Privacy Policy

1. Introduction

EnterBridge LLC ("EnterBridge," "we," "us," or "our") operates the Cogniform application and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Service, including our mobile application and web platform available at cogniform.app.

Cogniform is a business-to-business ("B2B") platform that enables organizations ("Client Organizations") to create, distribute, and manage digital forms for data collection from their employees, contractors, and other authorized users ("End Users").

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this privacy notice, please do not use the Service.

2. Our Role as a Data Processor

Cogniform operates as a data processor under applicable data protection laws. This means:

• Client Organizations (our business customers) determine what data is collected through forms they create and how that data is used. They are the data controllers.
• EnterBridge processes data on behalf of Client Organizations according to their instructions and our service agreements.
• End Users who submit form data should refer to their organization's privacy policy for details on how their submitted data is ultimately used.

If you are an End User submitting data through a Cogniform form, your employer or the organization that deployed the form is the data controller. Questions about how your submitted data is used should be directed to that organization.

3. What Information Do We Collect?

Information Collected from Client Organizations

When a Client Organization registers for and uses Cogniform, we collect:

• Account Information: Organization name, administrator contact details (name, email, phone number), billing information
• User Credentials: Email addresses and encrypted passwords for authorized users within the organization
• Form Configurations: Form templates, field definitions, validation rules, and conditional logic created by the organization

Information Collected from End Users

When End Users submit forms through Cogniform, we collect on behalf of Client Organizations:

• Form Submission Data: Any information entered into form fields, which may include personal information such as names, contact details, identification numbers, or other data as defined by the Client Organization's form design
• File Uploads: Documents, images, or other files attached to form submissions
• Submission Metadata: Timestamps, submission status, and device information associated with form submissions

Information Collected Automatically

When you access the Service, we may automatically collect:

• Device Information: Device type, operating system, unique device identifiers, and mobile network information
• Log Data: IP addresses, browser type, pages viewed, access times, and referring URLs
• Usage Data: Features used, actions taken within the application, and performance metrics
• Location Data: General location information derived from IP address

Sensitive Information

We do not process sensitive information such as racial or ethnic origin, religious beliefs, health data, or biometric data through the Cogniform platform itself. However, Client Organizations may configure forms that collect such information. In those cases, the Client Organization as data controller is responsible for ensuring appropriate legal bases and safeguards for processing sensitive data.

4. How Do We Process Your Information?

We process your information to:

• Provide the Service: Process form submissions, store data securely, and deliver functionality to Client Organizations and their authorized users
• Maintain and Improve: Monitor performance, diagnose technical issues, and enhance the Service
• Communicate: Send service-related notifications, respond to inquiries, and provide customer support
• Ensure Security: Detect, prevent, and respond to fraud, unauthorized access, and other security incidents
• Comply with Legal Obligations: Meet applicable legal requirements and respond to lawful requests from authorities
• Protect Vital Interests: In rare circumstances, where necessary to protect someone's vital interests

5. What Legal Bases Do We Rely On?

We only process your personal information when we have a valid legal reason to do so:

• Contract Performance: Processing necessary to provide the Service to Client Organizations under our agreements
• Legitimate Interests: Processing for security, fraud prevention, service improvement, and business operations, where those interests are not overridden by your rights
• Legal Compliance: Processing required to comply with applicable laws and regulations
• Consent: Where you have given us specific consent for a particular processing activity

For End Users whose data is collected through forms, Client Organizations as data controllers are responsible for establishing appropriate legal bases under applicable law.

6. When and With Whom Do We Share Your Information?

We do not sell personal information. We may share information in the following circumstances:

With Client Organizations

Form submission data is accessible to the Client Organization that created the form and their authorized administrators. This is the primary purpose of the Service.

With Service Providers

We engage third-party service providers to assist in operating the Service, including:

• Cloud Infrastructure: Third-party cloud service providers for data hosting and storage (United States)
• Analytics: Application performance monitoring and error tracking services
• Authentication: Identity verification and access management services

These providers are contractually obligated to protect data and use it only for the purposes we specify.

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, information may be transferred to the acquiring entity. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

For Legal Purposes

We may disclose information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to:

• Comply with applicable law or respond to valid legal process
• Protect the rights, property, or safety of EnterBridge, our users, or others
• Enforce our terms of service or other agreements
• Detect, prevent, or address fraud, security, or technical issues

Disclosure Statement: EnterBridge LLC has not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months.

7. Do We Use Cookies and Other Tracking Technologies?

The Cogniform web application may use cookies and similar tracking technologies to:

• Maintain user sessions and authentication state
• Remember user preferences
• Analyze usage patterns and improve the Service
• Ensure security and detect anomalies

You can configure your browser to refuse cookies or alert you when cookies are being sent. However, some features of the Service may not function properly without cookies.

The Cogniform mobile application does not use cookies but may collect device identifiers for similar purposes.

8. How Long Do We Keep Your Information?

We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.

When there is no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your information has been stored in backup archives), we will securely store your information and isolate it from further processing until deletion is possible.

9. How Do We Keep Your Information Safe?

We implement appropriate and reasonable technical and organizational security measures designed to protect the security of personal information we process, including:

• Encryption: Data encrypted in transit (TLS/HTTPS) and at rest
• Access Controls: Role-based access controls and multi-factor authentication
• Infrastructure Security: Hosted on enterprise-grade cloud infrastructure
• Monitoring: Continuous security monitoring and audit logging
• Regular Assessments: Periodic security reviews and vulnerability assessments

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. We cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security measures. You should only access the Service within a secure environment.

10. Do We Collect Information from Minors?

Cogniform is a business application intended for professional use. The Service is not directed at children under the age of 18, and we do not knowingly collect personal information from minors. By using the Service, you represent that you are at least 18 years old or that you are the parent or guardian of a minor and consent to the minor's use of the Service.

If we learn that we have collected personal information from a child under age 18 without verification of parental consent, we will delete that information as quickly as possible. If you believe we might have any information from or about a child under 18, please contact us at dev@enterbridge.com.

11. What Are Your Privacy Rights?

Depending on your location and applicable law, you may have rights regarding your personal information:

For End Users (Form Submitters)

If you are an End User who has submitted data through a Cogniform form, please contact your employer or the organization that deployed the form to exercise your data protection rights. As a data processor, we will assist Client Organizations in responding to such requests in accordance with applicable law.

For Client Organization Administrators

Client Organization administrators may:

• Access: View and export user accounts and form submission data
• Correct: Update user information and submission data
• Delete: Remove user accounts and submission data
• Restrict: Configure data retention and access settings
• Portability: Export data in standard formats

Withdrawing Consent

If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing conducted prior to withdrawal.

Account Deletion

If you wish to delete your account, please visit our Account Deletion page for instructions on the account removal process.

12. Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

13. Do United States Residents Have Specific Privacy Rights?

California Residents (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: Request information about what personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of the sale or sharing of personal information (we do not sell personal information)
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

As a B2B service provider acting as a data processor, much of the personal information we handle may be exempt from CCPA's consumer rights provisions. However, we are committed to transparency and will work with Client Organizations to honor valid consumer requests.

Virginia Residents (VCDPA)

If you are a Virginia resident, you may have rights under the Virginia Consumer Data Protection Act:

• Right to access your personal data
• Right to correct inaccuracies
• Right to request deletion
• Right to obtain a copy of your data
• Right to opt out of targeted advertising, sale of personal data, and profiling

Other State Privacy Laws

Residents of Colorado, Connecticut, Utah, and other states with comprehensive privacy laws may have similar rights. Please contact us to exercise your rights under applicable state law.

14. Do Other Regions Have Specific Privacy Rights?

European Economic Area (EEA) and United Kingdom Residents

If you are located in the EEA or UK, you have rights under the General Data Protection Regulation (GDPR) or UK GDPR, including:

• Access: Right to request access to your personal data
• Rectification: Right to request correction of inaccurate data
• Erasure: Right to request deletion ("right to be forgotten")
• Restriction: Right to request restriction of processing
• Portability: Right to receive your data in a portable format
• Objection: Right to object to certain processing activities
• Automated Decision-Making: Right not to be subject to solely automated decisions

You also have the right to lodge a complaint with your local data protection authority.

International Transfers: Your information may be transferred to and processed in the United States, where our servers are located. We rely on appropriate safeguards for such transfers, including standard contractual clauses where applicable.

Canadian Residents

If you are a Canadian resident, you may have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws, including the right to access, correct, and withdraw consent regarding your personal information.

15. Do We Make Updates to This Notice?

We may update this privacy notice from time to time to reflect changes in our practices or applicable laws. The "Last Updated" date at the top of this notice indicates when it was last revised.

We will notify Client Organizations of material changes by email or through the Service prior to the changes becoming effective. We encourage you to review this privacy notice periodically to stay informed about how we are protecting your information.

Your continued use of the Service after any changes constitutes acceptance of the updated privacy notice.

16. How Can You Contact Us About This Notice?

If you have questions or comments about this notice, or wish to exercise your privacy rights, you may contact us:

For data protection inquiries specific to form submissions, End Users should contact the Client Organization that deployed the form.

17. How Can You Review, Update, or Delete the Data We Collect From You?

Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information.

For End Users: Contact your employer or the Client Organization that deployed the form you submitted.

For Client Organization Administrators: You may access, update, and manage data directly through the Cogniform administrative interface, or contact us at dev@enterbridge.com for assistance.

To Delete Your Account: If you wish to delete your Cogniform account, you may submit a deletion request through our Account Deletion page.

To request to review, update, or delete your personal information, please visit: https://www.enterbridge.com/contact

We will consider and act upon any request in accordance with applicable data protection laws.