Updated policy

Privacy Policy

Orion is operated by Cognitive Edge LLC. This page mirrors the latest PRIVACY_POLICY.md.

← Back to homepage

Orion Privacy Policy

Last Updated: November 6, 2025 Owned and operated by Cognitive Edge LLC (“Cognitive Edge,” “we,” “our,” or “us”)

Cognitive Edge LLC values your privacy. This Privacy Policy explains how we collect, use, share, and protect your information when you use Orion (the “Service”), our software platform for coaches and coachees.

By using the Service, you consent to this Privacy Policy.

1. Information We Collect

We collect information in the following ways:

a. Information You Provide

  • Account Information: When you sign up, we collect your name, email, and password (hashed).
  • Profile Information: Optional details such as photo, title, or focus area.
  • User Content: Text, files, or notes you upload, enter, or generate in the platform (e.g., coaching goals, notes, AI-generated prompts).
  • Communications: Messages you send to our support team or feedback you provide.

b. Automatically Collected Information

When you use Orion, we automatically collect:

  • Usage Data (pages visited, session duration, app interactions).
  • Device Information (browser type, operating system, IP address).
  • Cookies or Local Storage to maintain login sessions and preferences.

c. Information from Integrations

If you connect third-party services (e.g., Google Docs or calendar integrations), we may receive limited data necessary to enable those features, following your authorization.

2. How We Use Your Information

We use your information to:

  • Provide and improve the Service.
  • Personalize your coaching experience.
  • Operate AI-powered features (e.g., contextual insights, prompt generation).
  • Communicate important updates and respond to support requests.
  • Ensure platform security and prevent abuse.
  • Comply with legal obligations.

We do not sell your personal information to third parties.

3. AI and Data Processing

Some Orion features use artificial intelligence services to process and generate content. When you use these features:

  • Transient processing (OpenAI): We send prompts and selected context (e.g., relevant document excerpts, goals, recent conversation) to OpenAI to generate a response. We instruct providers not to use this data to train their models where such controls exist. In limited coach workflows, contextual fields may include identifiers like a coachee email if present in profile context.
  • Persistent memory (Mem0): If enabled for your workspace, we store snippets of chat content and related metadata with Mem0 to provide long‑term context across sessions. These memories are retained until removed as part of account/data deletion.
  • Derived data (embeddings): When you or your coach upload documents, we create vector embeddings from the text to power retrieval and search. These embeddings are stored in our database and do not include the full original text.

We aim to minimize identifiable information in AI requests where feasible while still delivering the functionality you expect. Do not include highly sensitive personal or regulated data in prompts or documents unless you have appropriate consent and safeguards.

4. Data Storage and Security

  • Your data is securely stored in managed cloud environments (e.g., Supabase or equivalent providers) with encryption at rest and in transit.
  • Access is restricted using authentication and role-based permissions.
  • We employ industry-standard measures to protect against unauthorized access, loss, or misuse.
  • However, no online system is 100% secure, and we cannot guarantee absolute protection.

Operational logging

We maintain application logs to keep the Service reliable and secure. These logs may include limited metadata such as user IDs, emails, timestamps, request identifiers, and error messages. Logs are used for debugging, fraud prevention, and abuse detection and are retained for a limited period.

5. Data Retention

We retain data only as long as necessary to provide the Service and comply with legal obligations. You may request deletion of your account and data at any time (see Section 10).

6. Sharing of Information

We may share limited data with:

  • Service Providers under strict confidentiality agreements and only to the extent necessary to operate the Service. Typical processors include:
    • Supabase (authentication, database, storage, email delivery)
    • OpenAI (LLM generation and embeddings)
    • Mem0 (long‑term memory for chat context, if enabled)
    • Email and observability vendors (transactional mail, logs)
  • Legal Authorities if required by law or to protect rights, safety, or property.

We do not sell your personal information and we do not share your User Content with advertisers or unrelated third parties.

Coach–Coachee data visibility within the product

  • Coaches can view content they upload for a coachee, related metadata and derived data (e.g., embeddings), and may view AI‑generated summaries where the coachee has enabled sharing.
  • Coachees can view items that are explicitly shared with them (e.g., files marked "shared").
  • These access rules are enforced by role‑based permissions and row‑level security policies in our backend.

7. Cookies and Tracking Technologies

We use cookies and local storage to:

  • Keep you logged in and maintain session security.
  • Remember preferences.
  • Optionally measure basic product analytics (we may use privacy‑respecting tools such as Plausible or an equivalent). We do not use advertising pixels or cross‑site tracking.

You can control or delete cookies in your browser settings, though some features may stop working properly.

8. International Data Transfers

If you access Orion outside the United States, your data may be processed or stored in the U.S. or other locations where our service providers operate. We implement safeguards consistent with GDPR requirements for international transfers.

9. Children’s Privacy

Orion is intended for users aged 18 or older. We do not knowingly collect data from children under 13 (or under 16 in the EU). If we learn a child’s data has been collected, we will promptly delete it.

10. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction or deletion.
  • Request data portability.
  • Object to or restrict processing.
  • Withdraw consent at any time (where applicable).

To exercise these rights, contact us at privacy@cognitiveedge.ai. We will verify your identity before fulfilling any request.

11. CCPA Notice (California Residents)

Under the California Consumer Privacy Act (CCPA), you have the right to:

  • Know what personal data we collect and how we use it.
  • Request deletion of your data.
  • Opt out of the sale of personal data (we do not sell data).

To make a request, contact us at privacy@cognitiveedge.ai.

12. GDPR Notice (European Users)

If you are in the European Economic Area (EEA), Cognitive Edge LLC is the data controller for your information. We process data under the following legal bases:

  • Contractual necessity – to provide the Service.
  • Legitimate interests – to improve and secure Orion.
  • Consent – for optional features or marketing communications.

You may lodge a complaint with your local data protection authority if you believe we have not complied with GDPR.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will post the updated version with a new “Last Updated” date. Continued use of Orion after changes means you accept the revised policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or your data, contact us at:

📧 legal@cognitiveedge.ai 🏢 Cognitive Edge LLC Austin, Texas, USA