Privacy Policy

Last Updated: December 1, 2024

Your Privacy Matters. At Cognify Legal, we take data protection seriously. This Privacy Policy explains how we collect, use, protect, and share information about you.

This policy applies to all users of the Cognify Legal platform and website. By using our Service, you agree to the collection and use of information in accordance with this policy.

We are committed to GDPR compliance and protecting your data rights.

1. Introduction

Cognify Legal Limited ("Cognify", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes:

What information we collect and why
How we use, store, and protect that information
Your rights regarding your personal data
How to contact us with privacy-related questions

This policy applies to personal data processed through our website (cognifylegal.com) and our software platform (the "Service").

2. Data Controller

Cognify Legal Limited is the data controller responsible for your personal information. Our contact details are:

Company: Cognify Legal Limited
Email: privacy@cognifylegal.com
Address: [Company Registered Address]
Company Number: [To be assigned]

For data protection queries, please contact our Data Protection Officer at privacy@cognifylegal.com.

3. What Data We Collect

We collect different types of information depending on how you interact with us.

3.1 Account & Profile Information

When you create an account, we collect:

Name and email address
Company/firm name and size
Job title and role
Phone number (optional)
Password (encrypted and never stored in plain text)

3.2 Customer Data

When you use our Service, we process data from your practice management systems and Microsoft 365, including:

Matter and client information
Time entries and billing data
Financial information (invoices, payments, WIP)
Staff and resource allocation data
Documents and communications (when accessed through integrations)

Important: You remain the data controller for all Customer Data. We process this data only on your instructions and in accordance with data processing agreements. We never use your Customer Data to train AI models or for any purpose other than providing the Service to you.

3.3 Usage Information

We automatically collect information about how you use the Service:

Features and pages accessed
Time spent using different features
Queries submitted to the intelligence system
Integration usage patterns
Error logs and performance data

3.4 Technical Information

We collect technical data necessary to provide the Service:

IP address and browser type
Device information and operating system
Referring website and navigation path
Connection information and service logs

3.5 Marketing & Communications

If you engage with our marketing:

Email addresses submitted for updates or demos
Communication preferences
Responses to surveys or feedback requests
Event attendance information

4. How We Collect Data

4.1 Information You Provide

We collect data you directly provide when you:

Create an account or update your profile
Configure integrations with your systems
Contact our support team
Complete forms on our website
Participate in surveys or feedback sessions

4.2 Automated Collection

We automatically collect data through:

Cookies and similar tracking technologies
Server logs and application analytics
Integration APIs (when you connect external systems)

4.3 Third-Party Sources

We may receive data from:

Your practice management system (via authorized API connections)
Microsoft 365 (via authorized integrations)
Payment processors (for billing information)

5. How We Use Your Data

Purpose	Data Used
Provide the Service	Account information, Customer Data, usage information, technical data
Process Payments	Billing information, payment details, subscription tier
Customer Support	Account information, usage data, support communications
Improve Our Service	Usage patterns, feature adoption, anonymized analytics
Security & Fraud Prevention	Technical data, access logs, authentication information
Communications	Email address, communication preferences, account status
Legal Compliance	All data as required by law or legal process

What We Don't Do

Never sell your data: We do not sell, rent, or trade personal information to third parties
Never train AI on your data: Your Customer Data is never used to train machine learning models
Never share with competitors: We do not share your data with competing legal tech platforms
No advertising: We do not use your data for targeted advertising

6. Legal Basis for Processing (GDPR)

Under GDPR, we must have a lawful basis for processing your personal data. We rely on the following:

6.1 Contract Performance

Processing necessary to provide the Service you've subscribed to, including:

Creating and managing your account
Providing access to platform features
Processing integrations with your systems
Delivering customer support

6.2 Legitimate Interests

Processing necessary for our legitimate business interests, such as:

Improving and developing our Service
Ensuring security and preventing fraud
Understanding how customers use our platform
Internal business operations and analytics

6.3 Legal Obligation

Processing required to comply with legal obligations, including:

Tax and accounting requirements
Responding to lawful requests from authorities
Maintaining records as required by law

6.4 Consent

Where we rely on consent (such as for marketing communications), you can withdraw it at any time.

8. Data Retention

8.1 Active Subscriptions

We retain your personal data and Customer Data for as long as your account is active and you're using our Service.

8.2 After Cancellation

90-Day Grace Period: After cancellation, you have 90 days to export your Customer Data
Permanent Deletion: After 90 days, all Customer Data is permanently deleted from our systems
Account Information: Basic account information may be retained for 7 years for legal and accounting purposes

8.3 Legal Requirements

Some data must be retained longer to comply with legal obligations:

Financial records: 7 years (UK tax law requirement)
Audit logs: 7 years (security and compliance)
Legal claims: Duration of claim plus 7 years

9. Data Security

We implement robust security measures to protect your data:

9.1 Technical Measures

Encryption: AES-256 encryption at rest, TLS 1.3 in transit
Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA)
Network Security: Firewalls, DDoS protection, intrusion detection
Regular Testing: Penetration testing and vulnerability assessments

9.2 Organizational Measures

Staff training on data protection and security
Strict access controls limiting data access to necessary personnel
Regular security audits and compliance reviews
Incident response procedures

9.3 Data Breach Notification

In the unlikely event of a data breach affecting your personal data, we will:

Notify you within 72 hours of becoming aware
Report to relevant supervisory authorities as required
Take immediate action to contain and remedy the breach
Provide clear information about what happened and what steps you should take

For detailed security information, see our Security & Compliance page.

10. Your Data Protection Rights

Under GDPR and UK data protection law, you have the following rights:

10.1 Right to Access

You can request a copy of all personal data we hold about you. We will provide this within 30 days at no charge.

10.2 Right to Rectification

You can update or correct inaccurate personal data through your account settings or by contacting us.

10.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. We will comply unless we have a legitimate reason to retain it (such as legal obligations).

10.4 Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances.

10.5 Right to Data Portability

You can export your Customer Data at any time in a structured, machine-readable format (CSV, JSON).

10.6 Right to Object

You can object to processing based on legitimate interests or for marketing purposes.

10.7 Right to Withdraw Consent

Where we rely on consent, you can withdraw it at any time without affecting prior processing.

10.8 Right to Complain

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority.

To exercise any of these rights, contact us at privacy@cognifylegal.com

We will respond to all requests within 30 days.

11. Cookies & Tracking Technologies

11.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our Service.

11.2 Cookies We Use

Type	Purpose	Duration
Essential Cookies	Required for the Service to function (authentication, security)	Session or 1 year
Functional Cookies	Remember your preferences and settings	1 year
Analytics Cookies	Help us understand how users interact with our Service (anonymized)	2 years

11.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect Service functionality.

12. International Data Transfers

Your data is primarily stored in UK and EU data centers. If we transfer data outside the UK/EEA, we ensure adequate protection through:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions recognizing equivalent data protection
Additional safeguards as required by GDPR

Enterprise clients can request data residency in specific regions.

13. Children's Privacy

Our Service is not intended for individuals under 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately at privacy@cognifylegal.com.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

Notify you via email of material changes at least 30 days in advance
Update the "Last Updated" date at the top of this page
Post a notice on our website for significant changes

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

For privacy-related questions, concerns, or to exercise your data protection rights:

Data Protection Officer: privacy@cognifylegal.com
General Inquiries: hello@cognifylegal.com
Security Issues: security@cognifylegal.com

Postal Address:
Cognify Legal Limited
[Company Registered Address]
United Kingdom

Supervisory Authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113

Questions About Your Privacy?

If you have questions about how we handle your data or want to exercise your privacy rights, we're here to help.

privacy@cognifylegal.com