Privacy Policy

Cogneez (“we”, “us”) is an exam-preparation platform for medical professionals, operated from South Africa. This policy explains what personal information we collect, why, and the rights you have under the Protection of Personal Information Act, 2013 (POPIA). We collect the minimum we need to run a study platform — and we never sell your information.

What we collect

Account details. Your name, email address and password (stored as a one-way hash by our authentication provider). If you sign in with Google, we receive your name, email and profile picture from Google instead of a password. Optionally — only if you choose to provide them — your training level, speciality and gender, which help us personalise your study guidance.

Study activity. Your reading progress, practice-question answers, revision schedule, diagnostic results, and any study plan you set (such as an exam date and daily study minutes). This is the core of the product: it powers your progress tracking, spaced repetition and daily plan.

Feedback. Anything you send through the feedback and rating controls, together with the page it was sent from and basic device information, so we can reproduce problems and reply.

Notifications. If you enable push notifications, a push subscription for your device. If you opt in to WhatsApp reminders (where offered), your phone number and your consent record. Both are optional and can be switched off in Settings at any time.

Payments. When paid subscriptions are active, payments are processed by Stripe. We never see or store your card number — we store only a customer reference and your subscription status.

Usage analytics. We use PostHog (hosted in the EU) to understand how the product is used. Analytics events are linked to a random identifier, not to your email address.

What we use it for

• Providing the service: your account, content access, progress and revision engine.
• Personalising study guidance (for example, what to revise next).
• Sending the notifications you asked for.
• Processing subscriptions and trials.
• Improving content and fixing problems, using feedback and aggregate usage.
• Meeting our legal obligations.

We do not sell personal information, and we do not use it for third-party advertising.

Where it lives

Your data is stored with Supabase on servers in the European Union (Ireland), and the application is served by Vercel’s global network. POPIA permits transfers like these where the recipient is bound by adequate protection (section 72); our providers are bound by their data-processing agreements and GDPR-grade safeguards.

How long we keep it

For as long as you have an account. If you delete your account (Settings → Delete account), your account and personal records are deleted; residual copies in encrypted backups roll off on the backup cycle. Feedback you submitted may be retained without your identity attached.

Your rights (POPIA)

• Access the personal information we hold about you.
• Ask us to correct or delete it (deletion is self-service in Settings).
• Object to processing, or withdraw a consent you gave (for example, notifications).
• Complain to the Information Regulator (South Africa) — inforegulator.org.za.

Security

All traffic is encrypted in transit (HTTPS). Data is encrypted at rest by our providers. Access to personal information is restricted by row-level security and service-role controls; answers and study state are only ever written server-side.

Children

Cogneez is intended for medical professionals and students aged 18 and over.

Contact

Questions or requests: use the feedback form in Settings, or email cogneez@gmail.com. We will respond within a reasonable time, and in any event within the periods POPIA requires.

Changes

If this policy changes materially, we will update the date above and flag it in the app. See also our Terms of Use.