Privacy Policy
This Privacy Policy explains how Digital Command, LLC ("Company," "we," "us," or "our"), the maker of Cognistry, collects, uses, discloses, and protects information when you use our website, applications, and related services (collectively, the "Service").
This policy applies to visitors to our marketing website, prospective and current customers, and authorized users of Cognistry acting on behalf of a customer organization ("Customer"). If you are an end user accessing Cognistry through an organization that has licensed our Service (for example, an employee completing training assigned by your employer), please also refer to your organization's own privacy notices, as your organization may control certain settings and data as the data controller.
1. Information We Collect
1.1 Information you provide directly
- Account and contact information: name, work email, job title, company name, and password (or single sign-on identifier) when you or your organization creates an account.
- Communications: information you send us through contact forms, support requests, sales inquiries, or surveys.
- Customer content: content your organization uploads or creates within Cognistry, such as course materials, learning objectives, assessment content, and related documents.
1.2 Information collected automatically
- Usage data: pages viewed, features used, session duration, click and navigation patterns, and timestamps.
- Device and technical data: IP address, browser type, operating system, device identifiers, and referring URLs.
- Learning and capability telemetry: when the Service is used for training or capability development, we collect activity and completion data tied to a learner's account (for example, course progress, assessment responses, and capability proof records) as configured by the Customer organization.
- Cookies and similar technologies: see Section 6 below.
1.3 Information from third parties
- Identity providers: if your organization connects Cognistry to a single sign-on (SSO) or identity provider (IdP), we receive the account information your organization has configured to share (for example, name, email, and role).
- Service providers: information from vendors who help us operate the Service (see Section 4).
2. How We Use Information
We use the information we collect to:
- Provide, operate, and maintain the Service, including authenticating users and delivering assigned learning content.
- Generate capability and completion records, telemetry, and reporting requested by the Customer organization.
- Communicate with you about your account, updates, security notices, and support requests.
- Improve and develop the Service, including monitoring performance and diagnosing issues.
- Maintain the security and integrity of the Service, including detecting fraud, abuse, and unauthorized access.
- Comply with legal obligations and enforce our agreements.
- With your consent, send marketing communications (you may opt out at any time).
We do not use Customer content or learner data to train general-purpose AI models without explicit authorization from the Customer organization.
3. Legal Bases for Processing (EEA/UK Users)
If you are located in the European Economic Area or United Kingdom, we process personal data under one or more of the following legal bases: performance of a contract, our legitimate interests in operating and securing the Service, compliance with a legal obligation, and, where applicable, your consent.
4. How We Share Information
We do not sell personal information. We may share information as follows:
- Service providers and subprocessors: vendors who perform services on our behalf, such as cloud hosting, database infrastructure, analytics, customer support tooling, and AI content-generation features. These providers are contractually bound to protect information and use it only to provide services to us. [Insert link to current subprocessor list if maintained.]
- Within your organization: administrators and authorized roles within your Customer organization may access learner activity and capability records as configured by that organization, since the organization is typically the data controller for its learners.
- Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.
- Legal requirements: where required to comply with applicable law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of the Company, our users, or others.
- With your consent: for any other purpose disclosed to you at the time of collection.
5. Data Retention
We retain personal information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods for Customer content and learner records are governed by the agreement between the Company and the relevant Customer organization. Upon termination of a Customer's subscription, data is retained or deleted in accordance with that agreement and applicable law, including any regulatory record-retention requirements applicable to regulated industries.
6. Cookies and Tracking Technologies
We use cookies and similar technologies to operate the Service, remember preferences, authenticate sessions, and understand usage patterns. You can control cookies through your browser settings; disabling certain cookies may affect Service functionality. [Insert link to cookie preference center if applicable.]
7. Data Security
We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, access controls, and audit logging. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8. International Data Transfers
If we transfer personal information across borders, we use appropriate safeguards required by applicable law, such as Standard Contractual Clauses, where applicable.
9. Your Rights and Choices
Depending on your location, you may have rights to access, correct, delete, or port your personal information, object to or restrict certain processing, and withdraw consent. To exercise these rights, contact us at [privacy@yourdomain.com]. If your access to the Service is through an employer or other organization, we may direct certain requests to that organization, as it may control the relevant data.
California residents may have additional rights under the California Consumer Privacy Act (CCPA); EEA/UK residents have rights under the GDPR/UK GDPR. [Add jurisdiction-specific detail after legal review.]
10. Children's Privacy
The Service is not directed to individuals under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated policy with a revised "Last Updated" date and, where required by law, provide additional notice of material changes.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
Digital Command, LLC 8190 Torrgindon Way, Charlotte NC 28217 info @ digitalcommand.co
