CogniBios Privacy Policy

Last Updated: March 4, 2026

CogniBios (“CogniBios,” “we,” “us,” or “our”) provides digital tools to help midlife adults track and improve metabolic and lifestyle health. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our mobile application, web application, and website (collectively, the “Services”).

By accessing or using the Services, you agree to this Privacy Policy. If you do not agree, do not use the Services.

1. Scope and Status

  • CogniBios is a wellness and educational service, not a medical records system.

  • CogniBios is not a “covered entity” under the Health Insurance Portability and Accountability Act (HIPAA) and does not act as a “business associate” under a Business Associate Agreement (BAA).

  • Information you provide may be considered “consumer health data” or a similar category under certain state or national privacy laws, and we handle it with care. However, we do not treat it as HIPAA‑protected health information (PHI).

  • You should not use CogniBios to upload or store medical records, insurance details, Social Security numbers, or any identifiers that you intend to be part of a formal medical chart.

2. Information Collected

We collect the following categories of information when you use the Services.

2.1 Account Information

  • Name.

  • Email address.

  • Password or authentication credentials.

  • Basic profile details and preferences, such as general health goals that you choose to share.

2.2 Health and Wellness Information

  • Meal and nutrition logs.

  • Exercise and physical activity information.

  • Sleep patterns and stress levels.

  • Lifestyle habits and related notes that you enter.

2.3 Assessment Information

  • Responses to assessments based on the six pillars of lifestyle medicine (nutrition, physical activity, sleep, stress, avoidance of risky substances, and social connection).

2.4 Usage and Device Information

  • Features used within the app and website, and time and date of access.

  • Device type, operating system, browser type, and similar technical details.

  • Approximate location based on Internet Protocol (IP) address.

  • Technical logs such as crash reports and performance metrics.

2.5 AI Coach Conversation Information

  • Content of your conversations with the AI coach and similar in‑app tools.

  • Ratings and feedback on AI responses.

2.6 Payment and Transaction Information

  • Subscription plan details and transaction history.

  • Limited billing information, such as transaction identifiers and billing status.

  • Full payment card details are handled by third‑party payment processors and are not stored in CogniBios systems.

2.7 Information from Connected Services

If you choose to connect third‑party services (for example, fitness or sleep trackers), we may receive:

  • Activity metrics.

  • Sleep metrics.

  • Similar data that you authorize the third‑party service to share with CogniBios.

2.8 Cookies and Similar Technologies

Our website and web application may use cookies and similar technologies to maintain your session, remember preferences, and understand how the Services are used.

3. Use of Information

We use the information described above for the following purposes.

3.1 Provision and Operation of the Services

  • Creation and maintenance of user accounts.

  • Display of logs, trends, and progress.

  • Operation of the AI coach and related features.

  • Operation, maintenance, and improvement of the Services.

3.2 Personalization and Analytics

  • Adaptation of content and features to your stated goals and preferences.

  • Analysis of aggregated usage patterns to improve performance, reliability, and user experience.

3.3 Communications

  • Transmission of necessary service-related notices, such as account confirmations, security alerts, and feature updates.

  • Transmission of educational content and product information, where permitted by law. You may opt out of non‑essential marketing communications at any time.

3.4 Safety, Security, and Legal Compliance

  • Protection of the security and integrity of the Services.

  • Detection, investigation, and prevention of fraud, abuse, or security incidents.

  • Compliance with legal and regulatory obligations and response to lawful requests.

4. AI Infrastructure and Third‑Party Service Providers

4.1 AI Infrastructure (Emergent and Model Providers)

To operate the AI coach, CogniBios uses external AI infrastructure. This may include:

  • An orchestration platform such as Emergent, which provides an interface to large language models.

  • Model providers such as OpenAI or comparable vendors that supply ChatGPT‑style models for conversational responses.

In this context:

  • We transmit to these providers only the information necessary for the AI coach to generate responses.

  • When practicable, we avoid including direct identifiers such as full name or email address in AI prompts and instead use de‑identified or minimized health and lifestyle context.

  • These providers act as service providers that process information on our behalf, bound by contractual limitations. They are not authorized to use this information for their own advertising or unrelated purposes.

Because CogniBios is not HIPAA‑compliant and does not operate under a BAA, information sent to AI infrastructure should not be treated as part of a formal medical record.

4.2 Other Service Providers

We rely on additional service providers in order to:

  • Host and operate servers, databases, and storage.

  • Process payments and manage subscriptions.

  • Provide analytics, error monitoring, customer support, and email delivery.

These service providers receive only the information necessary to perform their functions and are required by contract to handle it securely and to use it only according to our instructions.

5. Disclosure of Information

CogniBios does not sell personal health or wellness information.

We may disclose information in the following situations:

  • At your direction or with your consent
    When you request that we share information with a clinician, coach, or third‑party service, we will do so as directed.

  • To service providers
    With vendors that host our systems, provide AI and infrastructure services, process payments, support customer service, or perform analytics, as described above.

  • In connection with business transactions
    In the event of a merger, acquisition, financing, reorganization, or sale of all or part of CogniBios, information may be transferred as part of that transaction, subject to continued protections consistent with this Privacy Policy.

  • For legal and safety reasons
    When we believe disclosure is necessary to comply with law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of CogniBios, our users, or others.

We do not share health and wellness information with third‑party advertising networks for the purpose of delivering targeted advertisements based on that data.

6. Your Rights and Choices

The rights available to you may vary depending on your jurisdiction. At a minimum, CogniBios provides the following:

6.1 Access and Correction

  • You may review and edit much of your information directly within the Services.

  • You may request correction of information that you believe is inaccurate by contacting us.

6.2 Data Portability

  • You may request a copy of your information in a reasonably portable format by contacting us.

6.3 Deletion

  • You may request deletion of your account and associated data through account settings (where available) or by contacting us.

  • After a verified request, we will delete or de‑identify personal information from active systems within a reasonable period, subject to technical and legal limitations.

  • Certain logs and backups may be retained for a defined period for security, compliance, or operational purposes, after which they will be deleted or de‑identified.

6.4 Communication Preferences

  • You may opt out of non‑essential marketing emails by following the instructions in those messages or by contacting us.

  • You will continue to receive essential service-related communications.

7. Data Security

CogniBios implements technical and organizational measures designed to protect information against unauthorized access, loss, misuse, alteration, or destruction. These measures include:

  • Encryption of data transmitted between your device and our servers using Transport Layer Security (TLS/HTTPS).

  • Encryption at rest for primary databases where supported.

  • Access controls and authentication requirements for internal personnel who require access to production systems.

  • Contractual security obligations for service providers that handle user data.

No system can be guaranteed to be completely secure. You are responsible for maintaining the confidentiality of your login credentials and for notifying us promptly of any actual or suspected unauthorized access to your account.

8. Data Retention

We retain information for as long as reasonably necessary to:

  • Provide the Services.

  • Comply with legal, regulatory, or tax obligations.

  • Resolve disputes and enforce our agreements.

When information is no longer required for these purposes, it is deleted or de‑identified in accordance with our retention policies.

9. Children’s Privacy

The Services are intended for adults and are not directed to persons under 18 years of age.

We do not knowingly collect personal information from individuals under 18. If we become aware that information has been provided by an individual under 18, we will take appropriate steps to delete that information. If you believe a child has provided us with information, please contact us.

10. Wellness and Medical Disclaimer

CogniBios is intended solely for educational and wellness support.

  • CogniBios does not provide medical care and does not establish a physician‑patient relationship through use of the app alone.

  • Information or suggestions provided by the AI coach or other features of the Services do not constitute medical advice, diagnosis, or treatment.

  • You should always seek the advice of a physician or other qualified health professional with any questions regarding a medical condition. You should not disregard professional medical advice or delay seeking it because of information obtained through CogniBios.

  • In the event of an emergency, contact emergency services immediately.

11. International Use

The Services are primarily intended for users located in the United States.

If you access the Services from outside the United States, you acknowledge that your information may be transferred to, stored in, and processed in the United States or other jurisdictions where data protection laws may differ from those in your location.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

  • When we make material changes, we will revise the “Last Updated” date above and may provide additional notice, such as through the Services or by email.

  • Your continued use of the Services after any changes become effective indicates your acceptance of the revised Privacy Policy.

13. Contact

If you have questions about this Privacy Policy or our privacy practices, or if you wish to exercise any rights described above, you may contact us at:

CogniBios Privacy Team
Email: support@cognibios.ai