CognAgentAI

GDPR Compliance

Last updated: August 24, 2025

Legal Documents

Terms of ServicePrivacy PolicyCookie PolicyCookie SettingsGDPR ComplianceAnalytics Opt-OutDo Not Sell My InfoSecurity PolicyRefund PolicyDigital DeliveryAccessibility Statement

1. Our Commitment to GDPR Compliance

CognAgentAI is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This document outlines how we meet GDPR requirements and protect the rights of individuals in the European Union.

The GDPR gives individuals control over their personal data and places strict obligations on organizations that process this data. We have implemented appropriate technical and organizational measures to ensure compliance.

2. Legal Basis for Processing

We process personal data under the following legal bases as defined in Article 6 of the GDPR:

Contractual Necessity (Article 6(1)(b))

Processing necessary for the performance of our service contract with you:

  • Account creation and management
  • Service delivery and call processing
  • Billing and payment processing
  • Customer support and communications

Legitimate Interest (Article 6(1)(f))

Processing necessary for our legitimate business interests:

  • Service improvement and analytics
  • Fraud prevention and security
  • Marketing to existing customers
  • Business development and research

Consent (Article 6(1)(a))

Processing based on your explicit consent for:

  • Marketing communications to prospects
  • Optional analytics and tracking
  • Third-party integrations
  • Special category data (where applicable)

Legal Obligation (Article 6(1)(c))

Processing required to comply with legal obligations:

  • Tax and accounting requirements
  • Anti-money laundering checks
  • Regulatory compliance
  • Legal proceedings and law enforcement

3. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right of Access (Article 15)

You can request access to your personal data and information about how we process it.

How to exercise: Contact us at privacy@cognagentai.com or use your account dashboard.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

How to exercise: Update information in your account settings or contact support.

Right to Erasure (Article 17)

You can request deletion of your personal data in certain circumstances.

How to exercise: Delete your account or contact privacy@cognagentai.com.

Right to Restrict Processing (Article 18)

You can request limitation of processing in specific situations.

How to exercise: Contact privacy@cognagentai.com with your specific request.

Right to Data Portability (Article 20)

You can request your data in a structured, machine-readable format.

How to exercise: Use account export features or contact support.

Right to Object (Article 21)

You can object to processing based on legitimate interests or direct marketing.

How to exercise: Use opt-out links or contact privacy@cognagentai.com.

Right to Withdraw Consent (Article 7)

You can withdraw consent for processing based on consent at any time.

How to exercise: Use account settings, opt-out links, or contact support.

4. Data Protection Measures

We have implemented comprehensive technical and organizational measures to ensure data protection:

Technical Measures

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Regular Updates: Systematic security patches and updates
  • Data Minimization: Collection limited to necessary data only
  • Pseudonymization: Personal identifiers replaced where possible

Organizational Measures

  • Staff Training: Regular GDPR and privacy training for all employees
  • Data Protection Officer: Appointed DPO for privacy oversight
  • Privacy by Design: Privacy considerations in all system designs
  • Incident Response: Procedures for data breach notification
  • Vendor Management: GDPR compliance requirements for all processors
  • Documentation: Comprehensive records of processing activities

5. International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards:

Standard Contractual Clauses

We use European Commission approved Standard Contractual Clauses (SCCs) with third-party processors located outside the EEA.

Adequacy Decisions

We transfer data to countries with European Commission adequacy decisions, such as the UK and Switzerland.

Additional Safeguards

We implement additional technical and organizational measures, including impact assessments and ongoing monitoring.

6. Data Breach Notification

In the event of a personal data breach, we will:

  • Internal Response: Immediate containment and assessment within 1 hour
  • Supervisory Authority: Notification within 72 hours where required
  • Individual Notification: Direct communication if high risk to rights and freedoms
  • Documentation: Comprehensive record of the breach and response measures
  • Remediation: Immediate steps to prevent future occurrences

7. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that pose high risks to individual rights and freedoms, including:

  • New AI and automated processing systems
  • Large-scale processing of special category data
  • Systematic monitoring of public areas
  • Processing involving new technologies

8. Third-Party Processors

We work with carefully selected third-party processors who are bound by GDPR compliance requirements:

ProcessorServiceData LocationSafeguards
SupabaseDatabase hostingEU (Frankfurt)GDPR compliant, EU hosting
TwilioSMS deliveryUS/GlobalSCCs, Privacy Shield successor
StripePayment processingUS/EUSCCs, Adequate country transfers
VercelApplication hostingEU/GlobalSCCs, DPA agreement

9. Contact Information

For any GDPR-related questions or to exercise your rights, please contact:

Data Controller

CognAgentAI, Inc.

123 Innovation Drive, Suite 400

Austin, TX 78701, USA

Email: privacy@cognagentai.com
Phone: 1-800-COGNAGENT

Data Protection Officer

Privacy Officer

CognAgentAI Data Protection

Same address as controller

Email: dpo@cognagentai.com
Response time: 30 days maximum

10. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. For EU residents, you can contact your local data protection authority or our lead supervisory authority:

Irish Data Protection Commission

21 Fitzwilliam Square South

Dublin 2, D02 RD28, Ireland

Phone: +353 57 868 4757
Email: info@dataprotection.ie
Website: www.dataprotection.ie

Questions About Our Policies?

If you have any questions about these legal documents, please don't hesitate to contact us.

Contact Uslegal@cognagentai.com