Privacy Policy - Cognito

Your privacy is important to us.

This Privacy Policy ("Policy") explains how Cognito uses the personal data we collect from you (your “Personal Data”) when you use our websites, engage with our marketing services, or access our web-accessible applications or dashboards (collectively, our “Sites”). Cognito (“Cognito”, “BlockScore”, “we”, “our” and “us”) refers to BlockScore, LLC, D/B/A Cognito.

This Privacy Policy includes important information about your Personal Data and you are encouraged to review it carefully.

Our Data Practices

Cognito provides services for online businesses that need to comply with regulations to detect and prevent fraud and other malicious behavior on their websites or mobile applications (our “Customers”). This Privacy Policy applies to the Personal Data shared on or with our Sites by website visitors, our customers and their authorized users, and individuals who opt-in to our marketing or newsletter subscriptions. This Privacy Policy does not apply to data that is not Personal Data, including anonymous, de-identified, or aggregated data, even when such data has been derived from Personal Data.

Notice to End-Users

Our services are intended for use by our business Customers. Where services are made available to you through a Customer, that Customer is the data controller of your personal data. Cognito is a data processor or sub-processor where it facilitates identity verification, fraud detection, and watchlist screening services at the direction of our Customer.

Where we provide services by agreement to Customers, our Customer controls the information provided by its end users. Your data privacy questions and requests should initially be submitted to the Customer in its capacity as your data controller. Cognito is not responsible for our Customer’s privacy or security practices, which may be different than this Privacy Policy.

Our Customers are able to:

Access and describe your personal data that you provided to them;
Access and export your personal data processed by them; and
Amend your personal data, including your end-user profile.

For more information on how we process or sub-process end user information on our Customer’s instructions, please see our End User Privacy Statement (https://cognitohq.com/privacy-statement/).

Our Customer’s Authorized Users

If you are an employee, contractor, or agent of our Customer accessing our services or Sites via a password-controlled login (an “Authorized User”), the Customer acts as the administrator of their services and is responsible for the accounts it controls. Please contact the Customer for whom you are an Authorized User, or refer to their internal policies for more information regarding your privacy concerns. We are not responsible for the privacy or security practices of our Customers, which may be different from this Privacy Policy.

Personal Data We Collect

When you communicate directly with us, we maintain a record of those communications and our responses. We collect information about your internet or electronic activity, including when you click on an email and if you click on any links provided within the email.

When you visit our Sites, we collect:

information about your internet or electronic activity (where you clicked and how long it took);
your device and browser data (device model number and browser type); and
your IP address.

When you subscribe to and receive our marketing emails, we also collect your:

name; and
email address.

If you are a prospective customer, we collect your:

name;
email address;
phone number; and
professional information regarding your company or employer.

When you become a Customer, we track what services you have purchased from and we also collect your:

name;
email address;
phone number;
postal address; and
professional information regarding your company or employer.

As an Authorized User for our Customer, you or our Customer’s administrator provides information to us: when our Customer registers you for access to our services; when you register to access our services; when you contact our customer support; or, when you send us an email or communicate with Cognito in connection with our services.

The information our Customer provides so that we can invite Authorized Users to access our services includes:

business contact information, including your name, job title, the organization’s name, postal address, and your email address;
information to authenticate your business, including incorporation documents, business licenses, office leases, and utility records;
account login credentials, including usernames, passwords, authentication codes, and two-factor identification codes;
troubleshooting and support data, which is data you provide when you contact Cognito for assistance with our services, including the products you use and details relating to the problem that help us provide support; and
payment information necessary for our payment processors to process your payment, including credit card numbers, bank account information, associated identifiers, and billing addresses. (Cognito does not store full credit card data.)

How We Collect Personal Data

You or our Customer’s account administrator directly provides Cognito with most of the data we collect. We collect and process data when you:

Register online, create an account, or submit a service or sales request for any of our services;
Voluntarily complete a contact form or provide feedback on any of our message boards or via email; and
Use or view our website, our web applications, or a Customer’s dashboard and our services via your browser’s cookies and similar tracking technologies;

We collect your IP address from your internet service provider.

We and our third-party service providers also use cookies, web beacons, and other tracking technologies to collect device and usage data from our website, web-accessible applications, or dashboards when Customers or their Authorized Users interact with and use our services. For more information on how we use cookies and other tracking technologies, see our Cookie Policy.

We may purchase the contact information of prospective customers from data brokers, as part of our legitimate business interest, where applicable and permitted by local privacy laws.

How We Use Personal Data

Cognito collects, uses, and discloses information to provide, market, operate, improve, develop, and protect our services for online businesses, our Customers, that need to comply with regulations necessary to detect and prevent fraud and other malicious behavior on their websites and mobile applications.

We use information we collect to:

Provide the Cognito Services. We base our processing of your Personal Data on our legitimate interests to operate and administer the Cognito Services. For example, to process transactions with you or with a Customer, we authenticate you when you log in, provide customer support, and operate and maintain the Cognito Services.
Promote the security of the Cognito Services. We process your Personal Data by tracking use of the Cognito Services, creating aggregated, non-personal information, verifying accounts and activity, monitoring suspicious or fraudulent activity, and enforcing our terms and policies, to the extent this is necessary for our legitimate interest in promoting the safety and security of the Cognito Services, systems, and applications and in protecting our rights and the rights of others.
Improve and develop the Cognito Services. We use your Personal Data to identify trends, usage, activity patterns, and areas for integration and improvement so that we continually improve the Cognito Services, including adding new features or capabilities that make the Cognito Services smarter, faster, more secure, integrated, and more useful to our Customers and their Authorized Users to the extent it is necessary for our legitimate interests in developing and improving the Cognito Services.
Communicate with you about the Cognito Services. We send you service, technical, and other administrative or transactional emails, messages, and other types of notifications to assist with our legitimate interests in administering the Cognito Services. These communications are considered part of the Cognito Services and in most cases, you cannot opt-out of them. If an opt-out is available, you will find that option within the communication itself or in your account settings.
Send you marketing communications. We process your Personal Data to send you marketing information, product recommendations, events, contests, promotions, and other non-transactional communications about us in accordance with your marketing preferences, as necessary for our legitimate interests in conducting direct marketing or to the extent you have provided your consent. You will find opt-out options within the communication itself or in your account settings.
Protect our legitimate business interests and legal rights. When necessary to protect our legal rights, interests, and the interests of others, or where required by law, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger, or sale of a business.
Promote our legitimate business interests. With your consent, we use information where you have given us explicit consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Cognito Services, with your permission.

Sharing Personal Data

We use service providers and other third-party services to help perform essential business functions on our behalf. We do not share any information unnecessarily, and we carefully review the privacy policy of each service provider and third party to make sure your information is protected.

When we process your request for service, as part of our compliance procedures we may send your data to, and also use the resulting information from, credit reference agencies to prevent fraud.

How We Store and Secure Personal Data

We use data hosting service providers in the United States to host the information we collect, and we use technical measures to secure your data. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.

How long we keep information we collect about you depends on the type of information:

Account Information

We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Cognito Services. After such time, we will either delete or anonymize your information or, if this is not possible, we will securely store your information and isolate it from any further use until deletion is possible.

We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve the Cognito Services. Our retention time frame varies based on our legal obligations.

Where we retain information for Cognito Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of the Cognito Services, not to specifically analyze personal characteristics about you.

Information you share on Cognito Services

If you are an Authorized User and your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow our Customer and your team members or other users to make full use of the Cognito Services. For example, we continue to display messages you sent to the users that received them and continue to display content you provided or decisions you have made regarding using our services.

Managed Accounts

If the Cognito Services are made available to you through an organization for which we are acting as a processor or sub-processor, we retain your information as long as required by the administrator of your account.

Marketing Information

If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in the Cognito Services, such as when you last opened an email from us or ceased using your account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.

Marketing

We would like to send you information about our services. With your consent, we send marketing information, product recommendations, events, promotions, and other non-transactional communications about us in accordance with your marketing preferences. If you have agreed to receive marketing information, you may always opt out at a later date. You have the right at any time to stop Cognito from contacting you for marketing purposes.

What We Share	Who We Share it With (by category)
Name Email Phone number Professional Information	Business Communication Tool Finance and Accounting Tool Hosting Services Provider Sales and Marketing Tool
Commercial Information Payment Information	Finance and Accounting Tool Data Storage Service Provider Contract Management Service Provider
Internet or Electronic Network Activity Device Information IP address	Ad Network Data Analytics Provider Data Storage Service Engineering Infrastructure Tool Hosting Service Provider

Your Data Protection Rights

We want to make sure you are fully aware of all of your data protection rights. Where we are using your information because we or a third party such as your employer have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Cognito Services.

If you are an end user to our Customer, on whose behalf we processed your personal information, you should contact our Customer about your privacy concerns instead of Cognito. For more information on how we process or sub-process end user information on our Customer’s instructions, please see our End User Privacy Statement (https://cognitohq.com/privacy-statement/).

Do Not Track Disclosures

Some web browsers may transmit “do-not-track” (“DNT”) signals to mobile applications with which the user communicates. We currently do not change our tracking practices (which are explained in more detail in below in our Cookies Policy section) in response to DNT settings in your web browser.

Our third-party partners, such as web analytics companies and third-party ad networks, may collect information about you and your online activities over time and across our services and other online Sites. These third parties may not change their tracking practices in response to DNT settings in your web browser and we do not obligate these parties to honor DNT settings. We utilize Google Analytics for our web analytics and you can opt out of your usage data being included in our Google Analytics reports by visiting https://tools.google.com/dlpage/gaoptout.

GDPR Notice

Subject to exceptions or limitations provided by law, if you are located in the EEA or UK, you have rights regarding how personal information collected about you is used. If we have processed or are processing your personal information, you are entitled to exercise the following rights:

The right to access. You have the right to request copies of your personal data. We may charge you a small fee for this service.

The right to rectification. You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

The right to erasure. You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing. You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing. You have the right to object to our processing of your personal data, under certain conditions.

The right to withdraw consent. You have the right to revoke your consent where or when our processing of your personal information is based on consent.

The right to data portability. You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party such as your employer have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.

If you still want to raise a question to Cognito, or otherwise exercise your rights in respect of your personal information, Cognito has appointed DataRep as its Data Protection Representative for the purposes of the GDPR in the EU/EEA and the Data Protection Act 2018 (as amended) in the UK.

You may contact DataRep by sending an email to moc.peratad@otingoc or by contacting our Data Protection Representative via webform at https://www.datarep.com/cognito.

International Data Transfers

We do not share your Personal Data with third parties, unless it is necessary to carry out your request, to provide you the services, for our professional or legitimate business needs, or as required or permitted by law. Where we do transfer your Personal Data to third parties or service providers, appropriate arrangements will be made in order to ensure correct and secure data processing in compliance with applicable data protection law. Whenever we transfer your information, we take steps to protect it.

We collect information globally and store that information in the United States. Your Personal Data may be processed outside of the EEA and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection as the EEA.

In the event we process your Personal Data in a country not subject to an adequacy decision, we will ensure that the recipient of your Personal Data offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission.

You can obtain more details of the protection given to your Personal Data when it is transferred outside Europe by contacting us below.

Use by Minors

We do not knowingly collect any personal data from children under the age of 16. If you are under the age of 16, please do not submit any Personal Data through our Sites. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce our policy by instructing their child not to provide Personal Data through the Sites without permission. If you have reason to believe that a child under the age of 16 has provided Personal Data to us through our Sites, please contact us at: moc.qhotingoc@ycavirpand we will use commercially reasonable efforts to delete that information.

Updates to Privacy Policy

We may revise this Privacy Policy from time to time in response to our requirements and changing legal, technical or business developments. We will provide any updates on our Site and the revised version will be effective when it is posted. If we make any material changes to the ways in which we use or share Personal Data previously collected from you, we will post the updated version here. You can see when this Privacy Policy was last updated by checking the “last updated” or “effective” date displayed at the top of this page.

Cookie Policy

We collect certain information (automatically) through the use of “cookies” and similar tracking technologies. Cookies are small text files that are stored in a computer’s browser directory. Cookies help site providers understand how website visitors use a site, remember an Authorized User’s login details, and store site preferences.

How we use cookies

We use cookies to:

ensure our services function properly;
detect and prevent fraud;
understand how visitors use and engage with our Sites; and
analyze and improve our services.

What types of Cookies we Use

We use both first-party cookies, or cookies placed and read by Cognito directly when you use our services, and third-party cookies, or cookies not set by Cognito, but by other companies for site analytics purposes.

We use Google Analytics for aggregated, anonymized website traffic analysis. We also send Google your IP Address. We use Google Analytics to track aggregated website behavior, such as what pages you looked at and for how long. This information is important to us for improving the user experience and determining site effectiveness.

Managing cookies

If you wish to block, erase, or be warned of cookies, please refer to your browser instructions or “help screen” to learn about these functions. If your browser is set to not accept cookies or if you reject a cookie, you may not be able to use our Sites and certain parts of our services.

If you would like access to what browsing information we have, please reach out to us via our form contact. You can opt out of your usage data being included in our Google Analytics reports by visiting: https://tools.google.com/dlpage/gaoptout.

How to Contact Us

Please contact Cognito with any questions or comments about this Privacy Policy or our privacy practices at:

BlockScore, LLC D/B/A Cognito
Attn: Privacy Officer
340 S Lemon Ave, Suite 4260
Walnut, CA 91789
United States

Email: moc.qhotingoc@ycavirp

EEA and UK Residents

Cognito has appointed DataRep as its Data Protection Representative for the purposes of the GDPR in the EU/EEA and the Data Protection Act 2018 (as amended) in the UK. If we have processed or are processing your personal data, you may be entitled to exercise your rights under GDPR in respect of that personal data. If you are an end user of our Customer, on whose behalf we have processed your Personal Data, is also located the EEA or UK, you should contact our Customer about your Personal Data instead of Cognito’s Data Protection Representative.

UK and EEA residents may direct privacy concerns to DataRep, our Data Protection Representative, by sending an email to moc.peratad@otingoc or via online webform at http://www.datarep.com/data-request.

If you reside in the UK, please contact Cognito with any questions or comments about this Privacy Policy by referring clearly to “Cognito” in your correspondence to:

DataRep
107-111 Fleet Street
EC4A 2AB, London
United Kingdom

If you reside in the EEA, please contact Cognito with any questions or comments about this Privacy Policy by referring clearly to “Cognito” in your correspondence to:

DataRep
The Cube
Monahan Road
Cork, T12 H1XY
Republic of Ireland

Information we collect

Information you provide to us

We collect the personal information you provide to us when you Website Visitors. The categories of information we may collect include:

Personal Identifiers, including name, email address, postal address, and telephone number

We collect the personal information you provide to us when you Business Prospects. The categories of information we may collect include:

Personal Identifiers, including name, email address, postal address, and telephone number
Commercial and Financial Information, including signature

To the extent we process deidentified personal information, we will make no attempt to reidentify such data.

Information collected automatically

We automatically collect internet or other electronic information about you when you visit our website, such as IP address, browsing history and interactions with our website. This data may be collected using browser cookies and other unique personal identifiers.

Information from other sources

We may collect personal information about you from third-party sources, including Data Analytics Providers and Data Brokers.

How long we keep your data

We do not retain data for any longer than is necessary for the purposes described in this Policy.

How we share and disclose information

Information Disclosed for Business or Commercial Purposes in the Last 12 Months, and Categories of Parties Disclosed To

We may disclose the following personal information about you when you Website Visitors:

Personal Information Disclosed	Recipient (by Category)
Personal Identifiers	Governance, Risk & Compliance Software, IT Infrastructure Services, and Web Hosting Services
Online Identifiers	Cybersecurity Providers, Data Analytics Providers, IT Infrastructure Services, and Web Hosting Services

We may disclose the following personal information about you when you Business Prospects:

Personal Information Disclosed	Recipient (by Category)
Personal Identifiers	Business Operations Tool, Collaboration & Productivity Tools, Customer Support Tools, Governance, Risk & Compliance Software, IT Infrastructure Services, Sales & Marketing Tools, and Web Hosting Services
Online Identifiers	Business Operations Tool, Cybersecurity Providers, Data Analytics Providers, IT Infrastructure Services, and Web Hosting Services
Internet Activity	Ad Networks, Business Operations Tool, and Sales & Marketing Tools
Commercial and Financial Information	Business Operations Tool

California Privacy Notice (CCPA)

This section provides additional information for California residents under the California Consumer Privacy Act (CCPA). The terms used in this section have the same meaning as in the CCPA. This section does not apply to information that is not considered "personal information," such as anonymous, deidentified, or aggregated information, nor does it apply to publicly available information as defined in the CCPA.

Collection and Disclosure of Personal Information

The personal information we collect is described above in Information we collect. The personal information we disclose for business or commercial purposes is described above in How we share and disclose information. The length of time for which we retain personal information is described above in How long we keep your data.

Business and Commercial Purposes for Collection

We collect personal information for the following business purposes:

Advertising and Marketing
Provide Products or Services
Quality Assurance
Security

We also "sell" (as defined in the CCPA) personal information for commercial purposes, including to advertise and market our products.

Information “Sharing” and “Selling”

We use third party data analytics providers and this may be considered a “sale” of information under the CCPA.

You may opt-out of these data practices here.

We do not knowingly sell or share (for cross-context behavioral advertising) the personal information of consumers under 16 years of age.

CCPA Rights

Your CCPA rights are described below. You can make a Request to Know or a Request to Delete under the CCPA by submitting a Privacy Request at the top of this page, or by clicking here, or by emailing us at moc.qhotingoc@ycavirp.

Right to Know

You have the right to request to know the following about the personal information we have collected about you in the past 12 months:

the categories and specific pieces of personal information we have collected about you
the categories of sources from which we collect personal information about you
the business and commercial purposes for which we collect personal information
the categories of third parties with whom we share the information
the categories of personal information about you that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose

The information we would provide to you in response to a Request to Know Categories is contained in this Privacy Notice. To access the specific personal information we have about you, submit a Request to Know via the link above. If you make a Request to Know more than twice in a 12-month period, we may require you to pay a small fee for this service.

Right to Delete

You have the right to request that we delete any personal information about you that you have provided to us. We will permanently delete from our records any personal information that is not necessary for our business operations and direct our service providers to do the same.

We consider information to be necessary for our business operations if it is used to:

Complete an obligation to you that you have requested
Detect and resolve issues related to security or functionality
Comply with legal obligations
Enable solely internal uses

Right to Non-Discrimination

If you exercise your CCPA consumer rights:

We will not deny goods or services to you
We will not charge you different prices or rates for goods or services, including through the use of discounts or other benefits or penalties
We will not provide a different level or quality of goods or services to you

Right to Opt-Out

You have the right to opt-out of any selling and sharing of your personal information.

You may exercise your right to opt-out here.

Opt-Out Preference Signals. Your browser settings may allow you to automatically transmit the Global Privacy Control (GPC) signal to online services you visit. When we detect such signal, we place a U.S. Privacy String setting in your browser so that any third party who respects that signal will not track your activity on our website. GPC is supported by certain internet browsers or as a browser extension. You can find out how to enable GPC here.

Right to Correct

You have the right to correct inaccuracies in your personal data, taking into account the nature of the data and our purposes for processing it.

Request Verification

Before we can respond to a Request to Know or Request to Delete, we will need to verify that you are the consumer who is the subject of the CCPA request. Verification is important for preventing fraudulent requests and identity theft. Requests to Opt-Out do not require verification.

Typically, identity verification will require you to confirm certain information about yourself based on information we have already collected. For example, we will ask you to verify that you have access to the email address we have on file for you. If we cannot verify your identity based on our records, we cannot fulfill your CCPA request.

For a request that seeks specific personal information, we ask that you sign a declaration stating that you are the consumer whose personal information is the subject of the request, as required by the CCPA.

In some cases, we may have no reasonable method by which we can verify a consumer's identity. For example:

If a consumer submits a request but we have not collected any personal information about that consumer, we cannot verify the request.
If the only data we have collected about a consumer is gathered through website cookies (i.e. the consumer visited our website but had no other interaction with us), we are unable to reasonably associate a requester with any data collected; therefore, we cannot verify the request.
If we process a consumer’s information as a service provider to another organization, we are not permitted to respond in a substantive way to that consumer’s CCPA request. We will, however, assist the organization in fulfilling your privacy request.

Authorized Agent

A California resident's authorized agent may submit a Request to Know or a Request to Delete under the CCPA by emailing us at moc.qhotingoc@ycavirp. Requests submitted by an authorized agent will still require verification of the person who is the subject of the request in accordance with the process described above. We will also ask for proof that the person who is the subject of the request authorized an agent to submit a privacy request on their behalf. An authorized agent that has power of attorney pursuant to California Probate Code section 4121 to 4130 must submit proof of statutory power of attorney, but consumer verification is not required.

If you have trouble accessing this notice, please contact us at moc.qhotingoc@ycavirp.

Contact Us

If you have any privacy-related questions, please send them to moc.qhotingoc@ycavirp.