Privacy
Privacy Policy
Last updated: 7 July 2026
CogniForge AI Inc. ("CogniForge AI", "we", "us") respects your privacy and is committed to protecting personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable British Columbia privacy law. This policy explains what we collect, why we collect it, how we use and disclose it, and the rights available to you.
1. Organization identity & accountability
Data controller: CogniForge AI Inc., 1188 West Georgia Street, Suite 2000, Vancouver, BC V6E 4A2, Canada. Business Number: BN 917452683 BC0001.
Privacy contact: [email protected] · +1 (604) 558-3921
We have designated responsibility for privacy compliance to studio leadership and maintain internal procedures for handling enquiries, complaints and breach response.
2. Scope
This policy applies to personal information collected through cogniforgeai.life, enquiry forms, email and telephone communications, client engagements, and related business activities. It does not cover third-party websites linked from our pages. Client engagements may be governed by additional data-processing agreements when we handle information on your behalf as a service provider.
3. What personal information we collect
Website visitors
- Contact form submissions: name, email, organization, message content, enquiry type.
- Technical data: IP address, browser type, device identifiers, pages viewed, referring URL, timestamps.
- Cookie and analytics data where you have consented — see our Cookie Policy.
Prospective and current clients
- Business contact details: name, title, email, phone, organization, billing address.
- Project correspondence, statements of work, invoices and payment records.
- Access credentials or invitations you provide for integration work — handled under strict need-to-know access.
Client data processed in AI engagements
When you engage our applied-AI studio to build retrieval-augmented generation systems, assistants or automation, we may process documents, databases, tickets, communications and other content you supply ("client corpora"). That material may contain personal information about your employees, customers or partners. In those cases we act as a service provider processing data under your instructions and our contract — not as the primary decision-maker regarding that content's original collection.
4. Purposes of collection & legal bases
We collect personal information for purposes that a reasonable person would consider appropriate in the circumstances:
- Responding to enquiries: to evaluate fit, scope discovery sprints and provide quotes for custom AI builds.
- Delivering services: to design, build, evaluate and deploy generative-AI applications, knowledge systems, agents and related data pipelines.
- Contract administration: billing in CAD, project management, support and retainer obligations.
- Security & integrity: fraud prevention, abuse detection, honeypot filtering on forms, system logs.
- Legal compliance: tax, corporate records, responding to lawful requests.
- Website improvement: aggregated analytics where consented, to understand how visitors use our studio site.
We rely on consent (express for forms and cookies), contractual necessity, legitimate interests balanced against your expectations, and legal obligation as appropriate under PIPEDA's ten fair information principles.
5. Consent
We obtain meaningful consent before collecting personal information except where permitted or required by law. Contact form consent is collected via an unchecked checkbox confirming PIPEDA acknowledgement. You may withdraw consent for non-essential processing by contacting [email protected], subject to legal or contractual restrictions. Withdrawal may limit our ability to respond or continue certain services.
6. Use limitation & retention
We use personal information only for the purposes identified above or with additional consent. Retention periods depend on context:
- Enquiry records: up to twenty-four months unless an engagement proceeds.
- Client project records: duration of engagement plus seven years for contractual and tax purposes unless a shorter period is agreed.
- Model training data: client corpora are used for inference and agreed evaluation unless a contract explicitly authorizes fine-tuning; raw corpora are deleted or returned per statement of work.
- Server logs: typically ninety days.
- Cookie consent preferences: six months in browser storage.
When retention ends, we securely delete or anonymize information.
7. Client-data & model-data handling
Building knowledge-grounded AI requires careful boundaries. By default:
- Your documents are processed in isolated project environments with role-based access.
- We do not use your client corpora to train general-purpose models for other customers without written authorization.
- Embeddings, indexes and derived artifacts are treated as confidential deliverables or deleted per contract.
- Sub-processors (cloud LLM APIs, vector databases, hosting) are disclosed and governed by data-processing terms.
- Cross-border transfers, when necessary, use contractual safeguards and documented risk assessment.
Human-in-the-loop review is part of our responsible-AI practice; automated outputs may contain errors and are not guaranteed accurate.
8. Disclosure to third parties
We may disclose personal information to:
- Infrastructure and email providers hosting cogniforgeai.life and business systems.
- Analytics vendors when you consent to analytics cookies.
- Professional advisers (legal, accounting) under confidentiality.
- Authorities when required by law or to protect rights and safety.
We do not sell personal information. We do not disclose client corpora to unrelated third parties for their marketing.
9. Security safeguards
We implement administrative, technical and physical measures appropriate to sensitivity: encryption in transit (TLS), access controls, least-privilege accounts, secure development practices for API integrations, and staff confidentiality obligations. No method is perfectly secure; we maintain incident response procedures and will notify affected parties and regulators of breaches as required by law.
10. Individual access & correction rights
Under PIPEDA you may request access to personal information we hold about you and ask for correction if it is inaccurate or incomplete. Submit requests to [email protected] with sufficient detail to verify identity. We respond within thirty days unless an extension is permitted. We may charge a minimal fee for transcription where allowed.
If we refuse a request, we will explain why and outline complaint options.
11. Cookies & similar technologies
Our website uses essential cookies for basic operation and, with consent, analytics cookies. Details including vendors, durations and opt-out instructions are in our Cookie Policy. You may change preferences via the site banner or browser settings.
12. Children's privacy
Our services target business clients. We do not knowingly collect personal information from individuals under sixteen through this website.
13. Complaints to the Privacy Commissioner
If you believe we have not addressed your privacy concern adequately, you may contact:
Office of the Privacy Commissioner of Canada
30 Victoria Street, Gatineau, QC K1A 1H3
Toll-free: 1-800-282-1376
www.priv.gc.ca
We encourage you to contact us first so we can try to resolve the matter directly.
14. International visitors
While we focus on Canadian businesses, visitors from outside Canada may submit enquiries. Information may be processed in Canada and, where disclosed, in other jurisdictions with different privacy laws. By contacting us you acknowledge this transfer for the purposes described.
15. Changes to this policy
We may update this Privacy Policy to reflect legal, technical or business changes. The "Last updated" date at the top will change accordingly. Material changes affecting client engagements will be communicated through appropriate channels. Previous versions are available on request.
16. Contact summary
CogniForge AI Inc.
1188 West Georgia Street, Suite 2000, Vancouver, BC V6E 4A2, Canada
Email: [email protected]
Phone: +1 (604) 558-3921
17. Accuracy & openness (PIPEDA Principle 6)
We take reasonable steps to ensure personal information is as accurate, complete and up to date as necessary for the purposes for which it is used. Clients should notify us promptly if contact or billing details change. For client corpora used in retrieval-augmented generation builds, accuracy of source documents remains the client's responsibility; we configure systems to reflect the sources provided and flag uncertainty when appropriate.
18. Safeguards in AI project environments
Applied-AI engagements introduce specific privacy considerations beyond a typical marketing website. When we provision vector indexes, embedding stores or evaluation datasets, we:
- Segment project environments per client unless a master agreement authorizes shared tenancy.
- Restrict production keys and administrative consoles to named personnel under confidentiality obligations.
- Log access to sensitive corpora for audit purposes during active engagements.
- Return or destroy artifacts at project end according to the statement of work.
- Document sub-processors and model API providers in appendices when personal information may transit their systems.
These measures supplement — not replace — your own privacy governance for data you control.
19. Marketing communications
We may send service-related updates to business contacts with whom we have an existing relationship or who have consented to receive them. You may opt out of non-essential marketing email at any time via unsubscribe instructions or by writing to [email protected]. Transactional messages about active projects are not marketing and may still be sent as necessary.
20. Record of processing activities (summary)
For transparency, the following table summarizes major processing activities on this website and in typical engagements:
- Enquiry handling: contact details and message content; retention up to twenty-four months; stored in Canada where practicable.
- Contract delivery: client contact data, billing records, project artefacts; retention per contract and tax law.
- Analytics (optional): aggregated visit metrics with consent; no sale of personal information.
- Security logging: IP and user-agent in server logs; short retention; used for abuse prevention.
Detailed records for specific client builds are maintained in project files available on request under NDA where appropriate. For questions about how a particular engagement processes personal information, contact your project lead or [email protected]. We respond to privacy enquiries within thirty days where PIPEDA applies.