Version 1.0 · Last updated: 18 April 2026
Cognify is operated by NGIS PTE LTD (UEN 202403437E), a private limited company incorporated in Singapore ("we", "us", "our"). Cognify is a software-as-a-service platform that produces manufacturing analytics and reports from operational data you upload, available at cognifytechnology.com (the "Service").
This Privacy Policy explains what personal data we collect when you use the Service, why we collect it, what we do with it, and the rights you have under the Singapore Personal Data Protection Act 2012 (PDPA) and, where applicable, the Malaysian Personal Data Protection Act 2010.
In accordance with Section 11(3) of the Singapore PDPA, we have designated a Data Protection Officer (DPO) to oversee our compliance with this Policy and with applicable privacy laws.
Email: info@cognifytechnology.com
You may contact the DPO at any time with privacy questions, access requests, correction requests, consent withdrawals, complaints, or other concerns.
This Policy applies to personal data of individuals who register for, log in to, or use the Service; individuals who correspond with us through the Service, our contact forms, or email; and billing contacts associated with a Cognify subscription.
It does not apply to manufacturing operational data you choose to upload (machine-level information handled as your business content under our Terms of Service), nor to third-party websites we may link to.
Account data — email, first and last name, phone number (optional), job title (optional), and your role on your organisation's account.
Organisation data — legal name, trading name, business registration number, country, industry classification, and billing address where provided.
Authentication and session data — a hashed version of your password (we never see or store it in plain text), your session token while signed in, your IP address, and browser user agent (used for security and audit logging).
Billing data — payments are handled by a PCI-DSS certified payment processor. We do not receive or store your card number, expiry, or CVC. On our own systems we store a processor customer identifier, invoice identifiers and download links, your billing address for tax invoicing, and your subscription status.
Support communications — messages you send us, any attachments, and our replies.
Audit and security logs — records of significant actions on the Service, including actor identifier, IP, browser user agent, and timestamp.
Marketing consent (opt-in) — if you tick a marketing consent box we record the consent, date, and scope. You may withdraw at any time.
You may upload Excel or CSV files containing manufacturing operational data. These files typically describe machines and processes rather than identifiable individuals and are generally not personal data under the PDPA. We treat them as your confidential business content.
If your uploaded files do happen to include personal data (for example, operator names on shift records), you are responsible for ensuring you have the lawful basis to share that data, and we process it solely as a data intermediary under Section 4 of the PDPA, on your instructions.
Cognify uses proprietary AI models to analyse uploaded data and generate reports. The AI processing runs on infrastructure operated by us, and uploaded data is not used to train any third-party commercial AI product.
We collect and use personal data to create and operate your account, authenticate you and protect your account, process payments and meet tax obligations, generate and deliver analytics reports, provide customer support, maintain audit logs for security and regulatory compliance, notify you of material service changes, send product marketing communications where you have opted in, and enforce our Terms of Service.
Lawful bases under the PDPA include performance of the contract we have with you, our legitimate interests in operating and securing the Service, compliance with legal obligations, and your consent (which applies specifically to marketing communications and which you may withdraw at any time).
We do not sell your personal data.
We share personal data only with the following categories of recipient, and only to the extent necessary for the stated purpose:
Some of our service providers operate outside Singapore. Where we transfer personal data to a country that does not provide a level of protection comparable to the PDPA, we rely on contractual safeguards (for example, Standard Contractual Clauses or equivalent commitments) in line with Section 26 of the PDPA.
Your uploaded production files are held within a Singapore datacenter and are not transferred outside Singapore for day-to-day operation of the Service. Encrypted offsite backups may be stored outside Singapore; these backups are encrypted with keys we control.
Where you are based in Malaysia, cross-border transfers are carried out in accordance with Section 129 of the Malaysian PDPA.
When a retention period expires, we delete the personal data, anonymise it, or archive it in a form from which you cannot be re-identified.
Under the Singapore PDPA (Sections 21–24) and, where applicable, the Malaysian PDPA, you have the right to:
To exercise any right, contact the DPO at info@cognifytechnology.com. We may need to verify your identity. We do not charge a fee for routine requests.
If you are not satisfied with how we handle your request, you may contact the Personal Data Protection Commission of Singapore, or, if you are based in Malaysia, the Department of Personal Data Protection.
We take commercially reasonable technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, and destruction. These include encrypted transport, encrypted backups, role-based access control, multi-factor authentication support, perimeter and intrusion monitoring, regular patching, and an internal incident response runbook.
No Internet service is 100% secure. Please keep your password confidential, use a unique strong password for Cognify, and enable multi-factor authentication when it is available to you.
If we become aware of a data breach that results in or is likely to result in significant harm to affected individuals, or that affects 500 or more individuals, we will notify the Personal Data Protection Commission of Singapore within 3 calendar days of establishing the breach, in accordance with Section 26D of the PDPA, and we will notify affected individuals as soon as practicable.
Essential cookies are strictly necessary to keep you signed in and to protect sensitive actions against cross-site request forgery. They are always on.
Analytics cookies (opt-in only) are used only if you accept them on our consent banner. Our analytics does not use cross-site tracking and is not shared with advertising networks.
We do not use marketing or advertising cookies. Our consent banner offers "Reject all" as prominently as "Accept all". You can change your choice at any time from the footer of any public page.
Cognify is a business-to-business service. It is not directed at children and we do not knowingly collect personal data from anyone under 18. If you believe a child has provided personal data to us, contact the DPO and we will delete it.
We may update this Policy from time to time. When we make a material change we will update the version number and effective date at the top of this page, notify you by email to the address on your account, and post a notice in the portal before the change takes effect. Continued use of the Service after the effective date means you accept the updated Policy.
Data Protection Officer: info@cognifytechnology.com
NGIS PTE LTD (UEN 202403437E), Singapore