top of page

Cognishape - Privacy Policy



Welcome to Cognishape, an app-based cognitive training program for adults via conversational (non-human) technology, as further detailed on our website (the "Service").

This Privacy Policy (“Policy”) explains how information about you is collected and used by the Service, which is developed and operated by Cognishape Ltd. (“Company” or “we”, “us”, “our”).

We are committed to complying with applicable data protection laws, including the EU and the UK General Data Protection Regulation (GDPR).

The Service is not directed to users under the age of 18. We do not knowingly collect information or data from unhealthy users, children under the age of 18 or knowingly allow them to use the Service.

This Policy may be amended from time to time. We will post any change to this Policy online. Upon significant changes, we will make efforts to proactively notify you via a notification on the Service of the changes at a reasonable time in advance of the effective date.

Contact us

If you have any questions, comments or concerns regarding this Policy or our processing of your personal information, please contact us at

What we collect and why

You do not have a legal obligation to provide the information that we request. However, if you choose not to provide this information to us, we may not be able to process your purchase, your feedback and respond to your inquiry, while you may not be able to use the Service or receive the newsletters you requested.


You may always opt-out from receiving our newsletter and our administrative messages by separately clicking the opt-out link in each type of messages or by contacting us at: You can always stop receiving task reminder notifications by disabling them via your device settings.

Methods and sources for collecting your personal information

We collect the personal information from several sources:

  • Directly from you when you register to our Service, when you provide it through the Service or when provided to us through our email; 

  • From our service providers helping us to operate the Service.

  • Through the device you use to access our Service, including through third party cookies and analytics tools, such as MixPannel, AppsFlyer and Facebook Ads.

Sharing your personal information

We will not share your information with third parties, except in the events listed below or when you provide us with your explicit and informed consent.

Data retention and security

We retain your information for as long as needed to operate the Service, and thereafter as needed for record-keeping matters.

We will retain your information for as long as needed to operate the Service. Thereafter, we will still retain your personal information as necessary to comply with our legal obligations, resolve disputes, establish, and defend legal claims and enforce our agreements. The overall period of retention is approximately 7 years. You may always delete your information via the “Delete Account” menu option in the Service or by providing us a written notice of termination to, but non-identifying information such as statistics and analytics shall not be deleted.

We implement measures to secure your information.

We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information, such as TLS, HTTPS, encryption and PII isolation. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your personal information, there is no guarantee that it will be immune from information security risks.

Additional information for individuals in the EU or UK 

Controller, GDPR and UK representatives

Cognishape Ltd. is the data controller of the personal information collected via the Service.

We are located at 25 Hashita St. Givat Brenner, 6094800

International data transfers

To facilitate processing your information through the Service and by our service providers, we will transfer your information outside of the EU or the UK.  We do so under the terms of a data transfer agreement, which contains standard data protection contract clauses with adequate safeguards determined by the EU Commission and UK Information Commissioner’s Office.


Legal basis for processing your personal data

Data subject rights

If you are in the EU or the UK, you have the following rights under the GDPR:

Right to Access and receive a copy of your personal information that we process.


Right to Rectify inaccurate personal information we have concerning you and to have incomplete personal information completed.

Right to easily and at any time withdraw your consent to us processing your personal data to email you our newsletters. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal 


Right to Data Portability, that is, to receive the personal information that you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another person or entity. Where technically feasible, you have the right to have your personal information transmitted directly from us to the person or entity you designate. 


Right to Object to our processing of your personal information based on our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or if we need to process such personal information for the establishment, exercise, or defense of legal claims. 


Right to Restrict us from processing your personal information (except for storing it): (a) if you contest the accuracy of the personal information (in which case the restriction applies only for a period enabling us to determine the accuracy of the personal information); (b) if the processing is unlawful and you prefer to restrict the processing of the personal information rather than requiring the deletion of such data by us; (c) if we no longer need the personal information for the purposes outlined in this Policy, but you require the personal information to establish, exercise or defend legal claims; or (d) if you object to our processing based on our legitimate interest (in which case the restriction applies only for the period enabling us to determine whether our legitimate grounds for processing override yours).


Right to be Forgotten. Under certain circumstances, such as when you object to our processing of your personal information based on our legitimate interest and there are no overriding legitimate grounds for the processing, you have the right to ask us to erase your personal information. However, notwithstanding such a request, we may still process your personal information if it is necessary to comply with our legal obligations, or for the establishment, exercise, or defense of legal claims. If you wish to exercise any of these rights, please contact us through the channels listed in this Policy.

When you contact us, we reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason.

Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in the Member State of your residence, place of work or place of alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here.

If you are in the UK, you can lodge a complaint to the Information Commissioner’s Office (ICO) pursuant to the instructions provided here.


Last updated: July 2023 (version 2.0.0)

bottom of page