CogniFit.com Privacy Policy
CogniFit.com Privacy Policy
We believe you should always know what data we collect from you and how we use it, and that you should have meaningful control over both. We want to empower you to make the best decisions about the information that you share with us.
That's the basic purpose of this Privacy Policy.
Here we describe the privacy practices for our services, including our websites, applications, cognitive assessments, brain training programs, SMS, APIs, email notifications, buttons, widgets, ads, commerce services, and other covered services that link to these Terms (collectively, the "Services").
Specifically, we’ll cover:
- Information We Collect
- How We Use Information
- How Information Is Shared
- Your Rights to Access and Control Your Personal Data
- Data Retention
- Analytics and Advertising Services Provided by Others
- Our Policies for Children
- Information Security
- Our International Operations and Data Transfers
- European Privacy Disclosures
- California Privacy Disclosures
- Changes to This Policy
- How to Contact Us
1. Information We Collect
When you use our Services, we collect the following types of information.
1.1. Information You Provide Us
Account Information
Some information is required to create an account on our Services, such as your name, email address, password, and in some cases your date of birth and gender. This is the only information you have to provide to create an account with us. Note that the name you use is always public but you can either choose your real name or a pseudonym.
You may also choose to provide other types of information, such as a profile photo, biography, nationality, location, company, university, and profession.
Additional Information
To help improve your experience or enable certain features of the Services, you may choose to provide us with additional information, like health-related details about you or messages to your friends or specialists on the Services.
You may also connect with friends on the Services or invite friends who have not yet joined by providing their email addresses, accessing social networking accounts, or using the contact list on your mobile device. We do not store your contact list and delete it after it is used for adding contacts as friends.
If you contact us or participate in a survey, contest, or promotion, we collect the information you submit such as your name, contact information, and message.
Payment and Card Information
You may provide us with payment information, including your credit or debit card number, card expiration date, CVV code, and billing address, in order to purchase cognitive assessment or training, as well as other offerings provided as part of our Services. Since payments are processed by a third-party payment processor, CogniFit does not store payment information. Note that third-party payment processors may retain this information in accordance with their own privacy policies.
CogniFit partners with the following payment processors:
- Website payments are processed by FastSpring, PayPal or Stripe with their own privacy policies available at https://fastspring.com/privacy, https://www.paypal.com/us/webapps/mpp/ua/privacy-full and at https://stripe.com/us/privacy respectively
- Mobile payments are processed by either Apple or Google with their own privacy policies available at https://www.apple.com/privacy/privacy-policy/ and at https://policies.google.com/privacy?hl=en&gl=us respectively
1.2. Information We Receive from Your Use of Our Services
Device and Geolocation Information
When you visit or leave our Services, we may receive the URL of both the site you came from and the one you go to next. We may also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our Services from a mobile device, that device may send us data about your location based on your phone settings. We will ask you to opt-in before we use GPS or other tools to identify your precise location.
Usage information
When you access or use our Services, we receive certain usage or network activity information. This includes information about your interaction with the Services, for example, when you view or search content, install applications or software, or create or log into your account.
We also collect data about the devices and computers you use to access the Services, including IP addresses, browser type, language, operating system, mobile device information (including device and application identifiers), the referring web page, pages visited, location (depending on the permissions you have granted us), and cookie information.
Information from Third-Party Services
If you choose to connect your account on our Services to your account on another service, we may receive information from the other service. For example, if you connect to Facebook or Twitter, we may receive information like your name, profile picture, age range, gender, language, email address, and friend list. You may also choose to grant us access to your exercise or activity data from another service. You can stop sharing the information from the other service with us by removing our access to that other service.
We may partner with third parties, such as healthcare providers, pharmaceutical companies, employers, insurance companies, educational institutions, research facilities, health and wellness companies, that offer CogniFit Services to their patients, customers, employees, clients, students, study participants and consumers. In such cases, those organizations may provide us with your name, email address, or similar information (like a telephone number or subscriber ID) so that we can invite you to participate or determine your eligibility for particular benefits, such as discounts or free services.
Links
In order to operate our services, we may keep track of how you interact with links across our Services. This includes links in emails we send you and links to CogniFit that appear on other websites or mobile applications.
If you click on an external link or ad on our Services, that advertiser or website operator might figure out that you came from CogniFit, along with other information associated with the ad you clicked such as characteristics of the audience it was intended to reach. They may also collect other personal data from you, such as cookie identifiers or your IP address.
Cookies
A cookie is a small piece of data that is stored on your computer or mobile device. Like many websites, we use cookies and similar technologies to collect additional website usage data and to operate our services. Although most web browsers automatically accept cookies, many browsers’ settings can be set to decline cookies or alert you when a website is attempting to place a cookie on your computer. However, some of our services may not function properly if you disable cookies. When your browser or device allows it, we use both session cookies and persistent cookies to better understand how you interact with our services, to monitor aggregate usage patterns, and to personalize and otherwise operate our services such as by providing account security, personalizing the content we show you including ads, and remembering your language preferences. For more information, please read our Cookie Use statement.
Messages
We collect information about you when you send, receive, or engage with messages in connection with our Services. For example, if you get a notification to complete a training session, we track whether you have acted on it and will send you reminders.
Partners
We receive personal data about you when you use the services of our customers and partners, such as companies listed in our partners page.
2. How We Use Information
We use the information we collect for the following purposes.
Provide and Maintain the Services
Using the information we collect, we are able to deliver the Services to you and honor our Terms of Service contract with you. For example, we need to use your information to provide you with your dashboard tracking your cognitive results, activity and other trends; to enable the community features of the Services; and to give you customer support.
For the Services’ community features, we may use your information to help you find and connect with other users and to allow other users to find and connect with you. For example, your account contact information allows other users to add you as a friend. When another user has your email in their contact list or in their friend network on a connected service, we show that user that you are a user of the Services.
Improve, Personalize, and Develop the Services
We use the information we collect to improve and personalize the Services and to develop new ones. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys; and develop new features and Services.
When you allow us to collect your location information, we use that information to provide and improve features of the Services such as comparing your results with the average score of people the same location.
We also use your information to make inferences and show you more relevant content. Here are some examples:
- Information like your age and gender allows us to improve the accuracy of your cognitive needs and goals like selecting the exercises on your behalf and adjusting the level of difficulty based on your performance.
- Using your assessment results, we may provide you with customized insights to help you maintain or improve your cognition.
Communicate with You
We use your information when needed to send you Service notifications and respond to you when you contact us. We also use your information to promote new features or products that we think you would be interested in. You can control marketing communications and most Service notifications by using your notification preferences in account settings or via the “Unsubscribe” link in an email.
Cookies
We use cookies and similar technologies for the purposes described above. For more information, please read our Cookie Use statement.
Customer Support
We use the data (which can include your communications) to investigate, respond to and resolve complaints and Service issues (e.g., bugs).
Promote Safety and Security
We use the information we collect to promote the safety and security of the Services, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
Aggregate Insights
We use your data to produce and share aggregated insights that do not identify you. For example, we may use your data to generate statistics about our users, their profession or nationality, to publish cognitive demographic insights.
3. How Information Is Shared
We never sell the personal information of our users. We do not share your personal information except in the limited circumstances described below.
Profile
By default, only your name (and photo if you have provided one) is visible to other users of the Services. You may direct us to disclose more information to others, such as when your account is linked to a professional or to your parents (see next paragraph) or when you use our community features like the challenges and other social tools. For certain information, we provide you with privacy preferences in account settings and other tools to control how your information is visible to other users of the Services.
Professional and family accounts
A parent, educator, health professional, or researcher may grant you access to the Services and access your personal data, such as your cognitive activity and results. We ask for your explicit consent before sharing your data with such person and we provide you with privacy preferences in account settings and other tools to enable or disable this sharing feature.
Third-Party Services
Subject to your account settings, other services may look-up your profile. When you opt to link your account with other services, personal data will become available to them. The sharing and use of that personal data will be described in, or linked to, a consent screen when you opt to link the accounts. For example, you may link your Facebook or Twitter account to share content from our Services into these other services. You may revoke the link with such accounts.
Service Providers
We transfer information to our corporate affiliates, service providers, and other partners who process it for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for development, maintenance, customer support, information technology, payments, sales, marketing, data analysis, research, and surveys. They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.
Law, Harm, and the Public Interest
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person.
Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
Affiliates and Change of Ownership
If we are involved in a merger, acquisition, or sale of assets, we will continue to take measures to protect the confidentiality of personal information and give affected users notice before transferring any personal information to a new entity.
Non-Personal Information
We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in public reports about exercise and activity, to partners under agreement with us, or as part of the community benchmarking information we provide to users of our subscription services.
4. Your Rights to Access and Control Your Personal Data
We give you account settings and tools to access and control your personal data, as described below. If you live in certain jurisdictions, you may have legal rights with respect to your information, which your account settings and tools allow you to exercise, as outlined below.
Accessing and Exporting Data
By logging into your account, you can access much of your personal information, including your cognitive activity statistics. Using your account settings, you can also download information in a commonly used file format, including data about your activities and results.
Editing and Deleting Data
By logging into your account and using your account settings, you can change and delete your personal information.
If you choose to delete your account, please note that all data, scores, and information will be permanently deleted, except as noted below.
We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our User Agreement, or fulfill your request to “unsubscribe” from further messages from us. We will retain de-personalized information after your account has been closed.
Information you have shared with others (e.g. with a parent, educator, health professional, researcher, or some of our partners) will remain visible after you closed your account or deleted the information from your own profile or mailbox, and we do not control data that other users copied out of our Services. Community features content (e.g. challenges) associated with closed accounts will show an anonymous user as the source.
Note that while most of your information will be deleted within 30 days, it may take up to 90 days to delete all of your information, like data stored in our backup systems.
Objecting to Data Use
We give you account settings and tools to control our data use. For example, through your privacy settings, you can limit how your information is visible to other users of the Services; using your notification settings, you can limit the notifications you receive from us; and under your account settings, you can revoke the access of third-party applications that you previously connected to your CogniFit account.
5. Data Retention
We keep your account information, like your name, email address, and password, for as long as your account is in existence because we need it to operate your account. In some cases, when you give us information for a feature of the Services, we delete the data after it is no longer needed for the feature. For instance, when you provide your contact list for finding friends on the Services, we delete the list after it is used for adding contacts as friends. We keep other information, like your exercise or activity data, until you use your account settings or tools to delete the data or your account because we use this data to provide you with your personal statistics and other aspects of the Services. We also keep information about you and your use of the Services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm, including as described in the How We Use Information and How Information Is Shared sections.
6. Analytics and Advertising Services Provided by Others
We work with partners who provide us with analytics and advertising services. This includes helping us understand how users interact with the Services, serving ads on our behalf across the internet, and measuring the performance of those ads. These companies may use cookies and similar technologies to collect information about your interactions with the Services and other websites and applications. To learn more and about your privacy choices, please read our Cookie Use statement.
7. Our Policies for Children
We recognize the need to provide further privacy protections with respect to personal information we may collect from children when using the Services. The term "children" refers to individuals under 16 years of age. Some of the features on our Services are age-gated so that they are not available for use by children, and we do not knowingly collect personal information from children in connection with those features.
When we intend to collect personal information from children, we take additional steps to protect children's privacy, including:
- Notifying parents – i.e. a parent or legal guardian – about our information practices with regard to children, including the types of personal information we may collect from children, the uses to which we may put that information, and whether and with whom we may share that information;
- In accordance with applicable law, and our practices, obtaining consent from parents or legal guardian for the collection of personal information from their children, or for sending information about our Services directly to their children;
- Limiting our collection of personal information from children to no more than is reasonably necessary to participate in an online activity; and
- Giving parents or legal guardian access or the ability to request access to personal information we have collected from their children and the ability to request that the personal information be changed or deleted.
For additional information about our practices regarding children's personal information, please read our Children's Privacy Policy.
Parents who believe that their child has submitted personal information to us and would like to have it deleted may contact us at privacy@cognifit.com.
8. Information Security
We implement security safeguards designed to protect your data, such as HTTPS. We regularly monitor our systems for possible vulnerabilities and attacks. However, we cannot warrant the security of any information that you send us. There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
If you have a security-related concern, please contact customer support at support@cognifit.com.
9. Our International Operations and Data Transfers
We operate internationally and may transfer your personal information to our family of companies or to third parties in locations around the world for the purposes described in this privacy policy.
Wherever your personal information is transferred, stored or processed by us, we will take reasonable steps to safeguard the privacy of your personal information. Additionally, when using or disclosing personal information transferred from the European Union, we use standard contractual clauses approved by the European Commission, adopt other means under European Union law for ensuring adequate safeguards, or obtain your consent.
Please note that the countries where we operate may have privacy and data protection laws that differ from, and are potentially less protective than, the laws of your country. You agree to this risk when you create a CogniFit account, irrespective of which country you live in. If you later wish to withdraw your consent, you can delete your CogniFit account as described in the Your Rights To Access and Control Your Personal Data section.
10. European Privacy Disclosures
If you live in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, please review these additional privacy disclosures under the European Union’s General Data Protection Regulation (GDPR).
Health and Other Special Categories of Personal Data
To the extent that information we collect is health data or another special category of personal data subject to the GDPR, we ask for your explicit consent to process the data. We obtain this consent separately when you take actions leading to our obtaining the data, for example, when you pair your device to your account, grant us access to your exercise or activity data from another service, or use the female health tracking feature. You can use your account settings and tools to withdraw your consent at any time, including by stopping use of a feature, removing our access to a third-party service, unpairing your device, or deleting your data or your account.
Our Legal Bases for Processing Personal Data
For personal data subject to the GDPR, we rely on several legal bases to process the data, including:
- When you have given your consent, which you may withdraw at any time using your account settings and other tools;
- When the processing is necessary to perform a contract with you, like the Terms of Service; and
- Our legitimate business interests, such as in improving, personalizing, and developing the Services, marketing new features or products that may be of interest, and promoting safety and security as described in the How We Use Information section.
How to Exercise your Legal Rights
Please review the Your Rights to Access and Control Your Personal Data section for how your account settings and tools allow you to exercise your rights under the GDPR to access and control your personal data.
In addition to the various controls that we offer, in certain circumstances, you can seek to restrict our processing of your data, or object to our processing of your data based on our legitimate interests, including as described in the How We Use Information section. Under the GDPR, you have a general right to object to the use of your information for direct marketing purposes. Please see your notification settings to control our marketing communications to you about CogniFit products. Our Cookie Use statement describes your options for controlling how we and our partners use cookies and similar technologies for advertising. Please note that you can always delete your account at any time.
If you need further assistance regarding your rights, please contact our Data Protection Officer at data-protection-office@cognifit.com, and we will consider your request in accordance with applicable laws. You also have a right to lodge a complaint with your local data protection authority.
Compliance with Data Privacy Framework (DPF)
CogniFit, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), as established by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) regarding the processing of personal data received from the European Union under the DPF program. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
If you have any inquiries or complaints about our handling of your personal information under the Data Privacy Framework, or about our privacy practices generally, please contact us at: privacy@cognifit.com. We will respond to your inquiry promptly. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://verasafe.com/privacy-solutions/data-privacy-framework-dispute-resolution-program/. If neither CogniFit, Inc. nor our third-party dispute resolution provider resolves your complaint, you may pursue binding arbitration through the Data Privacy Framework Panel.
As in this Privacy Policy we sometimes provide personal information to third parties to perform services on our behalf. If we transfer personal information received under the Data Privacy Framework to a third party, the third party's access, use, and disclosure of the personal information must also be in compliance with our Data Privacy Framework obligations, and we will remain liable under the Data Privacy Framework for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage.
CogniFit, Inc. is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We may be required to disclose personal information that we handle under the Data Privacy Framework in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
For more information about the Data Privacy Framework (DPF) program and to view our certification, please visit Data privacy framework website.
11. California Privacy Disclosures
If you are a California resident, please review the following additional privacy disclosures under the California Consumer Privacy Act (CCPA).
How to Exercise your Legal Rights
You have the right to understand how we collect, use, and disclose your personal information, to access your information, to request that we delete certain information, and to not be discriminated against for exercising your privacy rights. You may exercise these rights using your account settings and tools as described in the Your Rights to Access and Control Your Personal Data section, for example:
- By logging into your account and using your account settings, you may exercise your right to access your personal information and to understand how we collect, use, and disclose it.
- Your account settings also let you exercise your right to delete personal information.
If you need further assistance regarding your rights, please contact our Data Protection Officer at data-protection-office@cognifit.com, and we will consider your request in accordance with applicable laws.
Categories of Information we Collect, Use, and Disclose for Business Purposes
As described in the Information We Collect section, we collect the categories of personal information listed below. We receive this information from you, your device, your use of the Services, third parties (like the other services you have connected to your CogniFit account, or your healthcare providers, pharmaceutical companies, employers, insurance companies, educational institutions, research facilities, health and wellness companies, if they you offer you the CogniFit services as a patient, customer, employee, client, student, study participant or consumer), and as otherwise described in this policy. We use and disclose these categories of information for the business purposes described in the How We Use Information and How Information Is Shared sections, respectively. The categories are:
- Identifiers, like your name or username, email address, mailing address, phone number, IP address, account ID, cookie ID, and other similar identifiers.
- Demographic information, such as your gender, age, health information, and physical characteristics or description, which may be protected by law.
- Commercial information, including your payment information and records of the Services you purchased, obtained, or considered (for example, if you added them to your shopping cart on the CogniFit platforms but did not purchase them).
- Biometric information, such as your exercise, activity, sleep, or health data, and any similar information to which you grant us access from another service.
- Internet or other electronic network activity information, such as the usage data we receive when you access or use our Services. This includes information about your interactions with the Services and about the devices and computers you use to access the Services.
- Geolocation data, including GPS signals, device sensors, Wi-Fi access points, and cell tower IDs, if you have granted us access to that information.
- Electronic, visual, or similar information, such as your profile photo or other photos.
- Professional, educational or employment related information, including any information (like your name, email address, or similar information) that your healthcare providers, pharmaceutical companies, employers, insurance companies, educational institutions, research facilities, health and wellness companies provides to us so that we can invite you to participate in or determine your eligibility for CogniFit Services that they offer to their patients, customers, employees, clients, students, study participants and consumers.
- Other information that you provide, including account information such as your biography or country; information for features of the Services, for example, information about your friends, and logs for mental activity, physical exercise, sleep; messages on the Services; and information recorded by your device which may vary depending on the device you use.
- Inferences drawn from any of the above, including the number of cognitive skills you assessed, trained, sleep insights, and personalized exercise and activity goals.
We never sell the personal information of our users. We do work with partners who provide us with advertising services as described in the Analytics and Advertising Services Provided by Others section. To learn more about how these partners collect data and your options for controlling the use of your information for interest-based advertising, please read our Cookie Use statement.
12. Changes to This Policy
From time to time, we may change this Privacy Policy to accommodate new technologies, industry practices, regulatory requirements or for other purposes. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. Notice may be by email to you at the last email address you provided us, by posting notice of such changes on our Services, or by other means, consistent with applicable law.
By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Privacy Policy.
13. How to Contact Us
If you have questions about this policy or need help exercising your privacy rights, please contact our Data Protection Officer at privacy@cognifit.com.
You may also contact us by mail at:
CogniFit, Inc.
Attn: Legal Department (Privacy Policy)
600 California Street, 11th floor
San Francisco, CA 94108, USA
Updated: April, 16 2024