Privacy Policy

Last Updated: May 2, 2026 | cognilumos

1. Data Collection

We collect information provided through Google OAuth, including your email address, profile identifier, and basic account details needed to authenticate your use of the platform. We also process YouTube data and creator research inputs that you explicitly request inside cognilumos, including channel metadata, video statistics, transcripts, and source links used to generate analysis.

2. How We Use Data

We use this information to authenticate your account, run research workflows, generate creator intelligence outputs, and deliver transcript-grounded insights, reports, and strategic recommendations inside the product. We do not sell your personal information.

3. Data Retention and Control

Research sessions, outputs, and account-linked history may be stored in your private workspace so you can revisit prior work. You may request deletion of your account data or remove historical research items from the application where available.

4. YouTube API Services

cognilumos uses YouTube API Services. By using the product, you also agree to the YouTube Terms of Service and acknowledge the Google Privacy Policy.

5. Security

We use reasonable technical and organizational safeguards to protect account access, session state, and stored research data. No internet transmission or storage system is guaranteed to be perfectly secure, but we work to reduce risk through standard security practices.

6. Cookies and Analytics

cognilumos stores a small amount of data in your browser (an authentication session token in localStorage and basic UI preferences) so we can keep you signed in and remember your settings. We do not use third-party advertising cookies and we do not sell your data.

We use PostHog for product analytics — anonymous page views, feature usage, and performance metrics — to understand how creators move through the app and where we can improve. Session replay is not enabled by default. We use Sentry for error monitoring to detect crashes and bugs; Sentry is configured to filter authentication headers and not capture personally identifying information by default. You can opt out of analytics at any time by enabling Do Not Track in your browser or by emailing us at the address in the footer.

7. Sub-processors

To operate the service we share the minimum necessary data with the following vendors, each bound by their own privacy and security commitments:

  • Supabase — primary database (account, research, billing state).
  • Google Cloud — OAuth sign-in and YouTube Data API access.
  • Google AI (Gemini) — language-model analysis of public YouTube content you research.
  • Deepgram — speech-to-text fallback when YouTube transcripts are unavailable.
  • Paddle — merchant-of-record payment processing for paid plans.
  • Resend — transactional email (welcome, billing alerts).
  • PostHog — product analytics.
  • Sentry — error and performance monitoring.
  • Render — application hosting.

8. Your Rights

Depending on where you live, you may have rights under privacy laws such as the EU General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), including the right to access the personal data we hold about you, correct it, request deletion, request a portable copy, or object to certain processing. To exercise any of these rights, email us at the address in the footer with the subject line "Privacy Request" and we will respond within 30 days. Account-deletion requests result in removal of your account and associated research artifacts within 30 days, except where retention is required by law or for fraud prevention.