Skip to main content

Privacy Policy

Last updated: February 2026

1. Introduction

This Privacy Policy explains how Cognitiv Pty Ltd (ACN 688 133 977, ABN 51 688 133 977) ("Cognitiv", "we", "us", "our") collects, uses, stores, and protects personal information through the Scorafy platform ("Platform").

We are committed to complying with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By using the Platform, you acknowledge that you have read and understood this Privacy Policy.

2. What Data We Collect

We collect the following categories of personal information:

2.1 Account Information

  • Name, email address, and password (hashed).
  • Organisation name and business details (if provided).
  • Billing information (processed securely via Stripe - we do not store full card details).

2.2 Respondent Data

  • Name and email address (as collected by the Assessment creator).
  • Assessment answers and responses.
  • AI-generated Report content based on those answers.

2.3 Assessment Content

  • Questions, scoring configurations, and methodology provided by Account holders.
  • Branding assets (logos, colours) uploaded for Assessment customisation.

2.4 Usage Data

  • Browser type, device information, and IP address.
  • Pages visited, features used, and time spent on the Platform.
  • Error logs and performance data.

3. How We Use Your Data

We use the information we collect to:

  • Provide the Service: Operate the Platform, process Assessments, and generate AI-powered Reports.
  • AI Report generation: Respondent answers (and any methodology provided by the Assessment creator) are sent to our AI provider to generate personalised Reports. This data is processed in real time and is not used to train AI models.
  • Billing and account management: Process payments, manage subscriptions, and communicate about your Account.
  • Platform improvement: Analyse usage patterns to improve features, fix bugs, and optimise performance.
  • Communication: Send transactional emails (account verification, password resets, Report delivery) and, if you opt in, product updates.
  • Legal compliance: Comply with applicable laws, regulations, and legal processes.

4. Third-Party Services

We use the following third-party services to operate the Platform. Each provider has its own privacy policy governing the data they process:

  • Supabase - Database and authentication infrastructure. Your account data and Assessment data are stored in Supabase-hosted databases.
  • Stripe - Payment processing. Stripe handles all payment card data directly. We do not store full credit card numbers on our servers.
  • Anthropic (Claude AI) - AI Report generation. Respondent answers are sent to Anthropic's API to generate personalised coaching Reports. Anthropic does not use this data to train their models under our usage agreement.
  • Vercel - Platform hosting and deployment. Vercel processes requests and may collect server logs including IP addresses.

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

5. Data Security

We take reasonable steps to protect your personal information, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest.
  • Secure password hashing - we never store passwords in plain text.
  • Row-level security on our database to ensure each organisation's data is isolated.
  • Regular security reviews of our infrastructure and dependencies.
  • Access to production systems restricted to authorised personnel only.

No method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention and Deletion

  • Account data: Retained while your Account is active. If you close your Account, we will delete your personal information within 90 days, unless retention is required by law.
  • Assessment and Respondent data: Retained while your Account is active. You may delete individual Assessments and their associated Respondent data at any time through the Platform.
  • AI-generated Reports: Stored for as long as the associated Assessment exists. Deleting an Assessment removes its Reports.
  • Usage data: Retained in aggregated, anonymised form for analytics purposes. Individual usage logs are deleted after 12 months.
  • Billing records: Retained as required by Australian tax law (generally 5 years).

7. Respondent Rights and Responsibilities

When a Respondent completes an Assessment on the Platform, their data is collected on behalf of the Assessment creator (the Account holder), who acts as the data controller.

For Respondents: If you have completed an Assessment and wish to access, correct, or delete your personal information, please contact the person or organisation that sent you the Assessment in the first instance. They can manage your data through their Account.

For Account holders: As the data controller for your Respondents' information, you are responsible for:

  • Informing Respondents about how their data will be collected, used, and shared.
  • Responding to Respondent requests to access, correct, or delete their data.
  • Complying with applicable privacy legislation in your jurisdiction.

8. Cookies and Tracking

The Platform uses cookies and similar technologies for the following purposes:

  • Essential cookies: Required for authentication, security, and core Platform functionality. These cannot be disabled.
  • Analytics cookies: Used to understand how the Platform is used so we can improve it. These may be disabled in your browser settings.

We do not use advertising or retargeting cookies. We do not share cookie data with third parties for advertising purposes.

9. International Data Transfers

Our third-party service providers may process data in locations outside Australia, including the United States. Where data is transferred overseas, we take reasonable steps to ensure it is protected in accordance with the Australian Privacy Principles, including selecting providers with robust privacy and security practices.

10. Australian Privacy Principles Compliance

We are committed to handling personal information in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth). This includes:

  • Collecting only the personal information reasonably necessary for our functions.
  • Being transparent about how we collect, use, and disclose personal information.
  • Taking reasonable steps to ensure personal information is accurate, up to date, and complete.
  • Providing individuals with access to their personal information upon request.

11. Your Rights

Under the Privacy Act 1988 and the APPs, you have the right to:

  • Access the personal information we hold about you.
  • Correct any inaccurate or out-of-date information.
  • Request deletion of your personal information, subject to any legal retention requirements.
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs.

To exercise any of these rights, contact us using the details below.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or through a notice on the Platform. The "Last updated" date at the top of this page indicates when the Policy was last revised.

13. Contact

If you have any questions about this Privacy Policy, wish to make a complaint, or want to exercise your rights, please contact us:

You may also contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au if you are not satisfied with our response.