run tracking and collections

- Enforcing access controls, security, and fraud prevention

- Managing subscriptions and billing-related access

- Measuring and improving performance and user experience (analytics)

- Customer support and troubleshooting (Intercom/LogRocket where enabled)

4. AI processing and third-party model providers

Some features may use external AI model providers to process prompts and generate outputs. When a workflow requires AI inference, we may transmit relevant parts of your User Content (such as prompts and other inputs, and in some cases audio/images, depending on the workflow) to third-party providers for processing.

Supported providers may include OpenAI, Anthropic, Google Vertex AI, and Groq, as well as OpenAI-based transcription (where audio is used).

These providers may collect and process information in accordance with their own privacy policies.

5. Sharing of information

We share information with:

- Service providers and subprocessors that help operate the Service (hosting, identity, etc.)

- Firebase (authentication and realtime database invalidation signals)

- Analytics and diagnostics providers (Mixpanel, Google Analytics, LogRocket)

- Support tooling (Intercom)

- Billing providers (Stripe, Stigg)

- AI model providers (OpenAI, Anthropic, Google Vertex AI, Groq)

6. Cookies and tracking technologies

Our website uses Google Analytics. The application uses client-side analytics such as Mixpanel (configured to be disabled on localhost). We may also store authentication tokens in localStorage to maintain sessions. These technologies help us understand usage and improve the Service.

If you are located in a region that requires consent or cookie controls for analytics, you are responsible for complying with any applicable requirements. Where required, we may provide notice or configuration controls.

7. Data retention

We retain personal data only as long as necessary to provide the Service, fulfill the purposes described in this policy, and comply with applicable legal obligations. Run history and collection data are stored to enable run tracking and user access to their results.

8. Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect personal data. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. International transfers

We may transfer personal data to countries other than your own, including where some third-party providers and subprocessors operate. We take steps intended to ensure transfers comply with applicable data protection laws.

10. Children

The Service is not directed to children under the age required by applicable law. We do not knowingly collect personal data from children.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Effective date." Continued use of the Service after the effective date means you accept the updated policy.

12. Contact

For privacy questions or requests, contact david@stackstudio.io.