This Privacy Policy ("Policy") describes how Cogtex ("Cogtex," "we," "us," or "our") collects, uses, discloses, retains, and protects information when you visit cogtex.ai (the "Site"), contact us, request an Audit, use services that reference this Policy, or otherwise interact with us in a business capacity.
Cogtex provides operations, automation, data integration, reporting, internal tooling, AI-assisted workflow, and related implementation services for businesses. Because that work can involve customer systems, CRM records, communications platforms, accounting tools, jobsite media, employee workflows, and customer-selected software, this Policy is written to cover the business-to-business data environments in which we operate.
1. Scope and Our Role
This Policy applies to information we process through the Site, our business development activities, Audits, customer engagements, support, communications, and related services. It does not apply to websites, products, or services operated by third parties, even if they are linked from the Site or integrated into a customer workflow.
In many situations, Cogtex determines how and why information is processed, such as when we manage Site analytics, respond to inquiries, evaluate prospective engagements, administer our business, or communicate with business contacts. In other situations, Cogtex processes information on behalf of a customer, such as when we access, connect, maintain, or support that customer's CRM, accounting, phone, messaging, scheduling, field operations, data warehouse, AI workflow, or other business systems. When we process Customer Data on behalf of a customer, the customer agreement, statement of work, access instructions, data-processing terms, and customer-configured system settings govern that processing.
2. Information We Collect
The information we collect depends on how you interact with us, what services a customer asks us to perform, which systems are connected, and what information is made available to us. Categories of information may include:
- Business contact information, such as name, email address, phone number, company name, job title, role, business address, and professional profile information.
- Inquiry and Audit information, such as workflow descriptions, tool-stack details, business goals, operational pain points, process notes, project requirements, budgets, timelines, and information submitted through forms, email, calls, meetings, or other channels.
- Customer Data, such as records, files, messages, events, metadata, configuration details, API responses, logs, reports, documents, database records, and other information from customer systems that we access or process to perform services.
- CRM and sales operations data, such as contacts, organizations, deals, leads, activities, notes, call records, text records, deal stages, custom fields, pipeline analytics, lost reasons, owner assignments, and follow-up history.
- Accounting, billing, and financial workflow data, such as invoices, estimates, payments, customer account records, vendor records, job costs, and other financial information available through customer-selected accounting or billing systems.
- Communications data, such as emails, Slack or similar workspace messages, phone calls, text messages, voicemails, MMS messages, meeting notes, call recordings, transcripts, summaries, sender and recipient information, timestamps, attachments, and message delivery metadata.
- Field operations and project data, such as appointment records, scheduling details, inspection notes, jobsite addresses, project photos, videos, captions, property information, service history, work status, and related operational records.
- Authentication and access data, such as authorized user identifiers, permission scopes, access tokens, refresh tokens, API keys, OAuth grants, session information, role assignments, and audit logs, where needed to connect or support customer systems.
- AI workflow data, such as prompts, tool calls, retrieved business records, agent decisions, suggestions, generated summaries, approvals, rejections, feedback, output logs, and human review activity associated with AI-assisted workflows.
- Site and device information, such as IP address, browser type, device type, operating system, pages viewed, referring pages, timestamps, log data, approximate location derived from IP address, cookie identifiers, and similar diagnostic or analytics information.
- Business administration information, such as proposal records, statements of work, invoices, payment status, tax information, vendor information, contract records, support requests, and correspondence.
We do not intentionally collect consumer health information, protected health information, cardholder data, government-issued identification numbers, or other highly regulated personal information unless an applicable agreement expressly requires it and appropriate handling terms are in place. Customers should not provide those categories of information to Cogtex unless they are necessary for the agreed services.
3. Sources of Information
We collect information from you, your company, customer-authorized users, customer-selected systems, third-party platforms, service providers, business partners, publicly available sources, and our own Site, systems, logs, and records. We may also receive information when customers invite us into their software tools, create accounts for us, authorize API access, share credentials or tokens through an approved method, export reports, upload files, forward messages, or ask us to review communications, recordings, photos, workflows, or operational data.
4. How We Use Information
We use information for business and operational purposes, including to:
- respond to inquiries, schedule meetings, run Audits, prepare proposals, and evaluate whether Cogtex services are a fit;
- map business processes, analyze tool stacks, identify workflow gaps, prepare implementation plans, and recommend operational changes;
- configure, connect, test, monitor, and maintain customer systems, databases, APIs, webhooks, dashboards, reports, portals, automations, and internal tools;
- sync information between customer-selected systems, such as CRM, accounting, phone, messaging, scheduling, field operations, project management, analytics, and billing tools;
- build and support AI-assisted workflows, including retrieval, summarization, classification, routing, risk-flagging, coaching prompts, draft notes, recommended actions, and human approval flows;
- process business communications, including email, phone, SMS, MMS, voicemail, Slack or similar workspace messages, call transcripts, and meeting records, where needed to provide services or support customer workflows;
- support SMS, MMS, A2P 10DLC, consent, opt-out, HELP, STOP, delivery, and compliance-related workflows when a customer asks us to implement or maintain messaging infrastructure;
- troubleshoot errors, debug integrations, validate data quality, prevent duplicate records, investigate failed jobs, monitor system health, and maintain security logs;
- administer customer relationships, invoices, payments, contracts, support, account management, vendor management, and business records;
- operate, maintain, secure, measure, and improve the Site, our internal systems, and our services;
- send administrative messages, service updates, security notices, and non-marketing business communications;
- send marketing communications to business contacts where permitted by law, subject to any available opt-out rights;
- protect Cogtex, customers, users, systems, and the public from fraud, misuse, unauthorized access, security incidents, legal claims, or other harmful activity; and
- comply with law, legal process, tax, accounting, audit, contractual, and regulatory obligations.
5. Customer Data and Authorized Access
Customer Data is information that Cogtex processes on behalf of a customer in connection with an Audit, implementation, support arrangement, managed workflow, or other customer engagement. Customer Data may include personal information about a customer's employees, contractors, vendors, prospects, customers, property owners, tenants, callers, message recipients, field crews, office staff, and other business contacts.
We access Customer Data only as reasonably necessary to provide the agreed services, follow customer instructions, maintain and troubleshoot customer workflows, protect security, comply with law, or as otherwise permitted by the applicable customer agreement. Customers are responsible for ensuring they have the rights, notices, consents, permissions, and legal basis needed to make Customer Data available to Cogtex and to the third-party systems they ask us to connect.
Cogtex may receive administrative, developer, API, or service-account access to customer systems. Customers should provision access using least-privilege permissions where practical, remove access when no longer needed, and avoid sending passwords, tokens, or secrets through insecure channels. Where credentials, tokens, or keys are required for an engagement, we use them for the authorized purpose and handle them as confidential operational information.
6. AI-Assisted Workflows
Some Cogtex services involve AI-assisted systems that retrieve, summarize, classify, route, analyze, or draft content based on business data. These systems may process CRM records, communication threads, call transcripts, notes, project data, accounting records, jobsite media metadata, and other Customer Data when the customer has authorized that use case.
AI-assisted workflows can generate suggestions, summaries, draft notes, risk signals, coaching prompts, or recommended actions. Unless a customer agreement or workflow design states otherwise, AI outputs are not a substitute for human review, professional judgment, or legally required approvals. For workflows that write back to important business systems, Cogtex may design approval, logging, rollback, or audit mechanisms appropriate to the use case.
We do not use Customer Data to train foundation models for unrelated customers unless the customer authorizes that use. Third-party AI providers may process Customer Data as subprocessors or service providers when they are part of a customer-authorized workflow, and their processing is also subject to their applicable terms, settings, and commitments.
7. Communications, Calls, SMS, and Messaging
Cogtex may help customers implement or support business communication workflows, including phone systems, call recording, voicemail, call summaries, transcription, SMS, MMS, appointment reminders, project updates, estimate follow-ups, inspection scheduling, customer support messages, and internal workspace communications.
Where Cogtex processes communication content or metadata for a customer, the customer is responsible for any notices, consents, opt-ins, opt-outs, call-recording disclosures, telecommunications compliance, messaging registration, and recipient-permission requirements applicable to its business. Cogtex may assist customers with implementation details, such as STOP and HELP handling, opt-out records, delivery logs, and A2P 10DLC registration materials, but the customer remains responsible for the messages it sends and the contacts it chooses to message.
8. How We Disclose Information
We do not sell personal information. We disclose information only as described in this Policy, as instructed by a customer, as permitted by an applicable agreement, or as required or permitted by law. Disclosure categories may include:
- Service providers and subprocessors, including providers of hosting, cloud infrastructure, databases, communications, email, analytics, AI services, automation, security, logging, development, project management, billing, payments, document signing, customer support, and business administration.
- Customer-selected platforms, including CRM, accounting, phone, messaging, field operations, scheduling, project management, document, payment, data, AI, and other systems a customer asks us to connect, configure, or support.
- Customer-authorized users and administrators, including people at a customer organization who have access to dashboards, reports, logs, records, summaries, approvals, or workflow outputs.
- Professional advisors, such as lawyers, accountants, auditors, insurers, banks, and other advisors where reasonably necessary for business administration, compliance, or risk management.
- Legal, safety, and rights-related recipients, where we believe disclosure is required by law, subpoena, court order, legal process, regulatory request, contractual obligation, security investigation, or a good-faith need to protect rights, property, safety, customers, systems, or the public.
- Business transaction recipients, in connection with a merger, acquisition, financing, reorganization, sale of assets, transfer of business, bankruptcy, diligence process, or similar transaction involving Cogtex.
- Affiliates, contractors, and personnel, where they need access to perform work for Cogtex or a customer and are subject to appropriate confidentiality or access obligations.
9. Third-Party Services and Customer-Selected Tools
Cogtex work often involves third-party business software, cloud services, APIs, automation tools, analytics services, communication systems, payment providers, AI providers, and customer-selected applications. Those providers process information under their own terms, privacy policies, data-processing terms, and customer-configured settings. Cogtex does not control third-party services and is not responsible for their availability, security, performance, retention, content, or independent privacy practices.
When a customer asks Cogtex to connect two or more systems, information may move between those systems according to the customer's instructions, the workflow design, and the settings available in those platforms. The customer is responsible for reviewing and approving the systems it uses, the data it stores in them, the users it grants access to, and the processing rules it configures.
10. Cookies and Similar Technologies
The Site may use cookies, local storage, analytics, logs, and similar technologies to operate the Site, understand basic usage, diagnose issues, preserve preferences, and improve performance. You can control cookies through your browser settings, although some features may not work properly without them.
11. Deidentified and Aggregated Information
We may create or use aggregated, anonymized, or deidentified information for analytics, benchmarking, service improvement, security, planning, and business reporting. We do not use deidentified information to identify a person except where permitted by law, such as to test whether our deidentification processes are effective.
12. Data Retention
We retain information for as long as reasonably necessary for the purposes described in this Policy, including to provide services, maintain records, resolve disputes, enforce agreements, comply with legal obligations, and protect our business and customers. Retention periods vary by information type, relationship, service history, and applicable requirements.
Customer Data retention may also depend on the customer's instructions, connected-system retention settings, support needs, backup cycles, security logs, applicable statements of work, and legal or accounting requirements. Some information may remain in backups, logs, archives, or third-party systems for a limited period after deletion from active systems.
13. Security
We use administrative, technical, and organizational safeguards designed to protect information from unauthorized access, disclosure, alteration, and destruction. Safeguards may include access controls, least-privilege practices, authentication controls, encrypted transport, credential management practices, logging, monitoring, vendor review, confidentiality obligations, backup practices, and internal procedures appropriate to the nature of the information and the engagement.
No system is perfectly secure, and we cannot guarantee the absolute security of information transmitted to or stored by us or by customer-selected third-party systems. Customers are responsible for maintaining appropriate security in their own systems, users, devices, credentials, and third-party accounts.
14. International Processing
Cogtex is based in the United States. We and our service providers may process information in the United States and other locations where we or they operate. These locations may have data protection laws that differ from those in your jurisdiction. Where required, we use appropriate safeguards for cross-border transfers.
15. Privacy Rights and Choices
Depending on where you live and the nature of your relationship with us, you may have rights to request access to, correction of, deletion of, portability of, or restriction of certain personal information. You may also have the right to object to certain processing or to opt out of certain communications. To exercise a right, contact us using the information below. We may need to verify your identity and may decline or limit a request where permitted by law, including when information is processed on behalf of a customer or must be retained for legal, security, contractual, accounting, or operational reasons.
If your request concerns information Cogtex processes on behalf of one of our customers, we may refer your request to that customer or process it according to that customer's instructions. The customer is often the party best positioned to respond to requests involving its employees, contractors, prospects, customers, message recipients, jobsite records, or business systems.
You may unsubscribe from marketing emails by using the unsubscribe mechanism in the message or by contacting us. You may opt out of certain text messages by replying STOP where that option is made available. Even if you opt out of marketing or non-essential messages, we may still send transactional, administrative, service, security, or legally required communications.
16. U.S. State Privacy Notices
Some U.S. state privacy laws require specific disclosures. Depending on the circumstances, Cogtex may collect the categories of personal information listed in Section 2, use them for the purposes listed in Section 4, and disclose them to the recipient categories listed in Section 8. We do not sell personal information. We do not knowingly sell or share personal information of children under 16. We do not use sensitive personal information to infer characteristics about a person unless permitted by law or authorized as part of a customer engagement.
We also do not share personal information for cross-context behavioral advertising as that term is defined by California law, unless we provide any required notice and opt-out mechanism. If you believe a state privacy law gives you a right that is not addressed here, contact us and we will review your request.
17. Children's Privacy
The Site and Cogtex services are intended for business use and are not directed to children. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will take reasonable steps to delete it.
18. Changes to This Policy
We may update this Policy from time to time by posting a revised version on the Site and updating the effective date above. If we make material changes, we may provide additional notice where required by law or where appropriate under the circumstances. Your continued use of the Site or services after a revised Policy takes effect means the revised Policy applies to that use.
19. Contact Us
Questions or requests regarding this Policy may be directed to:
Cogtex
Email: hello@cogtex.ai