The Discretion Protocol
Cognita operates at the intersection of corporate strategy and executive education. The intellectual property and personal data of our stakeholders are treated as assets of the highest value. This document outlines the architecture of trust that governs our digital environment.
Effective Date
October 2026
Version 2.4
For specific inquiries regarding data handling, contact our compliance officer.
Contact Compliance →I. The Inputs & Outputs
Information Architecture
We do not traffic in attention or indiscriminate surveillance. The data we collect is strictly limited to what is necessary to deliver high-level advisory services and facilitate executive learning. This falls into two distinct categories: Active Inputs and Passive Infrastructure.
Active Inputs are what you choose to share during a consultation inquiry, academy registration, or whitepaper download. This includes professional identifiers (name, title, company), direct contact channels (email, phone), and the specific strategic challenges you articulate in your message. This information is encrypted at rest and in transit, serving only the immediate purpose of our engagement.
Passive Infrastructure refers to technical data required to maintain the integrity of our platform. This includes IP timestamps and browser types. We aggregate this data to detect security anomalies—such as brute-force attempts on our academy portals—and to optimize load times for global users. It is anonymized, stripped of personal identifiers, and never used for marketing analytics.
Collection Matrix
Strategic Data
Encrypted inputs used solely for project scoping and academy access credentials. Zero retention post-engagement.
Technical Data
Anonymized logs for security hardening and performance optimization. No cross-site tracking pixels.
Third-Party Data
Cognita does not purchase or ingest external data lists. All relationships are established via direct consent.
"Privacy is not merely a compliance requirement; it is the foundation of strategic advisory. Without confidentiality, there is no trust. Without trust, there is no truth."
— Cognita Legal Framework
In short: We collect the minimum necessary to serve you. We use the industry-standard encryption to protect it. We do not sell it. We respect the French Data Protection Authority (CNIL) guidelines as a baseline, though our standards are stricter.
II. The Logic of Control
The mechanisms by which you retain sovereignty over your digital footprint within our ecosystem.
Access & Portability
Upon request, we compile a complete dossier of all personal data held in our systems. This export is delivered via secure channel in a structured, machine-readable format.
Rectification & Purge
If your professional details change or you wish to sever ties, we facilitate immediate correction or total deletion of your records, barring legal retention mandates.
Transparency & Logic
We do not hide behind "legitimate interest" loopholes. If we utilize a processor for a specific function (e.g., secure document signing), the processor is named and their security posture is validated.
Evidentiary Thresholds
Our Assumptions
- Users value data minimization over feature richness.
- Security is a continuous process, not a static state.
- Regulatory compliance (GDPR/RGPD) is the floor, not the ceiling.
What Changes This
- A formal ruling by the CNIL establishing new precedents for B2B data sharing.
- Detection of a zero-day vulnerability requiring immediate mass notification.
- Integration of a new payment processor for the Academy (requires explicit opt-in).
Cookies & Tracking
We do not use tracking cookies, retargeting pixels, or social media widgets that harvest user data. We use strictly necessary session cookies to maintain your login state within the Academy platform.
Read the Full Cookie PolicyClean Session
Data Governance Contact
For all matters relating to the processing of personal data, including requests for access, modification, or deletion, please direct correspondence to our designated Data Privacy Officer.
Legal Jursidictions
This policy is governed by the laws of the French Republic. Disputes arising from data processing activities shall be resolved in the courts of Paris.