Skip to main content

Privacy Policy

Last updated: 27 March 2026

Cognia (“we”, “us”, “our”) operates the Cognia AI study assistant platform at app.cognia.com.au. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Information We Collect

Account Information

  • Email address and name (collected via Clerk authentication)
  • Institution or university name (optional, provided during onboarding)
  • Whether your email domain is from an educational institution (used for student pricing eligibility)
  • Authentication tokens and session data (managed by Clerk)

Content You Create

  • Notes, documents, and flashcards
  • Chat conversations with AI models
  • Lecture recordings (audio files), transcriptions, and extracted study materials
  • Examination data and results
  • Knowledge base documents you upload
  • AI-generated memories and contextual preferences
  • Study planner tasks, goals, and scheduled sessions

Usage Data

  • Feature usage counts (messages sent, notes generated, lectures transcribed)
  • AI model token consumption and associated costs (for billing and limit enforcement)
  • App preferences (theme, selected AI model, view state)

Payment Information

  • Payment processing is handled entirely by Stripe, a PCI DSS Level 1 certified payment processor. We never receive, store, or have access to your full credit card number.
  • We store your Stripe customer ID and subscription status to manage your plan.

Information We Do Not Collect

  • We do not use third-party analytics, advertising, or tracking services.
  • We do not collect location data, device identifiers, or browsing history.

2. Legal Basis for Processing

We process your personal information on the following legal bases:

  • Contractual necessity: To provide the Cognia service you signed up for, including storing your content, processing it through AI models, and managing your subscription.
  • Legitimate interest: To monitor usage for service improvement, enforce plan limits, detect abuse, and maintain service security.
  • Consent: For optional features such as AI-generated memories and knowledge base uploads. You can withdraw consent by deleting this data at any time.
  • Legal obligation: To retain billing records as required by Australian tax law.

3. How We Use Your Information

  • Provide the service: Store your content, process it through AI models to generate responses, manage your subscription and access.
  • Enforce limits: Track usage to apply plan-based limits (free tier message caps, cost-based daily and weekly limits for paid plans).
  • Student pricing: Student pricing is applied automatically based on your email domain (e.g., .edu, .edu.au, .ac.uk). We do not verify actual student enrolment.
  • Support: Respond to support requests and troubleshoot issues.
  • Service improvement: Analyse anonymised, aggregated usage patterns to improve features. We do not use your content for this purpose.

4. Third-Party Services and Sub-Processors

To provide AI-powered features, your content is transmitted to and processed by third-party services. By using Cognia, you acknowledge that your content will be sent to these providers as necessary to fulfil your requests.

ProviderPurposeData Location
OpenAIChat, note generation, image generationUnited States
AnthropicChat and content generationUnited States
Google (Gemini)Chat and content generationUnited States
xAI (Grok)Chat, note generation, image generationUnited States
fal.aiLecture audio transcriptionUnited States
ClerkAuthentication and user managementUnited States
StripePayment processingUnited States
SupabaseDatabase hosting and file storageUnited States

Regarding AI model training: When we access AI providers via their API services, their current terms state that API inputs and outputs are not used to train their models. However, we cannot guarantee that these providers will not change their terms in the future. We will update this policy if we become aware of material changes to how our providers handle data.

5. International Data Transfers

Cognia is operated from Australia. However, your personal information is transferred to and processed in the United States by our third-party service providers listed above. By using Cognia, you consent to this transfer. We take reasonable steps to ensure that our providers maintain appropriate data protection standards, including reviewing their privacy policies and data processing agreements.

6. Data Storage and Security

  • Your data is stored in Supabase (PostgreSQL) hosted in the United States, with Row Level Security (RLS) policies ensuring users can only access their own data via the application.
  • File uploads (lecture recordings, documents) are stored in Supabase Storage with time-limited signed URLs for access control.
  • All data is transmitted over HTTPS/TLS encryption in transit.
  • Authentication is handled by Clerk with industry-standard session management.
  • We do not sell, rent, or trade your personal information to third parties for marketing purposes.
  • While we implement reasonable security measures, no system is perfectly secure. We cannot guarantee absolute security of your data.

7. Data Retention

  • Your content (notes, flashcards, lectures, chats) is retained for as long as your account is active.
  • You can delete individual items at any time through the application. Deleted content is permanently removed from our database.
  • If you request account closure, we will delete your personal data and content within a reasonable timeframe. Some data may be retained where required by law (e.g., billing records for tax purposes may be retained for up to 7 years as required by Australian tax law).
  • Anonymised, aggregated usage statistics may be retained indefinitely as they cannot be linked back to you.

8. Data Breach Notification

In the event of a data breach that is likely to result in serious harm to affected individuals, we will:

  • Notify the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme
  • Notify affected individuals as soon as practicable
  • Take reasonable steps to contain and remediate the breach

9. Your Rights

Under the Australian Privacy Principles and applicable laws, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention obligations)
  • Data portability: Export your content (notes, flashcards) through the application
  • Withdraw consent: Stop using optional features or close your account at any time
  • Complain: Lodge a complaint with the OAIC at oaic.gov.au if you believe we have handled your information improperly

To exercise these rights, contact us at admin@cognia.com.au. We will respond within 30 days.

10. Cookies and Local Storage

Cognia uses:

  • Authentication cookies: Set by Clerk to manage your login session. These are essential for the service to function and cannot be disabled.
  • Browser local storage: To save your preferences (theme, app mode, selected AI model). This data stays on your device and is not sent to our servers.
  • Session storage: To cache your subscription status for faster page loads. Cleared when you close the browser tab.

We do not use third-party tracking cookies, advertising cookies, or analytics services.

11. Children and Young People

Cognia is designed for students aged 16 and over. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a person under 16 without appropriate parental consent, we will delete that data promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

Users aged 16–18 should review this policy with a parent or guardian before using the service.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes (such as new categories of data collection, new third-party providers, or changes to your rights), we will notify users via email at least 14 days before the changes take effect. The “last updated” date at the top of this page will always reflect the most recent version.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or want to make a complaint, contact us at:

Email: admin@cognia.com.au
Website: cognia.com.au

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner:

Website: oaic.gov.au
Phone: 1300 363 992