Privacy Policy

Introduction

Cogniphant (referred to as “we” or “us”) is committed to protecting the privacy and security of personal data in all our services. This Privacy Policy explains how we collect, use, store, protect, and share personal information of students, parents or guardians, and teachers in connection with our platform and studies in educational settings. We comply with UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, as well as relevant UK education-sector regulations, and we align with international best practices for data protection.

Who We Are: For UK users, the primary data controller of your personal data is COGNIPHANT LTD (Company No. 16576336), a company registered in England and Wales with its registered office at 47a Forthbridge Road, London SW11 5NX, United Kingdom. COGNIPHANT LTD is part of the Cogniphant group of companies, which includes Cogniphant OÜ in Estonia. In this Policy, “Cogniphant Group” refers to COGNIPHANT LTD and its wholly owned or controlled affiliates (such as Cogniphant OÜ). COGNIPHANT LTD is responsible for ensuring UK data protection compliance, while Cogniphant OÜ may assist in providing the platform and services under COGNIPHANT LTD’s direction.

Data Protection Officer
 We have appointed a Designated Data Protection Officer (DPO) to oversee our compliance with UK data protection laws and this Privacy Policy. Our DPO is:

Name: Andrii Kolesnyk
 Email: andrii@cogniphant.org or kolesnyk.andrii@outlook.com
 Postal Address: Cogniphant Ltd, 47a Forthbridge Road, London SW11 5NX, United Kingdom

The DPO is responsible for monitoring our data protection practices, answering questions about how we handle personal data, and responding to requests to exercise your rights under UK GDPR. You may contact the DPO at any time using the details above.

Scope: This Policy covers personal data collected through our pilot programs, ongoing educational services, training programs, and research collaborations in the UK. Our services are focused on school-age children (approximately 6 years and older, up to around 19–20 years old) for the purpose of cognitive and behavioral assessment (e.g. attention and executive function screening), as well as the parents/guardians and teachers who participate in these activities. We use plain language to ensure understanding, and we encourage parents and schools to discuss this Policy with the children involved in a way that they can understand.

Legal Basis for Data Processing

We process personal data only when we have a lawful basis under UK GDPR. The legal bases we rely on include:

  • Consent: Our primary legal basis is your consent. We obtain informed, explicit consent from the appropriate person before collecting or using personal data. In the case of children, we require explicit parental or guardian consent for any participant under 18. All consents are obtained in writing (including digital forms) and can be withdrawn at any time (see Your Rights below). For special category data (such as health-related information), we obtain explicit consent from the data subject or their parent/guardian.

  • Legitimate Interests (for Anonymised Data and Improvements): We may process data based on our legitimate interests when we use anonymised or aggregated information to improve our platform, develop new assessment tools, or conduct educational research. Once personal identifiers are removed and data is anonymised (so individuals are not identifiable), it is no longer considered personal data under data protection law. Any use of pseudonymised data (data that could indirectly identify an individual) for internal research or development will be done only with strong safeguards and, where required, an appropriate legal basis (such as explicit consent or research in the public interest under the Data Protection Act 2018).

  • Legal Obligations: In certain cases we may need to process or disclose personal data to comply with a legal obligation. For example, we will process data as necessary to fulfill our duties under child safeguarding laws or to comply with court orders or regulatory requirements. We will also retain records of consents and data processing as required by law.

We will always ensure we have a valid legal basis to process your data and will clearly communicate the basis to you. If we need to process your personal data for a new purpose that is not covered by this Policy, we will inform you and, if necessary, seek additional consent.

Data We Collect

We only collect data that is necessary for the purposes explained in this Policy. The types of personal data we may collect include:

  • Personal Identifying Information: For example, the student’s name, school or class, and the contact details of parents or legal guardians (such as name, email address, and phone number). We may also record the name and role of teachers or school staff participating in the project.

  • Demographic Information: The student’s age (or date of birth) and gender, and potentially year group or key stage. This helps provide context for their results and allows for age-appropriate analysis.

  • Behavioral and Observational Data: Evaluations and observations of the student’s behavior, attention, and emotional regulation in different settings. For instance, parents or guardians might answer questionnaires about the child’s behavior at home, and teachers might provide ratings or notes about classroom conduct and attention. This can include qualitative descriptions and standardized behavioral scores.

  • Cognitive and Health-Related Data: Results from cognitive games and activities that the student engages in on our platform, which are designed to assess functions like planning ability, inhibitory control, memory, and sustained attention. We also collect data that may indicate attention difficulties or other potential learning/attention challenges (for example, patterns that could be associated with ADHD indicators). These results might include scores, completion times, error rates, or other performance metrics from the activities, as well as any relevant observations during the activity.

Special Category Data: Some of the information we collect (for example, data suggestive of a child’s mental or behavioral health status or developmental information) can be considered “special category data” under UK law, as it relates to health. We recognize that this data is highly sensitive. Such data will only be collected with explicit consent from the individual (or their parent/guardian, as appropriate) and will be handled with extra care and security. We do not collect other special category data such as racial or ethnic origin, political opinions, religious beliefs, or biometric data, as these are not relevant to our services.

We do not collect more data than we need. We do not require or collect any financial information, national identity numbers, or unrelated personal details for the purposes of our assessments. We also do not knowingly collect information directly from children without the involvement of their parent or school – all data from children is gathered through structured activities with proper supervision and consent.

How We Collect Data

We collect personal data in the following ways:

  • Directly from Parents/Guardians: Parents or legal guardians provide information by filling out secure digital questionnaires or forms. These questionnaires may ask about the child’s behavior at home, any concerns about attention or learning, and other relevant background information. Parental input is only collected after we have obtained the parent’s informed consent to participate in the program.

  • Directly from Teachers/Schools: Teachers or other authorized school staff provide information via questionnaires or observation forms about the child’s behavior and performance at school. This occurs only with the explicit authorization of the child’s parent or guardian. In practice, the parent/guardian will consent to the school’s participation and the sharing of the child’s school-based information. Teachers are instructed to share only relevant information about the student’s behavior or learning in the school environment. We ensure that teachers have the necessary permission before collecting any data from them.

  • Through Student Activities: Students participate in fun, game-like activities and tasks on our digital platform (such as a mobile app or website). During these activities, the platform will automatically collect performance data (for example, how the child performs on a memory game or attention task). These activities are designed to be engaging and are administered in an age-appropriate manner, often in the presence of a teacher or parent (especially for younger children).

  • Consent and Authorization Process: Before obtaining your consent, schools may share limited roster data with us (pupil name, class/year, and parent/guardian email addresses) under a Data Sharing Agreement (DSA). This data is used only to invite you to participate in the ADHD screening pilot.
  • If you do not provide consent after receiving our invitation, your data will be deleted or irreversibly pseudonymized within 90 days.
  • Your participation is voluntary. If you prefer not to be contacted, you can opt out by informing the school before the data is shared or by ignoring the invitation.

 

  • For a child’s participation, we obtain written, explicit consent from a parent or legal guardian for all participants under 18. We document all consents. Parents or guardians may decline or withdraw consent at any point. If consent is withdrawn by the parent/guardian, or if a participant aged 13+ chooses not to continue, the child will not participate further and no new data will be collected.

By using digital means (online forms, apps, etc.), we ensure the data goes directly into our secure systems. If any paper forms or written notes are used (for instance, if a teacher prefers to note observations on paper), those will be securely transferred into our system and then the paper will be securely stored or destroyed. We also minimize intrusion: all questions and activities are designed to collect only the information that is necessary for the assessment.

How We Use the Information

We use the collected personal data for the following purposes, and only for these purposes:

  • Assessment and Screening: We analyze the data (questionnaire responses and activity results) to evaluate each student’s attention, self-regulation, emotional regulation, and executive function skills. The goal is to screen for indicators of potential attention difficulties or other learning support needs. This is not a medical diagnosis. Instead, it is an educational screening to identify who might benefit from further professional evaluation or support. For example, if a child’s data shows patterns associated with attention deficits, we flag that as an indicator for parents and educators to consider a follow-up with a specialist. All results are interpreted in context – we understand that these indicators are preliminary and not definitive.

  • Personalized Feedback and Recommendations: Based on the screening results, we provide guidance and suggestions to parents and, if applicable, to the school. This might include recommendations on strategies that could help the child (for instance, classroom strategies, or activities at home to improve certain skills), or advice on whether to seek a comprehensive evaluation by a psychologist or other specialist. Our aim is to empower parents and teachers with useful insights. Any recommendations are given in a clear, sensitive manner. If a screening suggests that no further action is needed, we will also communicate that reassurance.

  • Providing and Improving Our Services: We use the information to deliver our services effectively and to improve the platform. For example, the data helps us ensure the assessment tools are working properly for different age groups, and it allows us to refine the digital games or questionnaires for clarity and effectiveness. We may analyze aggregated data (combining results from many users) to identify trends or patterns that help us enhance the accuracy of our screenings. For instance, we might learn that a particular game is too easy or too hard for a certain age, and adjust it accordingly. We may also use feedback from parents and teachers to improve the user experience (like making the reports more understandable).

  • Research and Development: A core purpose of collecting this data is to contribute to educational and scientific research on child development, attention, and learning. Before using data for research, we anonymise or pseudonymise it so individual children cannot be readily identified. Anonymised data (data that has all personal identifiers removed) may be used in our own analyses to validate our tools or to gain new insights (for example, to study how common certain attention indicators are in a given age range). We may also collaborate with research partners such as universities (see Sharing with Cogniphant Group Companies and Research Partners below) to advance scientific knowledge. Importantly, any research findings or publications will never identify any child or participant by name; results would only be reported in aggregate or case studies with identities changed. If in any case identifiable data is truly needed for a research project, we will seek specific explicit consent for that project (and if it involves a child, consent from the parent/guardian).

  • Compliance and Protection: We use personal data to ensure we are complying with our legal obligations and to protect everyone involved. This includes using data to fulfill child safeguarding responsibilities. For example, if the data or observations suggest a child may be at risk of harm, we have protocols to act in the child’s best interest, which could involve notifying the appropriate authorities in line with UK safeguarding laws (such cases are rare and handled with extreme care and in consultation with the school/parents as appropriate). We also use data to maintain records required by law (such as proof of consent, or records of any requests made under data protection law). Additionally, we may use data to defend our legal rights or to handle any complaints or disputes (for instance, showing what data was collected and how, if questioned).

We do not use personal data for any kind of marketing or advertising purposes, and we do not profile students for commercial gain. We do not make automated decisions about a child (see Automated Decision-Making below for details on how we use technology). All uses of data are tied to our mission of helping students, families, and schools with attention and learning-related insights.

If we ever need to use your personal data for a purpose that is different from the ones listed above, we will inform you beforehand and, if required, seek your consent or provide an opportunity to opt-out.

Data Storage and Security

We understand the sensitive nature of the data we handle, especially data about children’s behavior and health. We take robust measures to protect personal data from loss, misuse, unauthorized access, or disclosure. Below are key aspects of our data storage and security practices:

  • Secure Hosting: We store personal data on secure servers provided by trusted cloud service providers (for example, Microsoft Azure). These servers apply industry-standard security safeguards, including encryption of data both in transit (when it is sent over the internet) and at rest (when it is stored on the server).
  • All personal data is hosted exclusively within the United Kingdom. This ensures that no personal data leaves UK jurisdiction and that all processing remains subject to UK data protection law.

  • Access Controls: Access to personal data is strictly limited to authorized personnel who need that information to perform their duties. For example, the psychologist or specialist who is interpreting the results will have access to the relevant child’s data, and our technical team may have access to data when maintaining the system. Every staff member or contractor with access to personal data is subject to confidentiality obligations and receives training on data protection. We implement role-based access control, meaning each user of our internal system can only see the information necessary for their role.

  • Organisational Measures: We have internal policies and procedures to ensure data security and privacy are a priority at every step. This includes regular training for our team, background checks where appropriate for staff handling sensitive data, and strict protocols for handling data (for example, not allowing data to be downloaded to insecure devices, and ensuring any printed materials are kept secure).

  • Technical Measures: In addition to encryption, we use firewalls, secure authentication methods, and monitoring systems to guard against unauthorized access. We regularly update our software and infrastructure to protect against vulnerabilities. We also perform periodic security assessments and penetration tests on our platform to identify and fix any weaknesses.

  • Data Breach Preparedness: Although we do our utmost to prevent any data breaches, we have an incident response plan in place. In the unlikely event of a security breach that affects personal data, we will notify the affected individuals and appropriate authorities (such as the Information Commissioner’s Office, ICO) as required by law, and we will take immediate steps to mitigate the breach and prevent future occurrences.

Data Retention and Anonymisation

We keep personal data only for as long as it is necessary to fulfill the purposes described in this Policy or as required by law. Our retention practices are:

  • During the Pilot/Service: Throughout the active phase of a pilot study or service subscription, we retain identifiable personal data so that we can analyze it and provide results and support. For example, during a school pilot, we will keep the data until we have completed the assessments and delivered the results to parents and the school.

  • After Completion of Services: Once the pilot study or specific service is concluded, identifiable personal data (such as names, contact details, and linked screening results) will be retained for up to 10 years after the end of service. This retention period allows us to support long-term research validation, potential re-engagement with schools, and legal defence if needed. At the end of this period, the data will be securely deleted or anonymised so that individuals can no longer be identified.

  • Withdrawal of Consent: If you withdraw consent or request deletion of your data (for example, if a parent decides to pull out of the study or asks us to erase their child’s information), We will promptly stop collecting any new data and will remove the personal data we have, unless we have a compelling legal reason to keep it (for example, safeguarding records). Consent records themselves are retained for up to 10 years to demonstrate lawful processing and compliance.

  • Anonymised Data for Research: As noted, we may convert personal data into an anonymised form for research and development purposes. Once data is anonymised, it is no longer personal data (the individuals are not identifiable). We may retain anonymised data indefinitely since it helps us to improve our services and contribute to scientific knowledge without impacting individual privacy. For example, we might keep aggregated statistics about how all students performed on a certain task, which contains no personal identifiers.
  • Safeguarding and Backups:Safeguarding records are retained until the child reaches the age of 25, or longer if required by law.Backups may retain deleted data for up to 6 months for disaster recovery purposes, after which the data is purged.

  • Backups and Archives: Our systems may create routine backups for reliability and disaster recovery. These backups might briefly retain data that has been deleted from the main system. However, if we delete data as part of our policy or a user request, we will ensure that it is also removed from active databases and we will cease using it. Our backup retention is time-limited, and we will purge old backups containing personal data in accordance with our data retention schedule.

When we delete data, we use secure methods (such as secure erasure or encryption) so that the data cannot be reconstructed or recovered. If physical media are used and need to be disposed of, we ensure they are destroyed securely.

International Data Transfers

All personal data collected through Cogniphant’s UK services is stored on secure Microsoft Azure servers located within the United Kingdom. We do not transfer personal data outside the UK.

Your Rights under UK Data Protection Law

Under the UK GDPR and Data Protection Act 2018, individuals (or their parents/guardians, in the case of young children) have a number of rights regarding their personal data. We are committed to upholding these rights. Note: In the context of our services, often a parent or legal guardian will exercise these rights on behalf of their child, especially if the child is young. For older teenagers who are capable of understanding their rights, they may exercise their rights themselves, but we recommend doing so in coordination with their parent/guardian.

Your key data protection rights are:

  • Right to Access: You have the right to request confirmation of whether we are processing your (or your child’s) personal data, and if so, to receive a copy of that personal data, along with information about how we use it. This is sometimes called a “Subject Access Request.” We will provide this information free of charge, within the legal timeframes (generally within one month of your request).

  • Right to Rectification: If any of the personal data we hold about you or your child is inaccurate or incomplete, you have the right to have it corrected. For example, if you notice we have a misspelled name or an outdated contact detail, please let us know and we will fix it.

  • Right to Erasure: This is also known as the “right to be forgotten.” You can ask us to delete or remove personal data in certain circumstances. For instance, if you withdraw consent or if the data is no longer necessary for the purposes we collected it, you can request erasure. We will securely delete the data unless an exemption applies. (Please note, if the data has already been anonymised, we may not be able to “delete” it in the traditional sense because it is no longer tied to an identity. Also, we might retain minimal information if needed for legal reasons – e.g., to prove that we complied with a deletion request, we might keep a record that data was deleted.)

  • Right to Restrict Processing: You have the right to request that we limit the processing of your or your child’s personal data in certain situations. For example, if you contest the accuracy of the data or have objected to processing (see below), you can ask that we ‘freeze’ the use of the data until the issue is resolved. When processing is restricted, we can still store the data but will not use it otherwise without your consent (except for storage or to handle legal claims, etc.).

  • Right to Object: You have the right to object to certain types of processing. Given that we primarily rely on consent, this right might not need to be exercised often (since you can withdraw consent to stop the processing). However, if we ever process data under a legitimate interest basis, you could object to that. You also have an absolute right to object to any processing for direct marketing – though we do not do any direct marketing with the data, so this is largely not applicable. If you object to processing, we will stop the processing in question unless we have a compelling legitimate ground to continue (or if it’s needed for legal claims).

  • Right to Data Portability: This right allows you to request that we provide you (or a third party you nominate) with the personal data you have provided to us, in a structured, commonly used, machine-readable format (for example, a CSV file). This right applies when the processing is done by automated means and based on your consent. For example, if a parent provided a lot of information via a questionnaire and wanted a copy of those answers to share with a doctor or another service, we can provide that in a usable format upon request.

  • Right to Withdraw Consent: As mentioned, if we are processing personal data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing we did before your withdrawal. Withdrawing consent for a child’s participation would likely mean we stop the child’s involvement in the service going forward, and we would cease collecting new data. You can also request that we delete data already collected (per the right to erasure).

  • Right to Lodge a Complaint: If you have concerns or complaints about how we are handling your or your child’s personal data, you have the right to complain to the Information Commissioner’s Office (ICO), which is the UK’s independent authority setup to uphold information rights. We encourage you to contact us first so we can address your concerns directly (we genuinely want to resolve any issues), but you are entitled to go to the ICO at any time. The ICO’s website is www.ico.org.uk, and they have guidance on how to report a concern. The ICO’s address is Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, and their helpline number is 0303 123 1113.

These rights are subject to certain legal limits and exceptions. For example, in some cases we might not be able to fully comply with a request for erasure if we are required by law to keep certain data, or if the data is necessary to resolve a dispute or exercise a legal defense. However, we will assess each request carefully and inform you of the outcome. Importantly, we will not discriminate against or penalize anyone for exercising their rights.

Exercising Your Rights: To exercise any of these rights, please contact us using the details in the Contact section below. Provide your name and contact information and clearly describe your request (for example, what data you want access to, or what you want corrected). For the protection of all users, we may need to verify your identity (and if you are a parent making a request on behalf of your child, we may need to verify your relationship to the child) before fulfilling the request. We aim to respond to all valid requests as quickly as possible. We will acknowledge your request and communicate the steps we’ll take. We generally will provide a substantive response within one month as required by law, and often much sooner. In fact, we strive to respond within 10 working days whenever feasible. If your request is particularly complex or if you have made a number of requests, we may need more time (up to an additional two months, per the GDPR), but if that is the case we will let you know and keep you updated.

Sharing with Cogniphant Group Companies and Research Partners

For the purposes of this Privacy Policy, “Cogniphant Group Companies” refers to COGNIPHANT LTD (Company No. 16576336, registered in England and Wales) and any other companies that are wholly owned, controlled, or operated by COGNIPHANT LTD, including but not limited to Cogniphant OÜ (Estonia). We may share personal data between Cogniphant Group Companies solely for operational purposes such as delivering our services, improving the platform, supporting research and development, complying with legal requirements, and ensuring consistent and secure data management. In practice, your data may be accessed by authorized Cogniphant team members (such as platform developers) under strict controls, but the data itself always remains hosted in the United Kingdom.

We may also share data with approved research partners (such as universities, research institutes, or independent researchers) for educational, scientific, and developmental studies relevant to our mission of improving attention and learning outcomes. Any such sharing is done carefully and governed by agreements:

  • Where possible, we will anonymise or pseudonymise personal data before sharing it with research partners, meaning the data either cannot identify an individual at all, or the identifying information is removed and kept separate.

  • If identifiable data is ever required for a particular research collaboration, we will obtain explicit consent from the individuals involved or, in the case of minors, from their parent or legal guardian before sharing the data. For example, if a university study wanted to follow up directly with certain participants, we would only facilitate that if parents have agreed to that specific data sharing.

  • Research partners receiving data from us are required to handle it confidentially and use it only for the agreed research purposes. They must also comply with data protection laws.

We do not sell, rent, or trade personal data to any third party for marketing or any other purpose. All sharing of data—whether with Cogniphant Group Companies or research partners—is carried out under strict privacy, security, and confidentiality obligations consistent with this Policy and applicable law.

Service Providers: In addition to the above, we use certain trusted third-party service providers to help us run our operations (for example, our cloud hosting provider, data storage service, or analytical tool providers). These providers act on our behalf as data processors. This means they may handle or store personal data only for the purposes that we instruct, and not for their own purposes. We only engage service providers who can provide sufficient guarantees to meet the requirements of data protection law. For instance, our cloud infrastructure provider (such as Microsoft Azure) maintains high security standards and is contractually bound to keep our data secure and confidential. Other examples of service providers might include email services (to send out notifications or reports) or customer support tools. Whenever we share data with a service provider, we ensure there is a data processing agreement in place that requires them to protect the data and prohibits them from using it for anything other than providing the service to us.

Legal Requirements and Vital Interests: Lastly, we may disclose personal data to third parties outside of our group if we are required to do so by law, or if such disclosure is necessary in our good-faith belief to (i) comply with a legal obligation (for example, responding to a court order or a request from law enforcement or regulatory authorities), (ii) protect the vital interests of a child or another individual (for example, in an emergency situation where a child’s safety is at risk), or (iii) enforce or defend our rights (such as in legal proceedings). In any such case, we would only share the minimum information necessary and document the process as required by law.

We remain responsible for the protection of your personal data when it is shared. If you have questions about who we share data with, or specific third parties involved in handling your data, please contact us and we can provide you with additional information.

Use of Automated Decision-Making and Technologies

Cogniphant uses digital tools, including algorithms and software, to assist in analyzing the data collected from questionnaires and cognitive games. However, we do not make any final decisions about a child purely by automated means. We want to explain how technology is used and ensure you that there is always a human in the loop:

  • Automated Analysis: Our platform may automatically score or analyze the responses and game results. For example, the system might calculate an attention score based on how a child performed in a sustained attention game, or flag certain responses on a questionnaire that indicate potential attention difficulties. This helps our team process data efficiently, especially when dealing with many participants, and it ensures consistency in initial analysis.

  • No Solely Automated Decisions with Significant Impact: While we use these automated tools to assist, any result or recommendation that comes out of our platform is reviewed by qualified professionals (such as child psychologists, educational specialists, or trained Cogniphant analysts) before it is communicated to you or used to make any recommendation. We do not rely solely on a computer-generated result to tell you about your child. The human reviewer will consider the automated results in context, possibly look at the underlying data in more detail, and use their professional judgment to form conclusions or recommendations.

  • Human Oversight and Interpretation: The purpose of the technology is to support, not replace, human expertise. For instance, if an algorithm flags a child as having a high number of inattention indicators, our expert will look at the full profile: they might consider factors like the child’s age, any notes from the parent or teacher, and any anomalies in the data (maybe the child was having a bad day during one of the activities) before deciding what feedback to give. If something in the data looks inconsistent or unclear, we may even follow up for clarification rather than drawing a conclusion from the raw score.

  • Transparency of Logic: We strive to keep our assessment methods transparent and explainable. If you have questions about how a particular result was calculated (for example, why the system gave a certain score), we will do our best to explain the factors that were considered. We avoid “black box” algorithms that cannot be explained. All our automated analyses are based on well-understood psychological tasks and scoring systems.

  • No Profiling for Other Purposes: We do not use algorithms to profile children for any purposes outside of the scope of the assessment (such as marketing or advertising, which we do not do at all). The automated analysis is strictly limited to the educational and developmental indicators we described.

By ensuring there is human oversight, we comply with UK GDPR requirements regarding automated decision-making (particularly Article 22, which gives individuals the right not to be subject to a decision based solely on automated processing that has significant effects). In short, any important decision or advice given about your child involves human consideration.

If you ever have concerns or questions about how a decision or recommendation was made, please contact us. You have the right to request human intervention, express your point of view, or contest any decision we make, and we will address your concerns with full attention.

Communications and Contact Information

Communication of Results: We will communicate the results of our assessments and any recommendations to parents/guardians in a timely and confidential manner. Typically, after a pilot program or assessment cycle is completed, we will provide you with a report or summary of your child’s results. We aim to deliver these results within approximately two months after the completion of the activities (often sooner, depending on the number of participants and analyses involved). If this service is being conducted in partnership with a school, we may also provide a summary report to the school or to specific school staff (such as a SENCO, counselor, or teacher) but only with appropriate consent and in line with what was agreed when you joined the program. In other words, we won’t surprise you by sharing information with the school that you weren’t expecting us to share. Usually, the arrangement is that the school receives overall findings and recommendations for supporting students, while parents receive individual child reports. In some cases, with parental permission, we may discuss an individual child’s results with designated school staff to help the child in the school environment.

Respectful and Relevant Communications: We value your time and privacy, so we promise not to inundate you with unnecessary communications. We will contact you via the channels you have approved (for example, via email, phone, or through the app) and primarily for purposes that you would reasonably expect:

  • To provide updates and information about the ongoing assessment or pilot (e.g., scheduling of sessions, reminders to complete a questionnaire, etc.).

  • To deliver results and reports to you.

  • To answer any questions or respond to feedback you have for us.

  • To inform you of any significant changes to this Privacy Policy or our terms of service (especially if you are currently participating in a program or have an ongoing account with us).

  • On occasion, to offer you participation in new research or services, but only if you have given consent to be contacted for such purposes. We will not spam you, and you will have the choice to opt-in or opt-out of any such communications.

We will make sure to contact you at appropriate times (generally during normal working hours or at times you have indicated are convenient). We will be mindful of not disturbing you with late-night or early-morning calls or messages, unless it’s an emergency or you have expressly allowed that. We also comply with relevant laws regarding electronic communications. For instance, we will not send you marketing emails unless you have explicitly opted in (and even though our focus isn’t marketing, this also covers things like newsletters or updates about our services). Every email we send of that nature will include an easy way to unsubscribe.

Contacting Us: If you have any questions, concerns, or requests regarding this Privacy Policy or about your personal data and privacy while using Cogniphant’s services, please feel free to contact us. We are here to help and address any issues. You can reach us at:

  • Email: alejandro@cogniphant.org

  • Telephone/WhatsApp: +34 601 007 853 (Please note this is an international number. This line is managed by our team, and you can reach out via WhatsApp or call during business hours. If you prefer a call within the UK, let us know by email or message and we can arrange to call you from a UK number.)

  • Postal Mail: Cogniphant Ltd, 47a Forthbridge Road, London SW11 5NX, United Kingdom.

When contacting us, especially if it’s about a privacy issue or to exercise your rights, please provide your name and a clear description of your question or request. If you are contacting us on behalf of a child or as a school representative, please clarify that as well so we can assist you appropriately. We may need to verify identity for security (for example, if you are asking about data, we want to ensure we’re speaking to the right person).

We will address inquiries as soon as possible. Our goal is to make sure you feel safe and informed about how we handle data, so no question is too small. Whether you want more explanation about something in this Policy, or you think something isn’t clear, or you have a concern about how things are being done, we encourage you to reach out.

Changes to this Privacy Policy

We may update or modify this Privacy Policy from time to time, especially if our practices change or if laws/regulations change. However, we will not reduce your rights under this Policy or deviate from the core principles without good reason. If changes are made, we will do the following:

  • Notification of Changes: If we make any significant or material changes to the Policy, we will notify you in advance. We may send a notice to the email address on file, post a prominent announcement on our website or platform, or use other appropriate communication channels. For minor or administrative changes (such as clarifying language or updating company details), we may simply update the Policy document and change the effective date (see Effective Date below).

  • Review Period: When we notify you of significant changes, we will provide at least 30 days for you to review the new Policy before it takes effect. This gives you the opportunity to understand the updates and contact us with any questions or concerns. If you continue to use our services after the new Policy comes into effect, it will be assumed that you have accepted the changes. However, if you do not agree with the changes, you have the right to stop using the services and/or withdraw your consent (as applicable).

  • Specific Consent for New Uses: If a change to the Policy would materially alter how we handle your data in a way that you might not expect (for example, if we ever wanted to start a new type of data processing that requires consent), we would seek your consent for that new use, in addition to updating the Policy. We aim to avoid surprises – our relationship with you is built on trust.

  • Access to Previous Versions: For transparency, we will keep prior versions of this Privacy Policy available (for example, we might archive them on our website or be able to provide them on request) so you can see how the Policy has evolved over time.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. If you have any questions or objections to changes in our Policy, please contact us – your feedback is important.

Effective Date

This Privacy Policy is effective as of 02 September 2025 and will remain in effect until a new version is published. The effective date of each version is indicated at the top of the Policy. If we update the Policy, the effective date will change, and we will notify users as described above.

By using Cogniphant’s services or participating in our programs after the effective date of this Policy (or any updated Policy), you acknowledge that you have read and understood this Privacy Policy. We thank you for entrusting us with important information, and we are dedicated to keeping that trust by safeguarding your data and using it only in ways that benefit you and the educational community.