Data Processing Agreement

Last updated: 7 July 2026

1. About this agreement

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between Cognita Tech Ltd (“Cognita”, the processor) and the customer (“Customer”, the controller). It governs Cognita’s processing of personal data contained in the Claude Code usage telemetry that the Customer sends to Cognita (“Customer Personal Data”).

For personal data where Cognita is itself the controller (account holders, website visitors), see our Privacy Policy instead. This DPA applies only to Cognita’s role as processor.

2. Subject matter and details of processing

  • Subject matter and purpose — processing Claude Code usage telemetry to provide the Cognita AI-adoption analytics service to the Customer.
  • Duration — for the term of the Customer’s subscription, plus the deletion window in section 9.
  • Nature of processing — collection, pseudonymisation, storage, aggregation, and presentation of usage metadata.
  • Types of personal data — pseudonymous user identifiers (one-way hashes); usage metadata (models used, cost, token counts, timestamps, tool usage); and, only where the Customer uploads a staff roster, plaintext name, email, team, department, and manager in the identity map. Prompt and output content is stripped at ingest and never stored.
  • Categories of data subjects — the Customer’s employees and contractors who use Claude Code.

3. Cognita's obligations as processor

Cognita will:

  • process Customer Personal Data only on the Customer’s documented instructions, including in respect of international transfers, this DPA and the Terms being the primary instruction;
  • ensure that people authorised to process the data are bound by confidentiality;
  • implement appropriate technical and organisational security measures (section 5);
  • engage sub-processors only under section 6;
  • assist the Customer in responding to data-subject requests and in meeting its security, breach-notification, and impact-assessment duties (sections 7-8); and
  • delete or return Customer Personal Data at the end of the service (section 9), and make available the information needed to demonstrate compliance and allow for audits.

4. The Customer's responsibilities

The Customer, as controller, warrants that it:

  • has a valid lawful basis to send its employees’ usage data to Cognita, and has given those employees any privacy notice required by UK/EU GDPR; and
  • has issued only lawful processing instructions.

5. Security measures

Cognita’s measures under Article 32 include, as built into the product:

  • pseudonymisation at ingest — each email is replaced with a per-customer keyed one-way hash before storage;
  • content stripping — prompt and output content, command lines, and file paths are removed at the collector before anything is stored;
  • tenant isolation — each customer’s data is partitioned under an immutable system-minted tenant identifier;
  • encryption in transit and at rest; and
  • access control, with the staff-upload endpoint being write-only.

6. Sub-processors

The Customer gives general authorisation for Cognita to engage sub-processors. Cognita maintains a current list (Amazon Web Services, Neon, Vercel, Google, and email/analytics vendors), imposes equivalent data-protection terms on them, and will give prior notice of any change with a right to object on reasonable data-protection grounds.

7. Assisting with data-subject rights

Cognita will assist the Customer in fulfilling data-subject requests. Erasure is carried out by crypto-shred: because a plaintext identifier exists in only one place (the identity map), deleting that single record renders all of that person’s hash-keyed telemetry permanently unresolvable. Cognita cannot itself re-identify a data subject from the analytics store without the identity map.

8. Breach notification

Cognita will notify the Customer without undue delay after becoming aware of a personal data breach affecting Customer Personal Data, and will provide the information the Customer reasonably needs to meet its own notification obligations.

9. Deletion at end of service

On termination, Cognita will, at the Customer’s choice, delete or return Customer Personal Data within a defined window, then delete remaining copies save where retention is required by law. Deletion of identity data uses crypto-shred; the raw telemetry lake is subject to lifecycle expiry.

10. Benchmarking

Where the Customer has enabled it, Cognita may use aggregated, pseudonymised cohort statistics for cross-company benchmarking. This is performed only on aggregates with suppression of small cohorts, so no individual company or person is identifiable, and it produces aggregated statistical output. This use is described here so it is transparent and forms part of the documented instructions.

11. International transfers

Customer Personal Data is stored in the European Economic Area (Ireland). Where any sub-processor is outside the UK/EEA, Cognita relies on a valid transfer mechanism (the UK International Data Transfer Agreement, EU Standard Contractual Clauses with the UK Addendum, or the EU-US Data Privacy Framework and its UK Extension).

This document is provided for transparency and does not constitute legal advice. Cognita Tech Ltd, 87a Worship Street, London EC2A 2BE.