Privacy Policy

1. Introduction & Scope

At Cognito Parental Control ("Cognito", "we", "us", or "our"), we hold the privacy and security of your family’s digital life as our highest priority. This comprehensive Privacy Policy governs the collection, processing, storage, and protection of personal data and device telemetry across the Cognito Parental Control web dashboard, mobile applications, and Android IoT Client software (collectively, the "Services").

By accessing, registering for, or utilizing our Services, you explicitly consent to the data practices detailed in this document. This policy is developed in strict alignment with global data protection regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Children's Online Privacy Protection Act (COPPA), and the Digital Personal Data Protection Act (DPDP Act, 2023).

2. Information We Collect & Telemetry Scope

To provide a seamless, real-time parental monitoring experience while minimizing privacy intrusion, Cognito operates on a principle of strict data minimization. We collect only the data absolutely necessary to render your parental dashboard and ensure device connection integrity.

3. Children's Privacy & COPPA Compliance

Cognito is fully committed to protecting the privacy of young children. In strict compliance with the Children's Online Privacy Protection Act (COPPA) and equivalent international child protection statutes, we enforce the following mandatory safeguards:

• Verifiable Parental Consent: Prior to pairing any child device, the parent or legal guardian must create a verified adult account and provide explicit consent for the collection of device telemetry.
• Mandatory Transparency (No Stealth Mode): To foster ethical parenting and comply with legal transparency mandates, the Cognito Android IoT Client maintains a persistent, non-removable notification on the child's device. Children are always aware when the parental connection is active.
• Parental Control & Revocation: Parents retain absolute control over their child's data. You may review collected telemetry, delete associated device profiles, or immediately terminate all data collection directly from your parent dashboard at any time.

4. Data Storage, Security & Retention

Protecting your family's data from unauthorized access is paramount. We implement industry-leading technical and organizational security measures across our entire infrastructure:

• Encryption in Transit & at Rest: All telemetry data transmitted between the child device, our servers, and your parent dashboard is secured using 256-bit SSL/TLS encryption. Data at rest is protected using advanced AES-256 encryption within our secure cloud persistence databases.
• Strict Access Controls: Access to infrastructure servers is strictly restricted to authorized key personnel via multi-factor authentication (MFA) and cryptographic keys.
• Data Retention Policy: Active device telemetry is stored only for as long as necessary to render your real-time parent dashboard. Upon account cancellation or deletion of a child profile, all associated telemetry and historical records are permanently and irreversibly purged from our active databases within 30 days.

5. Third-Party Sharing & Subprocessors

We maintain an uncompromising stance on data monetization: Cognito will never sell, rent, lease, or trade your family's personal data or device telemetry to third-party advertisers, data brokers, or marketing agencies under any circumstances.

We only share necessary data with trusted cloud infrastructure subprocessors (e.g., secure hosting providers, database clusters, and payment gateways) strictly for the purpose of operating our Services. All subprocessors are bound by rigorous data processing agreements (DPAs) that enforce confidentiality and security standards matching or exceeding our own.

6. Your Data Protection Rights (GDPR / CCPA / DPDP)

Depending on your jurisdiction, you possess robust legal rights regarding your personal data:

• Right to Access: You may request a complete export of all personal data and telemetry associated with your account.
• Right to Rectification: You may correct any inaccurate or incomplete personal information.
• Right to Erasure ("Right to be Forgotten"): You may request the permanent deletion of your account and all associated child device data at any time.
• Right to Restriction of Processing: You may request a temporary halt to data collection while a dispute or inquiry is being resolved.
• Right to Data Portability: You may obtain your data in a structured, commonly used, and machine-readable format.

To exercise any of these rights, please submit a formal Subject Access Request (SAR) to our Data Protection Officer at legal@cognito.com. We commit to acknowledging and fulfilling all legitimate requests within 30 calendar days.

7. Policy Updates & Contact Information

We may update this Privacy Policy periodically to reflect technological advancements, regulatory changes, or service enhancements. When significant modifications occur, we will notify you via email or through a prominent announcement on your parent dashboard prior to the changes taking effect.