Privacy Policy
Plain language first: CogniSource is local-first. Your workload data - tasks, notes, projects, milestones, and KRI history - stays in your browser unless you choose to save a backup to a folder you control, import meeting metadata from your Microsoft calendar, or use an AI feature. CogniSource does not run a workspace database for your personal workload data.
1. Who we are
CogniSource is currently a founder-operated pilot project based in Sweden. CogniSource may be used by pilot users in different countries. This policy explains how CogniSource handles personal data and includes specific rights for users in the EU/EEA under the General Data Protection Regulation (GDPR, EU 2016/679).
CogniSource is the data controller for the limited personal data described in this policy. Privacy requests can be sent to privacy@cognisource.io.
2. What we do not collect
Your workload data - tasks, notes, projects, milestones, KRI scores, and all content you create inside CogniSource - is stored in your local browser and, if you choose backup folder sync, in a backup file inside a folder you select. CogniSource does not store a copy of your workspace on our servers, except transiently when you use an AI feature (see Section 4).
We do not use tracking pixels, behavioural advertising, or third-party analytics that profile you across the web.
3. What we do collect
At the current pilot stage, CogniSource collects only limited information needed for support, pilot communication, optional AI use, optional Microsoft calendar connection, and optional calendar meeting import.
| Data | Why | Legal basis (GDPR) | Kept for |
|---|---|---|---|
| Contact details you voluntarily provide | Pilot communication, support, and responding to requests | Consent / legitimate interest (Art. 6(1)(a), Art. 6(1)(f)) | As long as needed for the pilot or support request, unless you ask us to delete it |
| Microsoft account identifier returned during sign-in | Optional calendar meeting import and showing which Microsoft account is connected | Consent / user request (Art. 6(1)(a)) | Stored in your browser account/token cache until you disconnect, clear browser storage, or revoke access in Microsoft |
| Microsoft calendar meeting metadata you choose to sync | Calculating meeting load and showing meeting activity in CogniSource | Consent / user request (Art. 6(1)(a)) | Stored locally in your browser workspace and included in your own backup file if you save or sync one |
| AI request content you choose to submit | Processing the specific AI feature you requested | Consent / user request (Art. 6(1)(a)) | Transient processing only; CogniSource does not intentionally retain AI request content |
We do not use behavioural advertising, tracking profiles, or third-party analytics that follow you across the web.
4. AI features and data processing
When you use an AI-assisted feature, the relevant content for that specific action is sent for processing by the configured AI provider. This may include task, note, project, meeting, interruption, or document content needed to complete the action you requested. The result is returned to you.
- This transmission is encrypted in transit (HTTPS/TLS).
- CogniSource does not intentionally log or retain the content of AI requests.
- AI providers process requests under their own privacy and data processing terms.
- You control what you send to an AI feature. Nothing is sent automatically without your action.
5. Backup folder and calendar sync
Backup folder sync is optional. If you choose it, your browser asks you to select a local folder. CogniSource writes one backup file named cognisource-workspace.json to that folder. If the folder is synced by OneDrive, Google Drive, Dropbox, or another sync tool, that service handles the cloud copy. CogniSource does not request Microsoft or Google file access for backup folder sync.
Calendar sync is optional and read-only. If you connect Microsoft and choose to sync calendar meetings, CogniSource uses Microsoft Graph Calendars.Read permission to read meeting metadata such as subject, start time, end time, availability state, privacy marker, and response status so it can calculate meeting load. Some work tenants may require admin approval before calendar sync can be used. CogniSource excludes private, out-of-office, declined, tentative, and not-yet-accepted events from meeting load. CogniSource does not create, edit, delete, or send calendar events.
You can disconnect in CogniSource, clear your browser storage, or revoke access from your Microsoft account or your organization's Enterprise Applications settings.
6. Third-party services
| Service | Purpose | Data shared |
|---|---|---|
| Microsoft identity platform and Microsoft Graph | Optional Microsoft sign-in and read-only calendar meeting import | Microsoft account identifier, browser-held access token, and meeting metadata you choose to sync |
| Anthropic or configured AI provider | AI feature processing | Content you choose to send to AI features, transiently. |
| Hosting provider | Hosting the public website and application files | Standard server logs, such as IP address and request metadata, retained under the hosting provider's policy. |
We do not sell, rent, or share your personal data with any third party for marketing purposes.
7. Your privacy rights
Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to the processing of your personal data. If you are in the EU/EEA, these include rights under the GDPR:
- Access - request a copy of the personal data we hold about you.
- Rectification - ask us to correct inaccurate data.
- Erasure - request deletion of your personal data ("right to be forgotten").
- Portability - receive your data in a structured, machine-readable format.
- Objection - object to processing based on legitimate interest.
- Restriction - request that we limit processing while a dispute is resolved.
- Withdraw consent - where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us using the contact method described in Section 9. We will respond within 30 days where required by applicable law.
If you are in the EU/EEA, you may also have the right to lodge a complaint with your local data protection authority.
8. Cookies and browser storage
CogniSource uses only technically necessary storage mechanisms (localStorage and sessionStorage in your browser) to maintain your session, store your workspace data locally, remember your chosen backup folder permission where supported, and support optional Microsoft sign-in state for calendar sync. We do not use advertising cookies, tracking cookies, or third-party cookies.
No cookie consent banner is required for strictly necessary storage under GDPR and the ePrivacy Directive.
9. Contact and data requests
For any privacy-related request, question, or complaint, contact privacy@cognisource.io. General product or pilot questions can be sent to hello@cognisource.io. We aim to respond to privacy requests within a reasonable time and within 30 days where required by applicable law.
If applicable, you may also contact your local data protection authority.
10. Changes to this policy
We may update this Privacy Policy from time to time. The effective date at the top of this page will reflect the most recent revision. For material changes, we will make the updated policy available through the website or application.