OctaCognition
Sign InGet Started

Privacy Policy

Effective Date: March 9, 2026 · Last Updated: March 9, 2026

1. Introduction

OctaCognition (“we,” “us,” or “our”) operates the OctaCognition website and software-as-a-service platform at octacognition.com (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Service.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service. This Privacy Policy should be read together with our Terms of Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address and password. Your password is cryptographically hashed before storage — we never store passwords in plain text. We do not collect your name, phone number, physical address, or any other profile information.

2.2 User Content

When you use the Service, we store the following content that you create or that is generated on your behalf:

  • Product ideas — the text you type describing your product idea (up to 10,000 characters);
  • Generated specifications — the AI-generated markdown documents produced from your ideas;
  • Refinement instructions — instructions you provide when refining a section (processed but not separately stored);
  • Visual mockups — AI-generated SVG wireframe mockups;
  • Titles and suggestions — AI-generated titles and refinement suggestions associated with your specifications;
  • Configuration choices — selected section types, depth mode, and export format preferences.

2.3 Usage Data

We track aggregate usage metrics tied to your account for the purpose of enforcing plan limits:

  • Number of specifications generated per calendar month;
  • Number of section refinements per calendar month.

We do not use any third-party analytics, tracking pixels, session recording tools, or advertising technology. We do not track your browsing behavior, page views, click patterns, or any other behavioral analytics.

2.4 Technical Data (Not Stored)

Your IP address is used temporarily in server memory for rate-limiting purposes (to prevent abuse of login, registration, and generation endpoints). IP addresses are not persisted to any database or log file and are discarded when the server process recycles.

2.5 Payment Information

We do not collect, process, or store any payment card information. All payment processing is handled by our third-party payment processor, which acts as our Merchant of Record. When you purchase a subscription, you provide your payment details directly to the payment processor. We receive only: a customer identifier, subscription identifier, plan information, billing dates, and subscription status. We never have access to your credit card number, CVV, or banking details.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service — processing your ideas through AI models to generate specifications, mockups, and refinements;
  • Account management — authenticating your identity, managing your session, and securing your account;
  • Subscription management — managing your plan, enforcing usage limits, and communicating with Paddle about your billing;
  • Rate limiting and abuse prevention — temporarily using IP addresses to prevent automated abuse of the Service;
  • Service improvement — understanding aggregate usage patterns to improve the Service (we do not analyze individual user content for this purpose);
  • Communication — sending you essential account-related communications (e.g., password reset, Terms changes). We do not send marketing emails.

4. Third-Party Service Providers

To operate the Service, we share certain information with third-party service providers in the following categories. Information is shared only to the extent necessary for each provider to perform its designated function:

  • Cloud hosting and database providers — store your account data, user content, and usage data on secure servers located in the United States;
  • Authentication providers — manage account creation, sign-in, session management, and password hashing;
  • Payment processor (Merchant of Record) — handles all payment transactions, billing, tax collection, invoices, and refunds. Your email and a user identifier are shared at checkout. We never receive or store your payment card details;
  • AI model providers — process your product idea text and refinement instructions to generate specifications and mockups. Your email address, account information, and payment details are never sent to AI providers. AI providers may retain input data in accordance with their own privacy policies;
  • Application hosting provider — hosts and serves the Service infrastructure in the United States.

We do not sell, rent, or trade your personal information to any third party for marketing, advertising, or other commercial purposes.

For specific questions about our third-party service providers, including their identities and applicable privacy policies, please contact us at support@octacognition.com.

5. Cookies and Similar Technologies

The Service uses only strictly necessary cookies required for the Service to function. These include authentication session cookies that keep you signed in, and cookies that may be set by our payment processor during the checkout process.

We do not use analytics cookies, advertising or tracking cookies, social media cookies or pixels, or any other non-essential cookies.

You can control cookies through your browser settings. Note that disabling authentication cookies will prevent you from signing in to the Service.

For specific questions about cookies used by the Service, please contact us at support@octacognition.com.

6. Data Retention

We retain your data as follows:

  • Account data (email, hashed password) — retained for as long as your account exists;
  • Generated specifications and mockups — retained until you manually delete them or your account is deleted;
  • Usage metrics (generation/refinement counts) — retained for as long as your account exists;
  • Subscription data — retained for as long as your account exists, for billing history and audit purposes;
  • IP addresses — held temporarily in server memory for rate limiting only; never persisted to storage.

When you delete a generation, it is permanently removed from our database. When your account is deleted, all associated data (generations, subscriptions, usage records) is permanently deleted via cascading database deletion.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include industry-standard encryption, access controls, and secure development practices.

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.

For specific questions about our security practices, please contact us at support@octacognition.com.

8. Your Rights

8.1 All Users

Regardless of your location, you have the right to:

  • Access your personal data — you can view your email in the Service, and all your generated content is accessible within your account;
  • Delete your content — you can delete individual generations at any time through the Service;
  • Close your account — contact us at support@octacognition.com to request account deletion, which will permanently remove all your data;
  • Revoke sharing — you can remove public share links at any time.

8.2 European Economic Area (EEA) / UK Residents (GDPR)

If you are located in the EEA or UK, the General Data Protection Regulation (GDPR) provides you with additional rights. Our legal basis for processing your personal data is:

  • Contract performance (Article 6(1)(b)) — processing necessary to provide the Service you requested (account management, specification generation, billing);
  • Legitimate interests (Article 6(1)(f)) — rate limiting and abuse prevention to protect the Service and other users.

Under GDPR, you additionally have the right to:

  • Rectification — request correction of inaccurate personal data;
  • Erasure (“right to be forgotten”) — request deletion of your personal data;
  • Restriction of processing — request that we limit how we use your data;
  • Data portability — receive your personal data in a structured, commonly used, machine-readable format;
  • Object — object to processing based on legitimate interests;
  • Complaint — lodge a complaint with your local data protection authority.

8.3 California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information:

  • Right to know — you can request details about the categories and specific pieces of personal information we have collected about you;
  • Right to delete — you can request deletion of personal information we have collected;
  • Right to opt out of sale — we do not sell your personal information. We do not share personal information for cross-context behavioral advertising;
  • Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, please contact us at support@octacognition.com. We will respond to verifiable requests within 30 days (GDPR) or 45 days (CCPA).

9. International Data Transfers

The Service is operated from the United States. Your data is primarily stored and processed in the United States. Certain third-party service providers may process data in other jurisdictions.

If you are located outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States.

For EEA/UK users, transfers are made on the basis of Standard Contractual Clauses (SCCs) as implemented by our service providers, or other approved transfer mechanisms under GDPR.

10. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information as promptly as possible. If you believe we have collected information from a child under 18, please contact us immediately at support@octacognition.com.

11. Third-Party Links

The Service may contain links to third-party websites or services (e.g., payment billing portal). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you interact with.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service at least thirty (30) days before the changes take effect. The “Last Updated” date at the top of this page indicates when this Privacy Policy was most recently revised. Your continued use of the Service after any changes constitutes your acceptance of the revised Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a complaint about how we handle your personal information, please contact us at:

Email: support@octacognition.com

We will make every reasonable effort to resolve your concern promptly and in accordance with applicable law.

Terms of ServiceRefund PolicyHome