Legal

Privacy Policy

How Deep Cognition Labs collects, uses, and protects your personal information when you use our Services.

Effective Date: April 5, 2026 Version: 1.0 Entity: Deep Cognition Labs (DeepCog.ai)
Table of Contents
  1. 1. Information We Collect
  2. 2. How We Use Your Information
  3. 3. Data Sharing and Disclosure
  4. 4. Data Retention
  5. 5. Security
  6. 6. Health Data and HIPAA
  7. 7. International Transfers
  8. 8. Your Rights
  9. 9. Cookies and Tracking
  10. 10. Children's Privacy
  11. 11. Contact and Updates

1 Information We Collect

1.1 Information You Provide

  • Account registration data (name, email, organization, role)
  • API usage credentials and configuration settings
  • Communications you send us (support requests, research inquiries)
  • Payment and billing information (processed by our payment providers)

1.2 Information Collected Automatically

  • API request logs (timestamps, endpoints called, response latency)
  • Usage metrics (token counts, model versions, feature usage)
  • Device and browser information, IP addresses, and referral URLs
  • Error logs and diagnostic data to improve service reliability

1.3 Information from Third Parties

  • Information from identity verification services where applicable
  • Institutional affiliation data from partner organizations

2 How We Use Your Information

  • Providing, operating, and improving our Services
  • Processing API requests and delivering model outputs
  • Detecting and preventing misuse, fraud, and security incidents
  • Communicating about Service updates, policy changes, and support
  • Conducting aggregate, anonymized analysis to improve model performance
  • Complying with legal obligations and regulatory requirements
Important

We do not use the content of your API queries to train our models without your explicit consent. Aggregate usage statistics (not query content) may be used to improve service reliability and model behavior.

3 Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

  • Service providers — cloud infrastructure, analytics, payment processors, and security vendors acting on our behalf under data processing agreements
  • Research partners — only aggregate, de-identified data as part of published research, never individual user data
  • Legal authorities — when required by law, court order, or to protect the rights and safety of users or the public
  • Business transfers — in connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations

4 Data Retention

We retain account information for the duration of your account plus 3 years after closure. API request logs are retained for 12 months for security and compliance purposes. Anonymized usage metrics may be retained indefinitely. You may request deletion of your personal data at any time, subject to legal retention obligations.

5 Security

We implement industry-standard security controls including encryption in transit (TLS 1.3) and at rest (AES-256), access controls, regular penetration testing, and security monitoring. However, no system is completely secure. Please report any suspected security vulnerability to [email protected].

6 Health Data and HIPAA

If you are a Covered Entity or Business Associate under HIPAA and wish to process Protected Health Information (PHI) through our Services, you must execute a Business Associate Agreement (BAA) with DeepCog.ai before doing so. Our standard API services are not HIPAA-ready without a BAA in place.

Contact [email protected] to initiate the BAA process for enterprise healthcare deployments.

7 International Data Transfers

Our Services are operated from the United States. If you access our Services from outside the US, your information may be transferred to and processed in the US. For users in the European Economic Area, we rely on Standard Contractual Clauses as our legal transfer mechanism. For inquiries about international data transfers, contact [email protected].

8 Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete personal information
  • Request deletion of your personal information
  • Object to or restrict certain processing activities
  • Data portability — receive your data in a machine-readable format
  • Withdraw consent where processing is based on consent

To exercise these rights, contact [email protected]. We will respond within 30 days.

9 Cookies and Tracking

Our website uses essential cookies necessary for platform operation (session management, security tokens). We use analytics cookies to understand aggregate usage patterns. You may disable non-essential cookies through your browser settings. We do not use third-party advertising cookies.

10 Children's Privacy

Our Services are not directed to individuals under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact [email protected] and we will delete it promptly.

11 Contact and Updates

For privacy questions, contact our Privacy Team at [email protected] or write to us at 15017 Conference Centre Drive, Chantilly, Virginia 20151. We will notify you of material changes to this policy at least 30 days in advance via email and at deepcog.ai/privacy.

This Privacy Policy is provided for informational purposes. For specific regulatory compliance questions under GDPR, CCPA, or HIPAA, please consult qualified legal counsel.