Skip to content

Privacy Policy

Effective Date: March 19, 2026

This Privacy Policy describes how Baldwinson Corporation ("we," "us," or "our") handles information in connection with the Cogniflux mobile application ("the App"). We are committed to protecting your privacy and being transparent about our data practices.

1. Data Controller

For the purposes of the EU General Data Protection Regulation (GDPR) and applicable data protection laws, the data controller responsible for your personal data is:

Baldwinson Corporation

13195 Imperial Hwy
Whittier, CA 90605

Contact: Support Page

2. Information We Collect

Cogniflux is designed with a privacy-first approach. The App collects and stores the following information locally on your device:

  • Caffeine intake logs (beverage type, caffeine amount, timestamp)
  • User preferences and settings (e.g., target bedtime, display preferences)
  • Derived data such as estimated caffeine and metabolite curves

Apple HealthKit Data

With your explicit permission, Cogniflux may read and/or write the following data types from Apple HealthKit:

  • Caffeine intake (write, to log your caffeine consumption)
  • Sleep analysis (read, to correlate caffeine timing with sleep data, if available)
  • Heart rate (read, to provide insights into how caffeine may correlate with heart rate patterns)

HealthKit data is accessed only when you grant permission through the iOS Health permissions dialog. You can revoke access at any time in your device's Settings > Health > Data Access. HealthKit data is not used for advertising or marketing purposes.

Optional Data Sync

If you choose to enable sync features, certain data, including heart rate data read from HealthKit, may be transmitted securely to our private servers. Sync is entirely optional and disabled by default. You control which data types are synced, and you can disable sync at any time in the App's settings. An account is not required to use the core features of Cogniflux.

Error and Crash Reports

The App uses Sentry, a third-party error monitoring service, to collect crash reports and diagnostic data. This data may include device model, operating system version, app version, and technical details about the error. Crash reports do not contain your caffeine logs, HealthKit data, or any personally identifiable information.

Purchase Information

If you make a purchase or subscribe to a premium feature, payment processing is handled by Apple through the App Store and by RevenueCat, a third-party subscription management service. We receive a pseudonymous identifier and subscription status from RevenueCat to unlock premium features. We do not receive or store your payment details, credit card number, or Apple ID.

Website Analytics (Google Analytics)

Our website (https://cogniflux.app) uses Google Analytics 4, a web analytics service provided by Google LLC. Google Analytics uses cookies and similar technologies to collect information about how visitors use our website, including pages visited, time spent on pages, referring URLs, and general geographic region (derived from IP address). We have enabled IP anonymization, which means your IP address is truncated by Google before being stored. Google Analytics data is used solely to understand website traffic patterns and improve the website experience. Google Analytics does not collect your name, email address, or other personally identifiable information through our website. For more information, see Google's Privacy Policy and Google Analytics Opt-out Browser Add-on.

Spam Prevention (Google reCAPTCHA)

Our website uses Google reCAPTCHA v3 to protect forms (such as the support contact form) from spam and abuse. reCAPTCHA collects hardware and software information, such as device and application data, and sends it to Google for analysis. The information collected is used to determine whether the interaction is from a human or an automated program. This processing is governed by Google's Privacy Policy and Terms of Service.

We do not collect personal information such as your name, email address, phone number, or location through the App. The App does not require you to create an account. When you voluntarily submit a support request through our website, we collect the name, email address, and message content you provide solely to respond to your inquiry.

3. How We Use Information

Information collected by Cogniflux is used for the following purposes:

  • Core functionality: Your caffeine logs and settings are used locally to model caffeine levels, generate visualizations, and provide timing insights.
  • HealthKit integration: HealthKit data is used on-device to enrich caffeine modeling with sleep and heart rate data, and to write caffeine records back to Health, if you choose.
  • Optional sync: If you enable sync, heart rate and other opted-in data is transmitted to our servers to provide enhanced features and insights across sessions.
  • Aggregated analytics: We may use anonymized, aggregated data that cannot be linked back to any individual user to improve the App and conduct research. This data contains no personally identifiable information.
  • Error reporting: Crash and diagnostic data is sent to Sentry to help us identify and fix bugs, improving the App's stability for all users.
  • Subscription management: A pseudonymous purchase identifier is shared with RevenueCat solely to verify your subscription status and unlock premium features.
  • Website analytics: Google Analytics data is used to understand how visitors interact with our website and to improve its content and performance.
  • Spam prevention: Google reCAPTCHA is used on our website forms to distinguish human visitors from automated bots, protecting the integrity of our support systems.

4. Third-Party Services

We do not sell, rent, or share your personal data or caffeine logs for advertising or marketing purposes. We do not sell your data to data brokers or third parties. The App integrates with the following third-party services:

Apple HealthKit

Used to read sleep and heart rate data, and write caffeine intake records, with your explicit permission. If you enable sync features, heart rate data read from HealthKit may be transmitted to our private servers. In compliance with Apple's HealthKit guidelines, HealthKit data is not used for advertising, marketing, or sale to data brokers.

Sentry (Error Reporting)

Used to collect crash reports and diagnostic data to improve app stability. Data sent to Sentry includes device model, OS version, app version, and technical error details. No caffeine logs, HealthKit data, or personally identifiable information is included. Sentry's privacy policy is available at sentry.io/privacy.

RevenueCat (Subscription Management)

Used to manage in-app purchases and subscriptions. RevenueCat receives a pseudonymous app-specific identifier and purchase receipt data from Apple to verify your subscription status. RevenueCat does not receive your caffeine logs, HealthKit data, or personal information. RevenueCat's privacy policy is available at revenuecat.com/privacy.

Baldwinson Corporation Servers (Optional Sync)

If you enable sync features, heart rate and other opted-in data is transmitted securely to our private servers. This data is used solely to provide app functionality and enhanced insights. It is never sold to third parties, and you can request deletion at any time by contacting us.

Google Analytics (Website)

Used on our website to collect anonymized usage statistics such as pages visited, session duration, and general geographic region. We have enabled IP anonymization so your full IP address is never stored by Google on our behalf. Google may use the collected data to contextualize and personalize ads in its own advertising network; however, we do not use Google Analytics for advertising purposes. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on. Google's privacy policy is available at policies.google.com/privacy.

Google reCAPTCHA v3 (Website)

Used on our website to protect forms from spam and abuse. reCAPTCHA analyzes user behavior (e.g., mouse movements, time on page) and collects device and browser information to generate a risk score. This processing happens in the background without requiring user interaction. Data collected by reCAPTCHA is subject to Google's Privacy Policy and Terms of Service.

5. Cookies and Tracking Technologies

The Cogniflux mobile app does not use cookies. However, our website (https://cogniflux.app) uses the following cookies and similar technologies:

Google Analytics Cookies

Google Analytics sets cookies (such as _ga and _ga_*) to distinguish unique visitors and throttle request rates. These cookies expire after up to 2 years. The data collected is aggregated and anonymous. You can block these cookies through your browser settings or by using the Google Analytics Opt-out Add-on.

Google reCAPTCHA Cookies

Google reCAPTCHA may set cookies (such as _GRECAPTCHA) to provide its risk analysis. These cookies are necessary for the spam-protection functionality of our contact form.

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. Please note that disabling cookies may affect the functionality of certain features on our website (e.g., the support contact form).

6. Data Retention

Your caffeine logs and settings are stored locally on your device for as long as you use the App. If you delete the App, all local data is removed from your device.

  • Synced data: If you have enabled sync, data stored on our servers is retained until you request its deletion or delete your account. You may request deletion by contacting us at the email address below.
  • Anonymized data: Aggregated, anonymized data that cannot be linked to any individual may be retained indefinitely for research and product improvement purposes.
  • Sentry: Crash reports are retained by Sentry in accordance with their data retention policies (typically 90 days).
  • RevenueCat: Subscription records are retained by RevenueCat as long as necessary to manage your subscription and comply with financial record-keeping requirements.
  • HealthKit: Data written to HealthKit is managed by iOS and remains under your control via the Health app.
  • Google Analytics: Analytics data is retained by Google in accordance with our configured retention settings (14 months by default). Cookies set by Google Analytics expire after up to 2 years.
  • Google reCAPTCHA: Data collected by reCAPTCHA is retained by Google in accordance with Google's data retention policies.

7. Your Choices

You have full control over your data:

  • You can delete individual log entries within the App at any time.
  • You can delete all local App data by uninstalling Cogniflux from your device.
  • You can adjust App settings and preferences at any time.
  • You can enable or disable data sync at any time in the App's settings.
  • You can request deletion of any data stored on our servers by contacting us.
  • You can revoke HealthKit access at any time via Settings > Health > Data Access on your device.
  • You can opt out of Google Analytics by installing the browser opt-out add-on or by adjusting your browser's cookie settings.
  • You can manage or block cookies through your browser settings at any time.

8. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

  • Consent: Where you have given your explicit consent, such as enabling HealthKit access, optional data sync, or submitting a support request with your contact information.
  • Legitimate interest: For website analytics (Google Analytics with IP anonymization) to understand and improve how visitors use our website, and for error reporting (Sentry) to maintain App stability. We have assessed that these interests do not override your fundamental rights and freedoms.
  • Contractual necessity: For subscription management (RevenueCat) to fulfill your purchase and provide premium features.
  • Legitimate interest (spam prevention): For Google reCAPTCHA to protect the integrity of our website forms. This is necessary to prevent abuse and maintain service availability.

Your Rights Under GDPR

If you are located in the EEA, the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate personal data.
  • Right to erasure: You may request deletion of your personal data, subject to legal retention obligations.
  • Right to restrict processing: You may request that we limit how we use your data.
  • Right to data portability: You may request your data in a structured, machine-readable format.
  • Right to object: You may object to processing based on legitimate interest, including analytics.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us via our Support Page. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights regarding your personal information.

Categories of Personal Information

In the preceding 12 months, we may have collected the following categories of personal information through our website and services:

  • Identifiers: Email address and name (only if you voluntarily submit a support request).
  • Internet activity: Website browsing data collected by Google Analytics (pages visited, session duration, referring URL, general geographic region).
  • Device information: Browser type, operating system, and device characteristics collected by Google Analytics and Google reCAPTCHA.

Your Rights Under CCPA/CPRA

  • Right to know: You may request details about the categories and specific pieces of personal information we have collected about you.
  • Right to delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to correct: You may request correction of inaccurate personal information.
  • Right to opt out of sale/sharing: We do not sell your personal information and do not share it for cross-context behavioral advertising. No opt-out is necessary.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your California privacy rights, please contact us via our Support Page. We will verify your identity before fulfilling any request and respond within 45 days as required by law.

10. International Data Transfers

Our website and services are operated from the United States. If you access our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers (including Google and Sentry) maintain facilities. These countries may have data protection laws that differ from those in your jurisdiction. By using our website or services, you acknowledge this transfer. Where required by applicable law (including GDPR), we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission to ensure an adequate level of protection for your data.

11. Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. There is currently no industry standard for how websites should respond to DNT signals. Our website does not currently respond to DNT signals. However, you can opt out of Google Analytics tracking using the methods described in the "Your Choices" section above.

12. Security

Your caffeine logs and settings are stored locally on your device and benefit from the security protections provided by your device's operating system, including device encryption and biometric locks. Data transmitted to our servers and third-party services (sync data, Sentry crash reports, RevenueCat subscription verification, Google Analytics, Google reCAPTCHA) is sent over encrypted HTTPS connections. Data stored on our servers is protected using industry-standard security measures. We use commercially reasonable measures to protect all data that is transmitted and stored.

13. Children's Privacy

Cogniflux is not directed at children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect information from children. If you believe a child has provided information through the App or our website, please contact us so we can take appropriate action.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Effective Date" at the top of this page and, where appropriate, provide notice within the App. Your continued use of Cogniflux after changes are posted constitutes your acceptance of the revised policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy, wish to exercise your privacy rights, or have a complaint about our data practices, please contact us at:

Baldwinson Corporation

13195 Imperial Hwy
Whittier, CA 90605

Contact: Support Page