Last Updated: Dec 7, 2023
Your privacy is important to us.
This Privacy Policy ("Policy") explains how Cognito uses the personal data we collect from you (your “Personal Data”) when you use our websites, engage with our marketing services, or access our web-accessible applications or dashboards (collectively, our “Sites”). Cognito (“Cognito”, “BlockScore”, “we”, “our” and “us”) refers to BlockScore, LLC, D/B/A Cognito.
This Privacy Policy includes important information about your Personal Data and you are encouraged to review it carefully.
Cognito provides services for online businesses that need to comply with regulations to detect and prevent fraud and other malicious behavior on their websites or mobile applications (our “Customers”). This Privacy Policy applies to the Personal Data shared on or with our Sites by website visitors, our customers and their authorized users, and individuals who opt-in to our marketing or newsletter subscriptions. This Privacy Policy does not apply to data that is not Personal Data, including anonymous, de-identified, or aggregated data, even when such data has been derived from Personal Data.
Our services are intended for use by our business Customers. Where services are made available to you through a Customer, that Customer is the data controller of your personal data. Cognito is a data processor or sub-processor where it facilitates identity verification, fraud detection, and watchlist screening services at the direction of our Customer.
Where we provide services by agreement to Customers, our Customer controls the information provided by its end users. Your data privacy questions and requests should initially be submitted to the Customer in its capacity as your data controller. Cognito is not responsible for our Customer’s privacy or security practices, which may be different than this Privacy Policy.
Our Customers are able to:
For more information on how we process or sub-process end user information on our Customer’s instructions, please see our End User Privacy Statement (https://cognitohq.com/privacy-statement/).
If you are an employee, contractor, or agent of our Customer accessing our services or Sites via a password-controlled login (an “Authorized User”), the Customer acts as the administrator of their services and is responsible for the accounts it controls. Please contact the Customer for whom you are an Authorized User, or refer to their internal policies for more information regarding your privacy concerns. We are not responsible for the privacy or security practices of our Customers, which may be different from this Privacy Policy.
When you communicate directly with us, we maintain a record of those communications and our responses. We collect information about your internet or electronic activity, including when you click on an email and if you click on any links provided within the email.
When you visit our Sites, we collect:
When you subscribe to and receive our marketing emails, we also collect your:
If you are a prospective customer, we collect your:
When you become a Customer, we track what services you have purchased from and we also collect your:
As an Authorized User for our Customer, you or our Customer’s administrator provides information to us: when our Customer registers you for access to our services; when you register to access our services; when you contact our customer support; or, when you send us an email or communicate with Cognito in connection with our services.
The information our Customer provides so that we can invite Authorized Users to access our services includes:
You or our Customer’s account administrator directly provides Cognito with most of the data we collect. We collect and process data when you:
We collect your IP address from your internet service provider.
We and our third-party service providers also use cookies, web beacons, and other tracking technologies to collect device and usage data from our website, web-accessible applications, or dashboards when Customers or their Authorized Users interact with and use our services. For more information on how we use cookies and other tracking technologies, see our Cookie Policy.
We may purchase the contact information of prospective customers from data brokers, as part of our legitimate business interest, where applicable and permitted by local privacy laws.
Cognito collects, uses, and discloses information to provide, market, operate, improve, develop, and protect our services for online businesses, our Customers, that need to comply with regulations necessary to detect and prevent fraud and other malicious behavior on their websites and mobile applications.
We use information we collect to:
We use service providers and other third-party services to help perform essential business functions on our behalf. We do not share any information unnecessarily, and we carefully review the privacy policy of each service provider and third party to make sure your information is protected.
When we process your request for service, as part of our compliance procedures we may send your data to, and also use the resulting information from, credit reference agencies to prevent fraud.
We use data hosting service providers in the United States to host the information we collect, and we use technical measures to secure your data. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.
How long we keep information we collect about you depends on the type of information:
We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Cognito Services. After such time, we will either delete or anonymize your information or, if this is not possible, we will securely store your information and isolate it from any further use until deletion is possible.
We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve the Cognito Services. Our retention time frame varies based on our legal obligations.
Where we retain information for Cognito Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of the Cognito Services, not to specifically analyze personal characteristics about you.
If you are an Authorized User and your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow our Customer and your team members or other users to make full use of the Cognito Services. For example, we continue to display messages you sent to the users that received them and continue to display content you provided or decisions you have made regarding using our services.
If the Cognito Services are made available to you through an organization for which we are acting as a processor or sub-processor, we retain your information as long as required by the administrator of your account.
If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in the Cognito Services, such as when you last opened an email from us or ceased using your account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
We would like to send you information about our services. With your consent, we send marketing information, product recommendations, events, promotions, and other non-transactional communications about us in accordance with your marketing preferences. If you have agreed to receive marketing information, you may always opt out at a later date. You have the right at any time to stop Cognito from contacting you for marketing purposes.
What We Share | Who We Share it With (by category) |
---|---|
Name Phone number Professional Information | Business Communication Tool Finance and Accounting Tool Hosting Services Provider Sales and Marketing Tool |
Commercial Information Payment Information | Finance and Accounting Tool Data Storage Service Provider Contract Management Service Provider |
Internet or Electronic Network Activity Device Information IP address | Ad Network Data Analytics Provider Data Storage Service Engineering Infrastructure Tool Hosting Service Provider |
We want to make sure you are fully aware of all of your data protection rights. Where we are using your information because we or a third party such as your employer have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Cognito Services.
If you are an end user to our Customer, on whose behalf we processed your personal information, you should contact our Customer about your privacy concerns instead of Cognito. For more information on how we process or sub-process end user information on our Customer’s instructions, please see our End User Privacy Statement (https://cognitohq.com/privacy-statement/).
Some web browsers may transmit “do-not-track” (“DNT”) signals to mobile applications with which the user communicates. We currently do not change our tracking practices (which are explained in more detail in below in our Cookies Policy section) in response to DNT settings in your web browser.
Our third-party partners, such as web analytics companies and third-party ad networks, may collect information about you and your online activities over time and across our services and other online Sites. These third parties may not change their tracking practices in response to DNT settings in your web browser and we do not obligate these parties to honor DNT settings. We utilize Google Analytics for our web analytics and you can opt out of your usage data being included in our Google Analytics reports by visiting https://tools.google.com/dlpage/gaoptout.
GDPR Notice
Subject to exceptions or limitations provided by law, if you are located in the EEA or UK, you have rights regarding how personal information collected about you is used. If we have processed or are processing your personal information, you are entitled to exercise the following rights:
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party such as your employer have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
If you still want to raise a question to Cognito, or otherwise exercise your rights in respect of your personal information, Cognito has appointed Plaid B.V. as its Data Protection Representative for the purposes of the GDPR in the EU/EEA and the Data Protection Act 2018 (as amended) in the UK.
UK and EEA residents may direct privacy concerns to Plaid B.V., our Data Protection Representative, by sending an email to moc.dialp@ycavirp or via online webform at http://plaid.com/legal/data-protection-request-form/.
We do not share your Personal Data with third parties, unless it is necessary to carry out your request, to provide you the services, for our professional or legitimate business needs, or as required or permitted by law. Where we do transfer your Personal Data to third parties or service providers, appropriate arrangements will be made in order to ensure correct and secure data processing in compliance with applicable data protection law. Whenever we transfer your information, we take steps to protect it.
We collect information globally and store that information in the United States. Your Personal Data may be processed outside of the EEA and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection as the EEA.
In the event we process your Personal Data in a country not subject to an adequacy decision, we will ensure that the recipient of your Personal Data offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission.
You can obtain more details of the protection given to your Personal Data when it is transferred outside Europe by contacting us below.
We do not knowingly collect any personal data from children under the age of 16. If you are under the age of 16, please do not submit any Personal Data through our Sites. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce our policy by instructing their child not to provide Personal Data through the Sites without permission. If you have reason to believe that a child under the age of 16 has provided Personal Data to us through our Sites, please contact us at: moc.qhotingoc@ycavirpand we will use commercially reasonable efforts to delete that information.
We may revise this Privacy Policy from time to time in response to our requirements and changing legal, technical or business developments. We will provide any updates on our Site and the revised version will be effective when it is posted. If we make any material changes to the ways in which we use or share Personal Data previously collected from you, we will post the updated version here. You can see when this Privacy Policy was last updated by checking the “last updated” or “effective” date displayed at the top of this page.
We collect certain information (automatically) through the use of “cookies” and similar tracking technologies. Cookies are small text files that are stored in a computer’s browser directory. Cookies help site providers understand how website visitors use a site, remember an Authorized User’s login details, and store site preferences.
We use cookies to:
We use both first-party cookies, or cookies placed and read by Cognito directly when you use our services, and third-party cookies, or cookies not set by Cognito, but by other companies for site analytics purposes.
We use Google Analytics for aggregated, anonymized website traffic analysis. We also send Google your IP Address. We use Google Analytics to track aggregated website behavior, such as what pages you looked at and for how long. This information is important to us for improving the user experience and determining site effectiveness.
If you wish to block, erase, or be warned of cookies, please refer to your browser instructions or “help screen” to learn about these functions. If your browser is set to not accept cookies or if you reject a cookie, you may not be able to use our Sites and certain parts of our services.
If you would like access to what browsing information we have, please reach out to us via our form contact. You can opt out of your usage data being included in our Google Analytics reports by visiting: https://tools.google.com/dlpage/gaoptout.
Please contact Cognito with any questions or comments about this Privacy Policy or our privacy practices at:
BlockScore, LLC D/B/A Cognito
Attn: Privacy Officer
440 N Barranca Ave, #4260
Covina, CA 91723
United States
Email: moc.qhotingoc@ycavirp
Cognito has appointed Plaid B.V. as its Data Protection Representative for the purposes of the GDPR in the EU/EEA and the Data Protection Act 2018 (as amended) in the UK. If we have processed or are processing your personal data, you may be entitled to exercise your rights under GDPR in respect of that personal data. If you are an end user of our Customer, on whose behalf we have processed your Personal Data, is also located the EEA or UK, you should contact our Customer about your Personal Data instead of Cognito’s Data Protection Representative.
UK and EEA residents may direct privacy concerns to Plaid B.V., our Data Protection Representative, by sending an email to moc.dialp@ycavirp or via online webform at http://plaid.com/legal/data-protection-request-form/.
You may also mail your inquiry to Plaid at the following addresses:
For EU Residents
Plaid B.V.
Attn: Legal
Muiderstraat 1
1011PZ Amsterdam
The Netherlands
For UK Residents
Plaid B.V.
Attn: Legal
New Penderel House, 4th Floor
283-288 High Holborn
London, United Kingdom, WC1V 7HP
We collect the personal information you provide to us when you purchase our products or visit our website. The categories of information we may collect include:
We do not retain data for any longer than is necessary for the purposes described in this Policy.
We process personal information for the following business and commercial purposes:
We may disclose personal information about you for business and commercial purposes when you purchase our products or visit our website:
Personal Information Category | Categories of Service Providers | Categories of Third Parties |
---|---|---|
Personal Identifiers | Cybersecurity Providers, Governance, Risk & Compliance Software, IT Infrastructure Services, Web Hosting Services, Business Operations Tool, Collaboration & Productivity Tools, Customer Support Tools, and Sales & Marketing Tools | Data Analytics Providers and Data Brokers |
Internet Activity | Business Operations Tool and Sales & Marketing Tools | Ad Networks |
Custom Data | Business Operations Tool | None |