Cognitor privacy policy
Cognitor respects your privacy. This policy explains what personal data we process, for what purposes, how long, with whom we share it and what your rights are. The service is an information and analysis platform about markets and assets (especially US-listed assets), delivered in Portuguese, Spanish and English — it is not personalised investment advice, portfolio management, order execution or individual recommendations. The portal is not designed to collect your real portfolio for execution; it processes account, subscription, content consumption and technical preference data as described below.
1. Data controller / Operator
The controller of personal data is ADKZ TECNOLOGIA DA INFORMACAO LTDA, a Brazilian private legal
entity (trade name: Adkz), operating the public site (mycognitor.com), the Cognitor
portal and related marketing pages:
Legal name: ADKZ TECNOLOGIA DA INFORMACAO LTDA
Trade name: Adkz
Country of incorporation / principal seat: Brazil — Ribeirão Preto, State of São Paulo
Date of incorporation: 1 July 2022
Full address: Rua João José Rodrigues de Morais, 270, City Ribeirão, Ribeirão Preto – SP,
14021-340, Brazil
CNPJ (Brazilian company tax ID): 46.996.118/0001-12
General, privacy and data subject email: legal@mycognitor.com
2. Priority markets and billing model
The product serves users in multiple jurisdictions. For pricing and billing, the portal applies commercial rules that include dedicated configuration in the payment provider for, among others: Brazil, United States, Canada, Australia, Philippines, Mexico, Chile and Colombia. Users with a billing country elsewhere (including the United Kingdom, EU/EEA and other countries) are generally charged in US dollars (USD) at the applicable price — without that, by itself, implying a commercial establishment or representation in that country. This policy applies to all data subjects regardless of pricing group or currency.
3. Scope
This policy applies to:
- visitors to the public website (landing), marketing pages (
/{lang}/…), campaign pages (/lp/…) and related legal content; - contacts collected for a waitlist, product communications or marketing, where used;
- registered portal users (account, settings, language preference, authenticated area);
- customers with a paid subscription, trial period or free plan with an account;
- visitors arriving via partner links, for commercial attribution where applicable;
- users who enable push notifications or install the portal as a PWA.
4. Personal data we process
Depending on your interaction, we may process:
- Identity and contact: email address, name or profile identifier when you sign in with an identity provider (e.g. name and email from Google), preferred language.
- Account and subscription: user ID on the authentication platform, plan or subscription metadata used to authorise access to content (weekly dossiers, executive summaries, podcasts, daily briefings, special content, agenda and asset universe), relevant service dates.
- Payment data: as a rule, card and sensitive financial data are processed by the payment provider (Stripe). The Operator may receive customer identifiers, subscription status, pricing group or billing metadata and minimum data for legal compliance.
- Push notifications (opt-in): when you enable alerts in the browser or PWA, we may process technical device identifiers and notification subscription data with the messaging service (see sub-processors) to send notices of newly published content — not as trading alerts or orders.
- Technical and security: IP address, device and browser type, security logs, cookies or session tokens required for the portal, server request timestamps; may include a country indicator derived from network headers or your chosen billing country for price display and checkout flows.
- Communications: support request records, marketing preferences where applicable, operational email records (e.g. briefings for Pro subscribers when configured).
We do not routinely request sensitive data (health, racial origin, etc. under LGPD or special categories under GDPR). Do not send such data by email or forms.
5. Purposes and legal bases (multi-jurisdictional reference)
Bases vary by country. The table summarises typical references for EU/EEA (GDPR) and Brazil (LGPD); the Operator should finalise mapping with counsel in the Operator's country and other relevant markets.
| Purpose | GDPR (EU/EEA) — reference | LGPD (Brazil) — reference |
|---|---|---|
| Operate site and portal, authentication, abuse prevention and security | Contract / pre-contract; legitimate interest (Art. 6(1)(b), (f)) | Contract; legitimate interest (Art. 7, V and IX as applicable) |
| Subscription, billing and support | Contract; legal obligation (Art. 6(1)(b), (c)) | Contract; legal obligation (Art. 7, II and V) |
| Push notifications and PWA (when you enable them) | Consent (Art. 6(1)(a)); contract performance if part of paid service | Consent (Art. 7, I); contract when applicable |
| Partner attribution (campaign cookies) and commercial programme fulfilment | Consent or legitimate interest depending on implementation and jurisdiction (Art. 6(1)(a), (f)) | Consent or legitimate interest (Art. 7, I and IX), case-by-case and ANPD guidance |
| Waitlist, newsletters and Cognitor marketing | Consent or legitimate interest as appropriate (Art. 6(1)(a), (f)) | Consent or legitimate interest (Art. 7, I and IX), case-by-case and ANPD guidance |
| Product improvement, aggregate metrics, stability | Legitimate interest; consent for non-essential cookies | Legitimate interest or consent (Art. 7), as applicable |
| Defence in judicial or administrative proceedings | Legitimate interest or legal obligation (Art. 6(1)(c), (f)) | Regular exercise of rights or legal obligation (Art. 7, II and VI) |
6. Processors and sub-processors
We use third-party services that may process data on our behalf under applicable contracts (including DPAs and standard clauses where required):
- Google (Firebase Authentication, Firestore, Firebase Cloud Messaging and related) — account, session, user metadata and, if you enable push, notification delivery;
- Google Cloud Storage — private storage of content files (PDF, audio); access is controlled on the portal server after permission checks (including temporary URLs or stream proxy);
- Stripe — payments, billing and subscription management portal (Customer Portal);
- Hosting and infrastructure (e.g. Vercel or equivalent) — application execution, HTTP delivery and processing of network headers relevant to country/language where applicable.
An up-to-date list of sub-processors can be requested by email to legal@mycognitor.com. Those vendors may also act as independent controllers on their platforms under their policies.
7. International transfers
Some providers may process data outside your country, Brazil or the EEA (including the United States). Brazil: LGPD and ANPD rules on international transfers apply. EU/EEA: where the GDPR applies, we may use safeguards such as EU Commission Standard Contractual Clauses or adequacy decisions. Mexico, Colombia, Chile, Philippines, Canada, Australia, United States and others: additional local requirements on transfer or access may apply; nothing in this policy overrides mandatory rules of your jurisdiction.
8. Retention
- Account and contract: for the relationship and, after termination, as long as needed for legal obligations (tax, accounting, etc.) and rights defence — periods vary by Operator country and law.
- Marketing / waitlist: until consent withdrawal or objection, and at most [24] months after last contact without relevant interaction (adjust with counsel).
- Security logs: [90] days unless legal defence or investigation requires longer.
- Session: cookies or session tokens for as long as needed for secure operation of the portal, according to technical configuration.
9. Cookies and similar technologies
The website and portal may use cookies, browser local storage and similar technologies to maintain your session, remember preferences (such as language or billing region), support security, measure use in aggregate where applicable, record consent choices and attribute visits when you arrive via promotional or partner links. Technical names and lifetimes may change as the platform is updated.
If we use cookies or non-essential analytics or marketing tools, we will request consent where the law requires (LGPD, Brazilian Marco Civil, EU cookie/ePrivacy rules, ANPD guidance, US state laws, among others).
10. Your rights
Brazil (LGPD): under Arts. 18 et seq. of Law 13.709/2018, you may request confirmation of processing, access, correction, anonymisation, portability, deletion, information on sharing, withdrawal of consent where applicable, and objection to processing based on legitimate interest. Complaints to the ANPD — www.gov.br/anpd.
EU/EEA (GDPR): access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and complaint to the supervisory authority in your country of residence or work (e.g. France — CNIL, Germany — state authorities, Spain — AEPD, Ireland — DPC).
Mexico: ARCO rights and withdrawal of consent under the LFPDPPP; complaints to the INAI (inai.org.mx) where applicable.
Canada: rights under PIPEDA and/or provincial privacy laws as applicable; authorities such as the OPC (priv.gc.ca).
Australia: rights under the Privacy Act 1988 (APPs); complaints to the OAIC (oaic.gov.au) where applicable.
Philippines: rights under the Data Privacy Act of 2012; complaints to the National Privacy Commission (NPC) (privacy.gov.ph) where applicable.
Chile and Colombia: local personal data protection laws may apply; check channels indicated by the competent authority in your country.
United States and other territories: state privacy laws (e.g. California, Virginia, Colorado) or other regimes may grant additional rights (access, deletion, opt-out of sale/sharing as defined locally).
Requests: legal@mycognitor.com. We may ask for proof of identity before disclosing or changing data.
11. Minors
The service is not directed at people under 18 (or the age of majority or digital capacity required in your jurisdiction). We do not knowingly collect data from minors; if you become aware of this, contact us for deletion.
12. Changes to this policy
We will publish the updated version on this page. If the change is material, we will notify by email or through the portal when possible.
Last revised: 4 April 2026.
General terms of use: Terms of use.