Cogliva — AI-enabled business strategy workspaceCogliva

Privacy Policy

Effective date: 4th July 2026

We aim to follow privacy-by-design principles. This policy explains, in plain English, what data Cogliva collects, how we use it, and the choices you have. Where GDPR or similar laws apply to you, we aim to respect the rights those laws provide.

Who we are

Cogliva is an AI-native strategy and management intelligence platform that helps turn unclear business challenges into structured diagnostics, full business strategies, and executable tactical plans — organized by organization and project, and exportable as 6+ client- and executive-ready formats including PDF, Word, and PowerPoint. It also includes Strategic Signals, an intelligence layer that helps you monitor external developments relevant to your strategy, a Management Copilot for fast, structured guidance on a specific challenge, a Strategy Workbench for capturing and organizing strategic topics per organization, Venture Lab for building and validating new ventures from opportunity to launch, and Liva, a built-in AI assistant that helps you draft, refine, and pressure-test content inline as you work. These features draw on Cogliva Intelligence, a managed, curated knowledge layer that grounds Cogliva’s outputs. In this policy, “Cogliva”, “we”, “us”, and “our” refer to the operator of the Cogliva service.

What data we collect

  • Account data: your name, email address, login information, and two-factor authentication credentials (authenticator setup data and a hashed record of your recovery codes) needed to create and secure your account.
  • Workspace and content data: the information you enter into Cogliva, such as business challenges, context, notes, diagnostics, business strategies, tactical plans, Management Copilot sessions (the challenges you describe and the guidance Cogliva generates), Strategic Signals profiles and the monitoring topics, keywords, and digest delivery email addresses you configure, Strategy Workbench topics and notes (the strategic topics, attributes, and review tasks you capture per organization), Liva assistant interactions (the content and requests you send and the drafts it returns), and — for Systems add-on users — details about your management system, processes, and improvement priorities, along with the organizations and projects you use to organize them.
  • Organization location data: optional location details for the organizations you analyze, such as a headquarters address, city, country, or coordinates. We collect this only when you enter it, or when you choose to use the “use my location” option in the diagnostic intake.
  • Usage and analytics data: limited technical information needed to operate, secure, and improve the service (for example, basic logs and error reports).
  • Cookies and similar technologies: we use strictly necessary cookies to keep you signed in and run the site. With your consent, we also use analytics cookies (Google Analytics) to understand how the site is used and improve it. Analytics and marketing cookies are off by default and only load after you accept them. You can change or withdraw your choice anytime via “Cookie settings” in the footer. We do not sell your personal data.

How we use data

We use your data to provide, maintain, secure, and improve the service, including to operate your account and respond to your requests.

AI processing note: the inputs you provide — including the fields and requests you send to the Liva assistant — may be processed to generate diagnostics, reports, agendas, recommendations, drafts, or other outputs. These outputs are produced to support your work and are intended for decision support only.

Account security: we protect every account with two-factor authentication. When you set it up, we store the data needed to verify your authenticator and a secure (hashed) record of your one-time recovery codes — we never store your codes in readable form. For additional protection, signed-in sessions end automatically after a period of inactivity.

Website context extraction: if you choose to use this optional feature in the diagnostic, Cogliva retrieves content from the public web address you provide and processes it with AI to draft intake fields for your review. We do not use it unless you trigger it, and the drafted fields are always yours to edit or discard.

Strategy document imports: if you choose to upload an existing strategy document (for example, a former strategy or board deck) to auto-fill the context a strategy type requires, Cogliva processes that file with AI to draft the relevant fields for your review. We do this only when you upload a file, and the extracted fields are always yours to edit or discard before you generate.

Organization Intelligence Map: The Organization workspace synthesizes the information you provide — including business context, diagnostics, strategy, projects, and intelligence assets — into a connected, structured model of your organization. This synthesis uses only data you have entered into Cogliva; it does not independently collect additional information about your organization from external sources.

Liva Assistant: The Liva Assistant is a conversational helper that answers how-to and where-is questions and helps you find your own records. It is read-only — it does not create, change, or delete your data — and it only surfaces records you are already permitted to see. Assistant conversations are session-only and are not retained after your session ends.

AI safeguards and provenance

To improve the accuracy and traceability of AI output, Cogliva applies a set of internal safeguards we call the Semantic Control Layer. As part of this, Cogliva may record limited provenance about how a generated value was produced.

This provenance is kept deliberately small. It stores a fingerprint (a hash) of the guardrail and prompt configuration that governed the generation — not the full prompt text — together with the AI model used and a trimmed list of the knowledge sources, frameworks, and context that shaped the output. Only the most recent generation for a given value is retained. These records are used solely as an internal quality-assurance tool, are visible only to administrators, and are not shown to other users or shared with third parties.

Data sharing

We share personal data with service providers only where needed to run the service (for example, hosting, authentication, AI processing, and — when you use website context extraction — retrieving content from the web address you provide), and only to the extent necessary. We do not sell your personal data.

Where Cogliva processes personal data on behalf of a customer, our Data Processing Addendum may apply.

Shared workspaces and access

Cogliva supports shared organizations and projects. Content you create in a shared workspace may be visible to other authorized members based on their role and access level. Account administrators may manage members and their access to organizations and projects.

On plans that support multiple users on one account, such as the Enterprise Strategy Workbench, the account owner can add additional users — up to three users in total, all sharing the owner's email domain. Those users may access the account's shared organizations, projects, and content, and the account owner is responsible for who they add.

Administrator access and support

A small number of authorized Cogliva administrators may access an account and its content when it is genuinely needed — for example, to provide support you have requested, investigate or resolve a technical issue, keep the service secure, prevent abuse, or comply with a legal obligation. To provide support faithfully, an administrator may temporarily view the service as it appears to a user.

This access is limited to what is necessary for the task, is restricted to authorized personnel, and is recorded in an internal audit log for accountability. We do not use it to access your content for advertising or to sell your data, and administrators do not need — and are not given — your password or two-factor authentication codes.

Strategic Signals and external monitoring

Strategic Signals uses the business context you hold in Cogliva to generate monitoring topics, keywords, and queries, and to surface relevant external developments as alerts. To provide the feature, we store the signal profiles you create — including their monitoring topics, keyword groups, queries, and settings — together with the alert results we surface, such as titles, links, and relevance scores. Alert results reference publicly available external sources; the underlying source content remains with its original publisher.

Active profiles may be scanned automatically on a schedule, as well as when you run a scan on demand. Where you enable digests, Cogliva may send periodic summaries to the email address you specify for a signal profile. You are responsible for ensuring you have the right to send digests to any recipient you configure, and for keeping that recipient list appropriate.

Strategic Signals is intended to support your monitoring and judgment — it surfaces external developments for your review and does not claim to capture every relevant development.

Source grounding and alert validation: To keep signal alerts accurate and traceable, Cogliva may retrieve and verify content from the public external sources referenced in an alert — for example, to confirm a verbatim headline or validate a specific claim against the original source. This retrieval is limited to publicly accessible content and is used solely to ground and validate alert outputs, not for any other purpose.

Contact, support, and deployment inquiries

When you reach out to us — through the contact form, an in-app support request, or a Strategy Deployment Studio inquiry — we process the details you provide, such as your name, email, organization, role, and message, so we can respond and follow up. Deployment inquiries may include additional context about your organization and how you would like to use Cogliva. We use this information only to handle your enquiry and any resulting conversation.

Downloadable templates and checklists: When you request one of our free resources — such as the Tactical Plan Template or the ISO 9001:2026 Leadership Impact Checklist — we capture the email you provide so we can deliver the file and, where you have opted in, send occasional related updates. You can unsubscribe at any time.

Internal customer records: Contact submissions and resource requests are stored in Cogliva's internal customer record so our team can follow up, avoid duplicate outreach, and keep a history of our conversations with you. This record is accessible only to authorised Cogliva staff and is not shared with other customers.

Data retention

We keep personal data only as long as needed to provide the service and for legitimate legal, security, and operational purposes. When data is no longer needed, we take reasonable steps to delete or anonymize it.

Your rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal data, and to object to or restrict certain processing. Where GDPR or similar laws apply, we aim to honor these rights.

Account and data deletion: you can request deletion of your account and associated personal data by contacting us at privacy@cogliva.com. We will action verified requests within a reasonable timeframe, subject to any legal retention obligations.

International users

Cogliva is operated from outside the European Union. If you access the service from a region with specific privacy laws, we aim to apply reasonable, good-practice safeguards to your data regardless of where you are located.

Changes to this policy

We may update this policy from time to time. When we do, we will update the effective date above. Material changes will be communicated where appropriate.

Contact

For privacy questions or requests, contact us at privacy@cogliva.com. You can also review our Terms of Service.