Cognlay logo
Start free

Legal

Privacy Policy

Effective date: January 25, 2026 • Last updated: February 16, 2026

Overview

Cognlay provides AI-assisted outbound email tools. This Privacy Policy explains how we collect, use, protect, and store your data when you use our platform at cognlay.com. If you have questions, contact us at developer@cognlay.com.

Information We Collect

We collect account information (name, work email, company name, role), workspace settings and team member details, usage data (sequences created/sent and outcomes, draft feedback, engagement metrics like opens/clicks/replies, and feature usage analytics), and email content and metadata (drafts, sent messages, replies, sender/recipient, subject lines, timestamps, message IDs, and thread history required for context-aware follow-ups).

How We Use Information

We use your information to deliver the service (generate drafts, send emails you approve, track engagement, and maintain thread context), provide analytics on outreach performance, improve AI-generated sequence quality, and provide customer support. We do not sell your data, use your data for advertising, or train general-purpose AI models using your email content.

Data Processing & AI

Cognlay uses the Anthropic Claude API for AI model inference. Email drafts and relevant context may be sent to the model to generate suggestions, follow-ups, and quality checks. We limit processing to the minimum required to provide the features you request.

Google User Data & Gmail Access

If you connect Gmail, Cognlay accesses Gmail message content and metadata strictly to: send emails you approve, detect replies to your outbound sequences, and maintain thread context for follow-ups. We collect only the minimum data required to operate these features.

Google API Limited Use Disclosure

Cognlay's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising or for training AI models unrelated to your sequences. You can revoke access at any time by disconnecting your Google account in Settings; we stop accessing new Gmail data immediately and delete stored tokens within 30 days.

Verification & OAuth Scopes

Cognlay is verified by Brain.fi for secure Google account integration. Our application scopes may be unverified by Google during early launch to reduce CASA audit cost. This does not change our data handling practices described in this Policy.

Security Practices

We protect data using encryption in transit (TLS) and at rest, role-based access controls, and audit logging for sensitive operations. We follow SOC 2-level security practices, but we are not currently SOC 2 Type II certified. In the event of a data breach, we will notify affected users within 72 hours via email.

Third-Party Service Providers

We use trusted third-party services to operate Cognlay, including Google (Gmail API for email sending/receiving and thread context), Anthropic (Claude API for AI inference), Paddle (payment processing), and Brain.fi (Google OAuth verification). We may also use cloud infrastructure and logging providers. Providers are contractually bound to protect your data and use it only to deliver the services we request.

Data Retention

Active accounts: we retain data while your account is active. Deleted accounts: data is permanently deleted within 30 days of account deletion. Google account disconnection: we stop accessing new Gmail data immediately and delete stored tokens within 30 days; cached email data is deleted within 90 days. Data may be retained longer if required by law or ongoing legal proceedings.

Your Rights

You have the right to access your data, correct inaccurate information, export your data in a machine-readable format, delete your account and associated data, and revoke Google account access. To exercise these rights, email developer@cognlay.com.

International Data Transfers

Data is processed and stored using our service providers and infrastructure. If you are outside our primary processing region, your data may be transferred internationally. We take steps to ensure our providers comply with applicable data protection laws.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last Updated” date and may communicate material changes via email. Continued use of the service after changes constitutes acceptance.

Contact

General questions: developer@cognlay.com. Support: support@cognlay.com.