Privacy Policy

Your data.
Explained plainly.

How Cognlay handles account, workspace, mailbox, lead, reply, and sequence data.

Last updated: May 5, 2026

Plain-English trust summary

What we will and will not do with your data.

  • We do not sell your lead, mailbox, reply, or sequence data.
  • We do not use your email content to train general-purpose AI models.
  • We do not use the Gmail API or request Google OAuth scopes.
  • You can disconnect mailbox access — Cognlay stops immediately.
01

Overview

Cognlay provides a governed AI SDR system for lead sourcing, outbound drafting, reply handling, sender safety, and learning. This Privacy Policy explains how we collect, use, protect, and store your data when you use the platform.

02

Information We Collect

We collect account information, workspace settings, team member details, uploaded or sourced lead data, sequence configuration, usage data, draft feedback, engagement metrics, reply content, and the email metadata needed to operate outbound workflows.

03

How We Use Information

We use your information to deliver the service, source and enrich leads, generate and review drafts, send configured emails through your connected mailbox, detect replies, maintain thread context, provide analytics, improve product quality, and provide customer support.

04

Data Processing & AI

Cognlay may use AI model providers such as Google for model inference. Relevant lead, sequence, draft, and thread context may be sent to generate suggestions, follow-ups, and quality checks. We limit processing to the context required to provide the features you request.

05

Connected Mailbox Access

Cognlay connects to email inboxes through SMTP and IMAP. SMTP is used to send configured outbound emails. IMAP is used to detect replies, maintain thread context, and avoid continuing automated follow-ups after a prospect responds. Cognlay does not use the Gmail API, does not request Google OAuth scopes, and does not collect your Google password.

06

No Google API or OAuth Scopes

Cognlay does not use Google APIs for mailbox access and does not request Google Drive, Calendar, Gmail API, or other Google product scopes. If you connect a Google Workspace or Gmail mailbox, the connection is handled through SMTP and IMAP settings or app-password style credentials supported by your mailbox provider.

07

Mailbox Credentials

Mailbox credentials or tokens used for SMTP/IMAP access are stored securely and used only to provide the outbound workflows you configure. You can disconnect a mailbox in Cognlay at any time. You can also revoke or rotate mailbox credentials directly with your email provider.

08

Security Practices

We protect data using encryption in transit, encryption at rest where supported by our infrastructure providers, role-based access controls, token hygiene, and logging for sensitive operations. We are not currently SOC 2 Type II certified. We believe it is better to say that clearly than imply a certification we do not yet have.

09

Third-Party Service Providers

We use third-party services to operate Cognlay, including mailbox providers through SMTP/IMAP, AI model providers for inference, Clerk for authentication, database and hosting providers, and payment processors. Providers may process data only as needed to deliver the services we request.

10

Data Retention

Active accounts: we retain data while your account is active. Deleted accounts: account data is deleted or anonymized within 30 days where technically and legally feasible. Mailbox disconnection: we stop accessing new mailbox data immediately and delete stored credentials within 30 days.

11

Your Rights

You have the right to access your data, correct inaccurate information, export your data in a machine-readable format, delete your account and associated data, and disconnect or rotate mailbox access. To exercise these rights, email support@cognlay.com.

12

International Data Transfers

Data is processed and stored using our service providers and infrastructure. If you are outside our primary processing region, your data may be transferred internationally. We take steps to ensure our providers comply with applicable data protection laws.

13

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date and may communicate material changes via email. Continued use of the service after changes constitutes acceptance.

14

Contact

Privacy, security, and support questions: support@cognlay.com.

Questions about data handling? support@cognlay.com