Your privacy is important to us.

This Privacy Policy ("Policy") explains how Cognito uses the personal data we collect from you (your “Personal Data”) when you use our websites, engage with our marketing services, or access our web-accessible applications or dashboards (collectively, our “Sites”). Cognito (“Cognito”, “BlockScore”, “we”, “our” and “us”) refers to BlockScore, LLC, D/B/A Cognito.

This Privacy Policy includes important information about your Personal Data and you are encouraged to review it carefully.

Our Data Practices

Cognito provides services for online businesses that need to comply with regulations to detect and prevent fraud and other malicious behavior on their websites or mobile applications (our “Customers”). This Privacy Policy applies to the Personal Data shared on or with our Sites by website visitors, our customers and their authorized users, and individuals who opt-in to our marketing or newsletter subscriptions. This Privacy Policy does not apply to data that is not Personal Data, including anonymous, de-identified, or aggregated data, even when such data has been derived from Personal Data.

Notice to End-Users

Our services are intended for use by our business Customers. Where services are made available to you through a Customer, that Customer is the data controller of your personal data. Cognito is a data processor or sub-processor where it facilitates identity verification, fraud detection, and watchlist screening services at the direction of our Customer.

Where we provide services by agreement to Customers, our Customer controls the information provided by its end users. Your data privacy questions and requests should initially be submitted to the Customer in its capacity as your data controller. Cognito is not responsible for our Customer’s privacy or security practices, which may be different than this Privacy Policy.

Our Customers are able to:

Access and describe your personal data that you provided to them;
Access and export your personal data processed by them; and
Amend your personal data, including your end-user profile.

For more information on how we process or sub-process end user information on our Customer’s instructions, please see our End User Privacy Statement (https://cognitohq.com/privacy-statement/).

Our Customer’s Authorized Users

If you are an employee, contractor, or agent of our Customer accessing our services or Sites via a password-controlled login (an “Authorized User”), the Customer acts as the administrator of their services and is responsible for the accounts it controls. Please contact the Customer for whom you are an Authorized User, or refer to their internal policies for more information regarding your privacy concerns. We are not responsible for the privacy or security practices of our Customers, which may be different from this Privacy Policy.

Personal Data We Collect

When you communicate directly with us, we maintain a record of those communications and our responses. We collect information about your internet or electronic activity, including when you click on an email and if you click on any links provided within the email.

When you visit our Sites, we collect:

information about your internet or electronic activity (where you clicked and how long it took);
your device and browser data (device model number and browser type); and
your IP address.

When you subscribe to and receive our marketing emails, we also collect your:

name; and
email address.

If you are a prospective customer, we collect your:

name;
email address;
phone number; and
professional information regarding your company or employer.

When you become a Customer, we track what services you have purchased from and we also collect your:

name;
email address;
phone number;
postal address; and
professional information regarding your company or employer.

As an Authorized User for our Customer, you or our Customer’s administrator provides information to us: when our Customer registers you for access to our services; when you register to access our services; when you contact our customer support; or, when you send us an email or communicate with Cognito in connection with our services.

The information our Customer provides so that we can invite Authorized Users to access our services includes:

business contact information, including your name, job title, the organization’s name, postal address, and your email address;
information to authenticate your business, including incorporation documents, business licenses, office leases, and utility records;
account login credentials, including usernames, passwords, authentication codes, and two-factor identification codes;
troubleshooting and support data, which is data you provide when you contact Cognito for assistance with our services, including the products you use and details relating to the problem that help us provide support; and
payment information necessary for our payment processors to process your payment, including credit card numbers, bank account information, associated identifiers, and billing addresses. (Cognito does not store full credit card data.)

How We Collect Personal Data

You or our Customer’s account administrator directly provides Cognito with most of the data we collect. We collect and process data when you:

Register online, create an account, or submit a service or sales request for any of our services;
Voluntarily complete a contact form or provide feedback on any of our message boards or via email; and
Use or view our website, our web applications, or a Customer’s dashboard and our services via your browser’s cookies and similar tracking technologies;

We collect your IP address from your internet service provider.

We and our third-party service providers also use cookies, web beacons, and other tracking technologies to collect device and usage data from our website, web-accessible applications, or dashboards when Customers or their Authorized Users interact with and use our services. For more information on how we use cookies and other tracking technologies, see our Cookie Policy.

We may purchase the contact information of prospective customers from data brokers, as part of our legitimate business interest, where applicable and permitted by local privacy laws.

How We Use Personal Data

Cognito collects, uses, and discloses information to provide, market, operate, improve, develop, and protect our services for online businesses, our Customers, that need to comply with regulations necessary to detect and prevent fraud and other malicious behavior on their websites and mobile applications.

We use information we collect to:

Provide the Cognito Services. We base our processing of your Personal Data on our legitimate interests to operate and administer the Cognito Services. For example, to process transactions with you or with a Customer, we authenticate you when you log in, provide customer support, and operate and maintain the Cognito Services.
Promote the security of the Cognito Services. We process your Personal Data by tracking use of the Cognito Services, creating aggregated, non-personal information, verifying accounts and activity, monitoring suspicious or fraudulent activity, and enforcing our terms and policies, to the extent this is necessary for our legitimate interest in promoting the safety and security of the Cognito Services, systems, and applications and in protecting our rights and the rights of others.
Improve and develop the Cognito Services. We use your Personal Data to identify trends, usage, activity patterns, and areas for integration and improvement so that we continually improve the Cognito Services, including adding new features or capabilities that make the Cognito Services smarter, faster, more secure, integrated, and more useful to our Customers and their Authorized Users to the extent it is necessary for our legitimate interests in developing and improving the Cognito Services.
Communicate with you about the Cognito Services. We send you service, technical, and other administrative or transactional emails, messages, and other types of notifications to assist with our legitimate interests in administering the Cognito Services. These communications are considered part of the Cognito Services and in most cases, you cannot opt-out of them. If an opt-out is available, you will find that option within the communication itself or in your account settings.
Send you marketing communications. We process your Personal Data to send you marketing information, product recommendations, events, contests, promotions, and other non-transactional communications about us in accordance with your marketing preferences, as necessary for our legitimate interests in conducting direct marketing or to the extent you have provided your consent. You will find opt-out options within the communication itself or in your account settings.
Protect our legitimate business interests and legal rights. When necessary to protect our legal rights, interests, and the interests of others, or where required by law, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger, or sale of a business.
Promote our legitimate business interests. With your consent, we use information where you have given us explicit consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Cognito Services, with your permission.

Sharing Personal Data

We use service providers and other third-party services to help perform essential business functions on our behalf. We do not share any information unnecessarily, and we carefully review the privacy policy of each service provider and third party to make sure your information is protected.

When we process your request for service, as part of our compliance procedures we may send your data to, and also use the resulting information from, credit reference agencies to prevent fraud.

How We Store and Secure Personal Data

We use data hosting service providers in the United States to host the information we collect, and we use technical measures to secure your data. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.

How long we keep information we collect about you depends on the type of information:

Account Information

We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Cognito Services. After such time, we will either delete or anonymize your information or, if this is not possible, we will securely store your information and isolate it from any further use until deletion is possible.

We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve the Cognito Services. Our retention time frame varies based on our legal obligations.

Where we retain information for Cognito Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of the Cognito Services, not to specifically analyze personal characteristics about you.

Information you share on Cognito Services

If you are an Authorized User and your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow our Customer and your team members or other users to make full use of the Cognito Services. For example, we continue to display messages you sent to the users that received them and continue to display content you provided or decisions you have made regarding using our services.

Managed Accounts

If the Cognito Services are made available to you through an organization for which we are acting as a processor or sub-processor, we retain your information as long as required by the administrator of your account.

Marketing Information

If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in the Cognito Services, such as when you last opened an email from us or ceased using your account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.

Marketing

We would like to send you information about our services. With your consent, we send marketing information, product recommendations, events, promotions, and other non-transactional communications about us in accordance with your marketing preferences. If you have agreed to receive marketing information, you may always opt out at a later date. You have the right at any time to stop Cognito from contacting you for marketing purposes.

What We Share	Who We Share it With (by category)
Name Email Phone number Professional Information	Business Communication Tool Finance and Accounting Tool Hosting Services Provider Sales and Marketing Tool
Commercial Information Payment Information	Finance and Accounting Tool Data Storage Service Provider Contract Management Service Provider
Internet or Electronic Network Activity Device Information IP address	Ad Network Data Analytics Provider Data Storage Service Engineering Infrastructure Tool Hosting Service Provider

Your Data Protection Rights

We want to make sure you are fully aware of all of your data protection rights. Where we are using your information because we or a third party such as your employer have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Cognito Services.

If you are an end user to our Customer, on whose behalf we processed your personal information, you should contact our Customer about your privacy concerns instead of Cognito. For more information on how we process or sub-process end user information on our Customer’s instructions, please see our End User Privacy Statement (https://cognitohq.com/privacy-statement/).

Do Not Track Disclosures

Some web browsers may transmit “do-not-track” (“DNT”) signals to mobile applications with which the user communicates. We currently do not change our tracking practices (which are explained in more detail in below in our Cookies Policy section) in response to DNT settings in your web browser.

Our third-party partners, such as web analytics companies and third-party ad networks, may collect information about you and your online activities over time and across our services and other online Sites. These third parties may not change their tracking practices in response to DNT settings in your web browser and we do not obligate these parties to honor DNT settings. We utilize Google Analytics for our web analytics and you can opt out of your usage data being included in our Google Analytics reports by visiting https://tools.google.com/dlpage/gaoptout.

GDPR Notice

Subject to exceptions or limitations provided by law, if you are located in the EEA or UK, you have rights regarding how personal information collected about you is used. If we have processed or are processing your personal information, you are entitled to exercise the following rights:

The right to access. You have the right to request copies of your personal data. We may charge you a small fee for this service.

The right to rectification. You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

The right to erasure. You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing. You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing. You have the right to object to our processing of your personal data, under certain conditions.

The right to withdraw consent. You have the right to revoke your consent where or when our processing of your personal information is based on consent.

The right to data portability. You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party such as your employer have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.

If you still want to raise a question to Cognito, or otherwise exercise your rights in respect of your personal information, Cognito has appointed Plaid B.V. as its Data Protection Representative for the purposes of the GDPR in the EU/EEA and the Data Protection Act 2018 (as amended) in the UK.

UK and EEA residents may direct privacy concerns to Plaid B.V., our Data Protection Representative, by sending an email to privacy@plaid.com or via online webform at http://plaid.com/legal/data-protection-request-form/.

International Data Transfers

We do not share your Personal Data with third parties, unless it is necessary to carry out your request, to provide you the services, for our professional or legitimate business needs, or as required or permitted by law. Where we do transfer your Personal Data to third parties or service providers, appropriate arrangements will be made in order to ensure correct and secure data processing in compliance with applicable data protection law. Whenever we transfer your information, we take steps to protect it.

We collect information globally and store that information in the United States. Your Personal Data may be processed outside of the EEA and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection as the EEA.

In the event we process your Personal Data in a country not subject to an adequacy decision, we will ensure that the recipient of your Personal Data offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission.

You can obtain more details of the protection given to your Personal Data when it is transferred outside Europe by contacting us below.

Use by Minors

We do not knowingly collect any personal data from children under the age of 16. If you are under the age of 16, please do not submit any Personal Data through our Sites. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce our policy by instructing their child not to provide Personal Data through the Sites without permission. If you have reason to believe that a child under the age of 16 has provided Personal Data to us through our Sites, please contact us at: privacy@cognitohq.comand we will use commercially reasonable efforts to delete that information.

Updates to Privacy Policy

We may revise this Privacy Policy from time to time in response to our requirements and changing legal, technical or business developments. We will provide any updates on our Site and the revised version will be effective when it is posted. If we make any material changes to the ways in which we use or share Personal Data previously collected from you, we will post the updated version here. You can see when this Privacy Policy was last updated by checking the “last updated” or “effective” date displayed at the top of this page.

Cookie Policy

We collect certain information (automatically) through the use of “cookies” and similar tracking technologies. Cookies are small text files that are stored in a computer’s browser directory. Cookies help site providers understand how website visitors use a site, remember an Authorized User’s login details, and store site preferences.

How we use cookies

We use cookies to:

ensure our services function properly;
detect and prevent fraud;
understand how visitors use and engage with our Sites; and
analyze and improve our services.

What types of Cookies we Use

We use both first-party cookies, or cookies placed and read by Cognito directly when you use our services, and third-party cookies, or cookies not set by Cognito, but by other companies for site analytics purposes.

We use Google Analytics for aggregated, anonymized website traffic analysis. We also send Google your IP Address. We use Google Analytics to track aggregated website behavior, such as what pages you looked at and for how long. This information is important to us for improving the user experience and determining site effectiveness.

Managing cookies

If you wish to block, erase, or be warned of cookies, please refer to your browser instructions or “help screen” to learn about these functions. If your browser is set to not accept cookies or if you reject a cookie, you may not be able to use our Sites and certain parts of our services.

If you would like access to what browsing information we have, please reach out to us via our form contact. You can opt out of your usage data being included in our Google Analytics reports by visiting: https://tools.google.com/dlpage/gaoptout.

How to Contact Us

Please contact Cognito with any questions or comments about this Privacy Policy or our privacy practices at:

BlockScore, LLC D/B/A Cognito
Attn: Privacy Officer
440 N Barranca Ave, #4260
Covina, CA 91723
United States

Email: privacy@cognitohq.com

EEA and UK Residents

Cognito has appointed Plaid B.V. as its Data Protection Representative for the purposes of the GDPR in the EU/EEA and the Data Protection Act 2018 (as amended) in the UK. If we have processed or are processing your personal data, you may be entitled to exercise your rights under GDPR in respect of that personal data. If you are an end user of our Customer, on whose behalf we have processed your Personal Data, is also located the EEA or UK, you should contact our Customer about your Personal Data instead of Cognito’s Data Protection Representative.

UK and EEA residents may direct privacy concerns to Plaid B.V., our Data Protection Representative, by sending an email to privacy@plaid.com or via online webform at http://plaid.com/legal/data-protection-request-form/.

You may also mail your inquiry to Plaid at the following addresses:

For EU Residents
Plaid B.V.
Attn: Legal
Muiderstraat 1
1011PZ Amsterdam
The Netherlands

For UK Residents
Plaid B.V.
Attn: Legal
New Penderel House, 4th Floor
283-288 High Holborn
London, United Kingdom, WC1V 7HP