Cognium
Sign in Get started

Legal

Privacy Policy

Version 2026-05 · Last updated May 2026

Draft. This policy is a working draft pending review by a South African attorney qualified in POPIA. Treat it as our current best-effort commitment, not formal legal advice.

1. Who we are

Cognium is a study-tracking application for South African students, operated by ABM. We are the responsible party for the personal information we process about you under the Protection of Personal Information Act, 2013 (POPIA).

Contact: hello@cognium.co.za

2. What we collect

  • Account details: name, email address, password (hashed), and optionally your institution and student number.
  • Study activity: subjects, weekly goals, study session timestamps and durations, manual notes you choose to write.
  • Academic data: assignments, tests, exams you log — including expected and actual marks.
  • Bursary status: whether you are funded, an applicant, or unfunded, and the name of your bursary organisation if you give it.
  • Journal entries: encrypted at rest. Only you can read them unless you explicitly share.
  • Technical data: IP address, browser/device type, session activity for security and abuse prevention.

3. How we use it

  • To show your dashboards, progress charts, and weekly summaries.
  • To generate reports — and to share those reports with parents, programme leaders, or bursary organisations only when you explicitly create a shareable link for them.
  • To send reminders and weekly digests you've subscribed to.
  • To support your bursary or programme leader in identifying students who need outreach (cohort-level only, never raw private notes).
  • To keep the service running, secure, and accountable.

4. Lawful basis

We process your personal information on the basis of your consent (you create an account voluntarily and accept these terms) and our legitimate interest in operating the service. For sensitive academic data we rely on your explicit consent at the point of creating shareable reports.

5. Who we share with

  • People you choose via shareable report links — you set the scope, expiry, and can revoke at any time.
  • Programme leaders and bursary organisations linked to your account — they see cohort-level summaries; raw journal entries are never shared.
  • Service providers who operate the infrastructure (currently Amazon Web Services in Cape Town for hosting, storage, and email delivery). They process your data on our instruction only.
  • Not third-party advertisers. We do not sell your data.

6. Where we store it

All data is stored within the AWS Africa (Cape Town) af-south-1 region. Database backups are retained for seven days. We do not transfer your personal information outside South Africa for processing.

7. How long we keep it

  • Account and study data: for as long as your account is active.
  • When you delete your account: your record is soft-deleted immediately. Encrypted journal entries are permanently deleted within 24 hours via a queued job. Other data is permanently deleted within 30 days.
  • Anonymous aggregate statistics may be retained for reporting purposes.

8. Security

  • HTTPS enforced on every page.
  • Passwords hashed with bcrypt; never stored in plain text.
  • Journal entries encrypted at rest with AES-256.
  • Database access restricted to the application, with credentials rotated via AWS Secrets Manager.
  • Penetration test performed before launch and at material releases.

9. Your rights under POPIA

You have the right to:

  • Access the personal information we hold about you.
  • Correct or update inaccurate information.
  • Request deletion of your account and data.
  • Object to processing on legitimate-interest grounds.
  • Lodge a complaint with the Information Regulator of South Africa: inforegulator.org.za.

Email hello@cognium.co.za to exercise any of these rights. We respond within 30 days.

10. Children

If you are under 18 you may only use Cognium with the consent of a parent or legal guardian. We do not knowingly collect information from children under 13.

11. Changes

We will publish a new version of this policy whenever we make material changes. The current version is shown at the top of this page. We will notify you of significant updates and ask you to re-accept where the change materially affects your rights.

12. Contact

Information Officer: hello@cognium.co.za