← Back home
Legal

Privacy Policy

Effective: May 23, 2026 · Version 1.0 · CogLogic Inc.
Draft — Pending Legal Review This Privacy Policy is a working draft pending review by qualified legal counsel. It reflects CogDrop's intended data practices and is published for transparency during the private beta. The final reviewed version will supersede this draft at general availability.

1. Who We Are

CogDrop is a product of CogLogic Inc., a Delaware corporation ("CogLogic," "we," "us," or "our"). For the purposes of applicable data protection law, CogLogic Inc. is the data controller for all personal data processed through CogDrop.

Mailing address:
CogLogic Inc.
1111B S Governors Ave Ste 84750
Dover, Delaware 19904-6903
United States

Privacy contact: privacy@cogdrop.ai

2. Scope

This Privacy Policy applies to the CogDrop application and the website at cogdrop.ai (collectively, the "Service"). It describes what information we collect, how we use it, who we share it with, and the choices you have.

3. Information We Collect

3.1 Account Information

When you create a CogDrop account, we collect your name, email address, and authentication credentials. If you sign in via a third-party identity provider (e.g., Apple, Google), we collect the identifier they share with us.

3.2 Content You Capture ("CogDrops")

CogDrop is designed to capture cognitive content — your thoughts, observations, and intentions. Depending on which capture mode you use, this may include:

3.3 Usage and Device Information

We collect technical information necessary to operate the Service — device type, operating system, app version, IP address, and interaction logs (e.g., which features you use, error reports). We use this for operations, security, debugging, and product improvement.

3.4 Information You Share with Others

When you CogDrop an item to another person, the content of that CogDrop and metadata about its lifecycle (sent, seen, acknowledged, acted) is shared with the recipient and visible to you. Items you mark personal are never shared.

4. How We Use Your Information

5. Legal Bases for Processing (EEA / UK)

If you are in the European Economic Area or the United Kingdom, we process your personal data under one or more of the following legal bases: performance of a contract (providing the Service to you), our legitimate interests (operating and improving the Service, security), your consent (where required, such as for optional integrations), and compliance with legal obligations.

6. AI Processing

CogDrop uses artificial intelligence to suggest how you might triage your captures (for example, suggesting that a captured item could be shared with a particular person, or that multiple items might be extracted from a single capture). The following statements describe our AI practices:

7. Subprocessors

We use the following third-party service providers to operate CogDrop. Each acts as a data processor on our behalf, under contract:

Provider Purpose Data Categories
Supabase Database, authentication, storage, edge functions Account data, captured content, media files
Anthropic AI-powered triage suggestions (Claude API) Capture text and image content (per-request, not stored for training)
OpenAI Voice transcription (Whisper) Voice audio (per-request, not stored for training)
Google Photo analysis (Gemini API) Photo content (per-request, not stored for training)
Resend Transactional email delivery Email address, message content
Stripe Subscription billing (when applicable) Payment information (held by Stripe, not by us)
Sentry Error monitoring and diagnostics Error reports, device and session metadata
Cloudflare DNS, content delivery, security IP address, request metadata

We will update this list when subprocessors are added, removed, or changed. Material changes will be communicated in advance where required by law.

8. How We Share Information

We do not sell your personal data. We share information only as described below:

9. Data Retention

We retain your account information and CogDrop content for as long as your account is active. If you delete a CogDrop, it is removed from active systems within 30 days. If you delete your account, we delete your personal data within 90 days, except where we are required to retain certain records to comply with legal obligations, resolve disputes, or enforce our agreements. Backup copies are purged on the next backup rotation cycle.

10. Security

We use industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS), encryption at rest, access controls, audit logging, and row-level security in our database. No system is perfectly secure; we will notify affected users and regulators of material breaches in accordance with applicable law.

11. Your Rights

Depending on where you live, you may have the right to:

To exercise these rights, email us at privacy@cogdrop.ai. We will respond within the timeframe required by applicable law.

12. Children

CogDrop is not directed to children under 13 (or 16 in the EEA/UK), and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. International Transfers

CogLogic Inc. is based in the United States. If you access the Service from outside the U.S., your information may be transferred to, stored in, and processed in the United States. Where required by law, we rely on appropriate safeguards (such as Standard Contractual Clauses) for international data transfers.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the application, by email, or by a notice on this page prior to taking effect. The "Effective" date at the top of this page indicates when the current version became effective.

15. Contact

Privacy Inquiries

CogLogic Inc.

Email: privacy@cogdrop.ai

A Delaware Corporation. Mailing address is provided in Section 1 above.