CogniFirst Technologies Private Limited

Privacy Policy

Updated on: 26th March, 2026

This Privacy Policy (“Privacy Policy”) applies to your use of our website https://www.CogniFirst.com/ (“Platform”) and the Software-as-a-Service (SaaS) products and enterprise deployments offered through the Platform (hereinafter collectively referred to as “Offerings”) which are owned, controlled and operated by CogniFirst Technologies Private Limited, a company incorporated under the laws of India, and having its registered office at Site No. 29/A (E), K Wings Building, 3rd floor, HSR Layout, Bengaluru, Karnataka, India - 560 102 (“Company”, “CogniFirst”, “we”, “our”, or “us”).

For the purposes of this Privacy Policy, “you” and “your” shall mean a user of the Offerings, whether an individual user or a corporate entity.

This Privacy Policy sets out what data we collect and how and why we use it when you access the Offerings. By accepting this Privacy Policy, you signify that you have read, understood, and agree to be bound by the same. We reserve the right to update or modify this Privacy Policy at any time, and such changes may be effective immediately upon posting.

1. Objective & Scope CogniFirst is committed to protecting Users’ privacy and securely processing data. Our Offerings are designed for enterprise environments, including domain-heavy and regulated industries. This policy covers the categories of personal and operational data collected, how we use or process such data, third-party sub-processors, and your associated rights under applicable global data protection laws.

2. Data Collected Depending on your deployment model (SaaS vs. Enterprise On-Premise), our data collection practices vary strictly by necessity.

• Account & Access Data: To access our SaaS Offerings, you may be required to provide certain identifying data, such as your name, corporate email address, role, and work address.

• Platform Usage & Uploads: When utilizing our SaaS Product, we process the information provided by you, including your inputs, file uploads (e.g., PDFs, engineering documents), and the outputs generated by the Product strictly to provide the service to you.

• Automated Log Data: We automatically collect standard security and operational logs, including your IP address, browser type, the domain server through which you access the Offerings, and standard web log data.

• On-Premise Deployments: For clients utilizing our Enterprise On-Premise deployments, CogniFirst does not centrally collect, store, or process your operational data or document uploads. All data processing occurs locally within your secure infrastructure, and we only collect high-level licensing, telemetry, and support-ticket data as explicitly configured by your administrative team.

We do not request or collect location data (GPS/cell tower), nor do we request access to device microphones or cameras.

3. Method and Manner of Use of Data We use your data strictly for the following purposes:

• To provide, troubleshoot, and maintain our Offerings.

• To authenticate users and ensure secure access controls.

• To communicate regarding system updates, support requests, and service availability.

• To protect and defend the rights, property, and security of CogniFirst and our Users.

4. AI Model Training & Data Boundaries CogniFirst adheres to strict enterprise data isolation principles:

• No Foundational Training: We do not use your personal data, proprietary document uploads, prompt inputs, or generated outputs to train, retrain, or improve our foundational Large Language Models (LLMs) or base classifiers.

• Customer Isolation: Any fine-tuning or semantic indexing performed to improve accuracy for your specific use cases is strictly isolated to your tenant environment and is never shared across other CogniFirst customers.

5. Sharing of Data & Third-Party Processors We do not sell your data to any third party under any circumstance. We may use highly vetted, enterprise-grade third-party service providers to facilitate our Offerings (e.g., secure cloud hosting, payment gateways, and specialized APIs like Microsoft Azure OCR).

• Enterprise API Usage: When utilizing third-party cognitive or extraction APIs (such as Azure OCR) to process your documents within our pipeline, we strictly utilize their enterprise-tier services. Under these agreements, third-party providers are contractually prohibited from retaining your data or using your documents to train their own models.

• Compliance: We will not disclose any User data to third parties, save when legally compelled under applicable law or valid legal process.

6. Data Security Data transmitted over the internet is protected through industry-standard encryption protocols (SSL/TLS), and data at rest is encrypted using AES-256 or equivalent standards. Our infrastructure and security practices undergo regular Vulnerability Assessment and Penetration Testing (VAPT) and are designed to align with stringent regulatory frameworks, including CERT-In guidelines, to ensure the continuous protection of enterprise data. However, no method of transmission over the Internet is 100% secure, and use of our Offerings is at your own discretion.

7. Data Retention We retain User data only for as long as is necessary to fulfill the purposes for which it was processed, to provide our Offerings, or as required under applicable law. Upon termination of your contract or upon explicit request, your data will be securely deleted or anonymized in accordance with our data destruction policies.

8. Your Rights & Global Jurisdictions This Privacy Policy complies with major global data protection frameworks.

For Users in India (DPDPA 2023): You have the right to access, correct, and erase your personal data, as well as the right to withdraw consent and nominate a representative, in compliance with the Digital Personal Data Protection Act, 2023.

For Users in the European Economic Area (EEA) & UK (GDPR): You have the right to request access, rectification, erasure, restriction of processing, and data portability. Where personal data is transferred outside the EEA/UK, such transfers are governed by Standard Contractual Clauses or other approved legal frameworks.

For Users in the United States (including CCPA/CPRA): CogniFirst does not “sell” or “share” your personal information as defined by the California Consumer Privacy Act. You have the right to request disclosure of the data we collect, request deletion, and not face discrimination for exercising your privacy rights.

9. Nodal Grievance Redressal Officer As required under the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, and rules made thereunder, you may contact our Grievance Officer for any privacy-related concerns:

NAME: Swathi Mereddy (or current active Nodal Officer) ADDRESS: CogniFirst Technologies Private Ltd., Site No. 29/A (E), K Wings Building, 3rd floor, HSR Layout, Bengaluru, Karnataka, India - 560102 EMAIL: privacy@cognifirst.com

10. Dispute Resolution In the event of any dispute arising out of this Privacy Policy, the same shall be settled in accordance with the applicable laws of India, and the courts of Bengaluru, Karnataka, shall have exclusive jurisdiction.