Sovereign Data Guarantee
Your child's data is never sold, never shared, never monetized.
Never Sold
Your child's data is never sold to third parties under any circumstance.
We do not monetize student data in any form.
Never Shared
Student data is shared only with your explicit consent and only with entities bound by strict Data Processing Agreements.
Even service providers cannot use data beyond instruction.
Never Monetized
We do not use your child's cognitive profile for behavioral profiling, targeted advertising, or algorithmic manipulation.
Your child's mind is not a product.
Fully Encrypted
All data is encrypted at rest (AES-256) and in transit (TLS 1.3+). Even CogniGrit staff cannot access unencrypted data.
Strong encryption for stored and transmitted data.
What This Guarantee Means
Never Sold
We do NOT sell your child's data to marketers, advertisers, or data brokers.
Never Shared
We do NOT share data without explicit parental consent. Even our service providers (email, hosting, payments) operate under Data Processing Agreements that restrict their use. They can't repurpose, analyze, or retain your data.
Never Monetized
We do NOT use your child's data for behavioral profiling, targeted advertising, or algorithmic recommendation. Your child's thinking style, learning patterns, and cognitive profile are NOT commodified.
Fully Encrypted
All data is encrypted using AES-256 at rest and TLS 1.3+ in transit. Encryption keys are managed securely. Even an internal CogniGrit employee with database access cannot decrypt student data without the encryption keys. This is a hard technical protection, not just a policy.
Data You Control
You own your child's data. We act as stewards, not owners.
Right to Access
You can access all of your child's data anytime through the parent dashboard. Download your child's assessments, progress records, and communications in standard formats (CSV, PDF). No waiting, no gating.
Right to Correct
If any data is inaccurate, you can correct it immediately. Contact our team and we'll update records within 24 hours.
Right to Delete
You can request deletion of your child's data anytime. We delete personal information within 30 days (backups purged within 90 days). The only exceptions are records required by law or tax obligations (kept for 7 years, then deleted).
Right to Portability
Your child's data is yours. You can request a portable copy and move it to another provider. We provide data in standard, machine-readable formats (JSON, CSV).
What We Collect (& Why)
We collect only what's necessary for instruction:
We Collect
- Name, email, phone
- Age/date of birth (age verification)
- Assessment results (cognitive evaluations)
- Session attendance & progress
- Work samples & feedback
- Communication logs
- Payment info (via Stripe, encrypted)
We Don't Collect
- Browsing history
- Device fingerprints / IP logs for tracking
- Location data (GPS)
- Biometric data
- Marketing tracking pixels
- Demographic profiling data
- Behavioral profile for targeting
Security Architecture
Our security approach is defense-in-depth:
Encryption
AES-256 encryption at rest; TLS 1.3+ in transit. Encryption keys are managed separately from data.
Authentication
Secure password hashing (bcrypt). Optional two-factor authentication for sensitive accounts.
Access Control
Role-based access control. Staff access is logged. Sensitive data access requires multi-step verification.
Infrastructure
Data hosted on Google Cloud Platform (SOC 2 Type II certified, compliant with HIPAA standards).
Audits & Monitoring
Annual third-party security assessments. Continuous monitoring for suspicious activity. Intrusion detection systems active 24/7.
Breach Notification
If we discover a data breach affecting your child's information, we will:
- Notify you within 24-72 hours
- Explain what data was accessed and potential impact
- Provide steps to protect your child
- Notify authorities if legally required
- Maintain detailed breach logs available upon request
Our Business Model (Why We Can Keep This Promise)
CogniGrit's revenue comes exclusively from tuition, which is what families pay for programs. We are not:
- Ad-supported (no ads, no ad networks)
- Using student data as a revenue source
- Using behavioral ad models
- Selling data access to third parties
We are a small, mission-driven organization focused on cognitive growth and family trust. Data monetization would be antithetical to our values.
Change of Control Protection
If CogniGrit is acquired, merged, or restructured, this Data Guarantee remains in force and is binding on any successor organization.
A successor may not weaken these commitments for already-collected student data without fresh, explicit parental consent where required by law.
COPPA & GDPR Compliance
This Guarantee exceeds legal requirements:
COPPA (U.S. Children)
We exceed COPPA standards. We require verifiable parental consent for all children under 13. We collect minimal data. We allow parental deletion and correction anytime.
GDPR (EU/EU Citizens)
EU data subjects have full GDPR rights: access, rectification, erasure, portability, objection. We have a Data Protection Officer and maintain Data Processing Agreements.
How to Exercise Your Rights
Data Access / Download
Use your parent dashboard anytime, or email privacy@cognigrit.com (10-day response).
Correct Data
Update through dashboard or email privacy@cognigrit.com with details (24-hour response).
Delete Data
Email privacy@cognigrit.com with subject "Data Deletion Request" (30-day deletion, 90-day backups).
Export Data
Request portable copy in standard format (JSON, CSV) via privacy@cognigrit.com (10-day response).
Our Commitment to Transparency
We aim to explain our data practices in clear language. You should understand what we collect, why we collect it, and how we protect it. If anything is unclear, contact us and we will clarify.
Questions About Data?
Our Data Protection Officer is here to answer questions or address concerns.
Related documents:Privacy Policy Terms of Service FAQs