Cognifai AI Ltd ("Cognifai", "we", "us") provides call analytics services to FCA-regulated insurance intermediaries, including the Call Intelligence Audit. We are registered in England & Wales under company number 16624957, with our registered office at 124 City Road, London, United Kingdom, EC1V 2NX. For any privacy matter, contact us at audit@cognifai.me.
This policy explains how we handle personal data in two distinct situations: when you interact with our website, and when we process call recordings on behalf of our clients.
When you submit our audit request form, we collect the information you provide: your name, role, brokerage name, work email address, contact centre size, and anything you choose to tell us in the free-text field. We use this to respond to your enquiry, scope the engagement, and communicate with you about our services. Our lawful basis is legitimate interests (responding to a business enquiry you initiated) and, where an engagement follows, steps taken to enter into a contract.
Our website does not use advertising trackers or analytics cookies. The site and form are hosted by Netlify, whose infrastructure records standard server logs (such as IP addresses) for security and operational purposes.
The core of our service involves analysing recorded customer calls supplied by our clients. For this data, our client is the data controller and Cognifai acts as a data processor, handling recordings only on the client's documented instructions under a signed Data Processing Agreement (DPA).
Our standing commitments for call data: recordings are transferred via secure portal; processed only by approved, GDPR-compliant subprocessors; never used to train AI models; accessible only to personnel who need access to deliver the engagement; and permanently deleted within 30 days of report delivery, or earlier on the client's instruction.
Call recordings may contain personal data of our clients' customers and staff, including names, contact details, policy information and, where disclosed on a call, health information. Where special category data is present, the client remains responsible for establishing the controller-side lawful basis; our processing is limited to the analysis they instruct, under the safeguards above. If you are a customer of one of our clients and wish to exercise your data rights over a call recording, please contact the firm you spoke to; we will support our client in fulfilling your request.
We do not sell personal data, and we do not share it with third parties for their own marketing. We use a limited number of service providers (such as secure hosting and AI analysis infrastructure) as subprocessors, each bound by contractual terms consistent with UK GDPR. A current list of subprocessors is available to clients on request and is included in our DPA.
Where any processing takes place outside the UK, we ensure an adequate level of protection through UK adequacy regulations or appropriate safeguards such as the UK International Data Transfer Agreement or Addendum.
Call recordings and derived call-level data are deleted within 30 days of report delivery. Enquiry data is retained for as long as needed to manage our relationship with you and for a reasonable period afterwards, after which it is deleted. Audit reports delivered to clients are retained by the client as controller of their own records.
We apply technical and organisational measures appropriate to the sensitivity of the data we handle, including encrypted transfer, access controls, and deletion procedures. No system is perfectly secure, but the handling commitments in section 3 are contractual, not aspirational.
Under UK GDPR you have rights of access, rectification, erasure, restriction, portability and objection, and the right to withdraw consent where consent is the basis of processing. To exercise any of these in respect of data we control, email audit@cognifai.me. You also have the right to complain to the Information Commissioner's Office (ico.org.uk), although we would welcome the chance to resolve any concern directly first.
We may update this policy from time to time. The date at the top reflects the latest revision, and material changes will be flagged to active clients directly.