Cognlay is new, so trust has to be earned clearly. Here is what the app accesses, what it avoids, and how we reduce avoidable risk around your inbox, leads, and sender reputation.
No Google password collection
No selling lead or mailbox data to third parties
No Gmail API, Drive, Calendar, or Google OAuth scopes
No AI training on customer email content
Cognlay uses HTTPS/TLS for all data in transit. Stored workspace data and mailbox credentials are protected using encryption and provider-backed security controls.
Cognlay connects to mailboxes through provider-supported SMTP and IMAP settings only. We do not use the Gmail API, request Google OAuth scopes, or collect your Google password.
SMTP sends configured emails. IMAP detects replies and maintains thread context. Cognlay is not designed for general inbox browsing outside your configured sequences.
We use role-based access controls, production access hygiene, dependency scanning, and logging around sensitive operations.
Workspace data is logically separated per account. AI requests are built from the specific lead, sequence, draft, and thread context needed for that action only.
We monitor important system activity and notify affected users when required by applicable law following a confirmed security incident.
SMTP sendSend configured outbound emails onlyIMAP readReply detection and thread context for safetyCredential storageEncrypted — revocable by rotating your mailbox passwordWe do not request access to Drive, Calendar, or unrelated Google products. Cognlay does not use Gmail API scopes. Disconnecting the mailbox or rotating credentials stops all new access immediately.
Authorized Cognlay personnel may access workspace data only when needed for support, security, abuse prevention, or service operation. Sensitive operations are designed to be logged and reviewed.
Cognlay uses managed cloud infrastructure. We keep this honest: infrastructure providers may process data in their supported regions, and we avoid claiming a fixed residency guarantee until one is contractually available.
The app processes message content and metadata for reply detection, thread context, and follow-up safety. Human access is limited to authorized support or security needs only.
Cognlay stops accessing new mailbox data immediately. Stored mailbox credentials are deleted within 30 days, and cached thread context is deleted or anonymized per the privacy policy.
No. Cognlay does not use your mailbox content, lead data, replies, or sequence data to train general-purpose AI models.
Still have questions? Email hello@cognlay.com — Jay responds to every security question personally.