At Cognixo Path, operating through cognixopath.com, we approach information stewardship from a position of necessity and restraint. This document clarifies what user-generated details emerge during your interaction with our platform, how those specifics function within our educational infrastructure, and the boundaries we've established around their movement and retention.
The relationship between a family investing education service and its participants requires mutual understanding. You provide certain identifying elements so we can deliver personalized guidance. We, in return, commit to treating those elements with operational discipline and transparent accountability.
Cookie and tracking mechanisms are addressed in a separate policy document. This framework focuses exclusively on the information you directly provide, how that information supports our educational mission, and the control mechanisms available to you.
Information Emergence and Intake Points
Details about you enter our infrastructure through several distinct pathways. Understanding these intake moments helps you recognize when information crosses into our operational environment.
Account Formation
When you establish an account with Cognixo Path, specific identifiers become necessary for system functionality. Your chosen username, contact email address, and authentication credentials form the foundational layer. We also record geographic indicators based on your stated location within Canada, which helps us align educational content with regional financial regulations and investment contexts relevant to your province.
During registration, the following categories emerge:
- Contact identifiers (email address, phone number if voluntarily provided)
- Authentication elements (password hash, security question responses)
- Basic demographic markers (name, geographic region)
- Timestamp of account creation
Program Enrollment and Educational Interaction
As you engage with our learning modules, additional layers of information naturally accumulate. Progress markers track which lessons you've completed, quiz responses reveal comprehension patterns, and time-on-platform metrics indicate engagement depth. These operational traces serve a functional purpose: they allow our system to recommend appropriate next steps and help instructors identify where additional clarification might benefit participants.
When you submit questions through discussion forums or request individual guidance, the content of those communications becomes part of your educational record. This includes written inquiries, uploaded documents for review (such as sample investment plans), and any financial scenarios you present for feedback.
Transaction Records
Payment processing generates transactional metadata. We retain records showing which programs you've purchased, payment amounts, transaction dates, and basic billing information. However, full credit card numbers and detailed banking information reside with our payment processor, not within our primary infrastructure. We receive only confirmation tokens and last-four-digit identifiers necessary for customer service resolution.
Communication Exchanges
Direct correspondence with our support team, whether through email, contact forms, or scheduled consultation sessions, produces communication records. These capture the substance of your questions, our responses, and any follow-up exchanges. Phone conversations may be recorded, though you'll receive explicit notification at the call's outset if recording is active.
Operational Purposes and Functional Dependencies
Information doesn't simply sit within our infrastructure—it enables specific operational capabilities that support your educational journey. Each category serves distinct functional requirements.
Platform Access and Identity Verification
Your authentication credentials enable secure access to educational materials while preventing unauthorized account entry. Geographic markers help us verify that participants reside within Canada, where our educational guidance holds regulatory relevance.
Educational Customization and Progress Tracking
Learning analytics allow the platform to surface relevant content based on your demonstrated knowledge level. If quiz results indicate uncertainty around tax-advantaged accounts, subsequent recommendations might prioritize TFSA and RRSP modules. Progress markers prevent redundant material presentation and help instructors identify common comprehension gaps.
Support Delivery and Question Resolution
Communication records enable continuity when multiple team members address your inquiries. Without contextual history, each support interaction would require you to re-establish background information, creating friction and inefficiency.
Operational Notifications
Contact details facilitate necessary platform communications: enrollment confirmations, payment receipts, program update announcements, and critical account security alerts. These aren't promotional—they're operational necessities that keep you informed about services you've actively engaged.
Platform Improvement and Content Development
Aggregated engagement patterns inform curriculum development. If analytics reveal that participants consistently struggle with a particular concept, that signals a need for clearer explanation or additional examples. Individual identifiers are stripped during this analysis—we examine patterns, not people.
We operate under a principle of functional limitation: information gets deployed only for purposes directly connected to delivering educational services or maintaining platform operations. Marketing communications require separate, explicit consent that you control through account preference settings.
Internal Handling and Access Boundaries
Information doesn't flow freely within our organization. Access follows role-based restrictions that limit exposure to operational necessity.
Technical Infrastructure Team
System administrators maintain database integrity and server functionality. They can access user records during troubleshooting or security investigations, but operational protocols prohibit browsing without specific technical justification. Access logs capture when privileged credentials are deployed.
Educational Staff
Instructors and curriculum developers work with learning analytics and educational records to assess program effectiveness. They review aggregated performance metrics and may examine individual progress when participants request personalized guidance. Direct communication content becomes visible to support staff who address your specific inquiries.
Administrative Functions
Billing and account management personnel access transactional records when processing refunds, investigating payment disputes, or responding to financial inquiries. Customer service representatives review communication history to provide informed support.
Automated Processing
Much of the platform operates through automated decision systems that recommend content, track progress, and trigger notifications based on predefined rules. These systems evaluate your activity patterns without human review, though their output may surface information that staff subsequently examine.
External Information Movement and Third-Party Access
Certain operational requirements necessitate information flow beyond our direct infrastructure. These external transfers follow strict contractual boundaries.
Payment Processing Partners
Transaction completion requires transferring payment details to certified financial processors. These entities operate under payment card industry standards that mandate specific security protocols. They receive only information necessary to complete your purchase: billing name, payment method details, and transaction amount. Our agreements prohibit them from retaining or repurposing this information beyond immediate processing needs.
Communication Service Providers
Email delivery depends on third-party messaging infrastructure. When we send platform notifications or respond to your inquiries, message content passes through these intermediary systems. Service agreements restrict their ability to scan, retain, or analyze message substance beyond technical delivery requirements.
Technical Infrastructure Vendors
Our platform operates on cloud hosting services that maintain the physical servers where data resides. These providers have technical access to infrastructure but contractual prohibitions against examining stored content. Data center locations remain within Canadian jurisdictions to maintain geographic data sovereignty.
Legal Compulsion and Safety Imperatives
Certain circumstances override standard confidentiality practices. Valid legal demands from Canadian authorities—court orders, subpoenas, regulatory investigations—may compel disclosure. We resist overly broad requests and seek to limit scope, but legal compliance ultimately takes precedence. Additionally, if we identify credible threats to individual safety or detect platform abuse that violates terms of service, information may be shared with law enforcement or other protective entities.
We do not sell participant information to data brokers, advertising networks, or other commercial entities. Our business model depends on educational services, not information commodification. External transfers occur only for operational necessity or legal requirement.
Protection Methodology and Residual Risk
Safeguarding stored information involves layered technical and procedural measures, though absolute security remains an aspirational concept rather than an achievable state.
Technical Safeguards
Encryption protects information both during transmission and while residing in storage systems. Authentication credentials undergo one-way hashing that prevents reverse engineering. Access controls restrict database queries to authorized personnel, with activity monitoring that flags unusual patterns. Regular security assessments identify potential vulnerabilities before they can be exploited.
Procedural Controls
Staff training emphasizes confidentiality obligations and proper handling protocols. Access provisioning follows minimum-necessary principles—team members receive only the permissions their role requires. Offboarding procedures immediately revoke credentials when personnel depart.
Honest Risk Assessment
Despite these measures, vulnerabilities persist. Sophisticated attackers may circumvent protections through techniques we haven't anticipated. Software flaws occasionally create temporary exposure windows before patches can be deployed. Human error—misconfigured systems, inadvertent exposure—remains a constant possibility. We work to minimize these risks, but cannot eliminate them entirely. The nature of networked systems means some residual vulnerability always exists.
Individual Control Mechanisms and Rights Exercise
Your relationship with our platform isn't one-directional. You retain significant authority over information you've provided and can exercise various control mechanisms.
Information Review
You can request a comprehensive export of details we've associated with your account. This includes profile information, learning records, communication history, and transactional data. We deliver this export within fifteen business days of verified requests.
Correction Authority
If stored information contains inaccuracies, you can request modifications. Some corrections happen immediately through account settings; others require manual processing by our team to ensure changes don't introduce inconsistencies across interconnected systems.
Deletion Requests
You can request complete account removal, which triggers deletion of most associated information. Certain records must be retained for legal compliance—financial transaction logs, for example, remain accessible for seven years under Canadian tax regulations. Everything beyond legal requirements gets purged within thirty days.
Processing Objections
If you believe information is being handled in ways inconsistent with this framework, you can object to specific processing activities. We'll evaluate whether operational necessity justifies continued handling or whether alternative approaches might address your concerns.
Communication Preferences
You control whether you receive program announcements, educational tips, and promotional content. Operational messages—payment confirmations, security alerts—cannot be disabled without closing your account entirely, as they're integral to service delivery.
Portability Requests
Beyond simple review, you can obtain your information in structured formats that facilitate transfer to alternative platforms. This portability right ensures you're not locked into our service through information capture.
Exercise these rights by contacting info@cognixopath.com with specific requests. We'll verify your identity before processing—usually by confirming access to the email address associated with your account—then complete the requested action within applicable timeframes.
Retention Logic and Deletion Triggers
Information doesn't remain indefinitely. Retention durations vary based on functional necessity and regulatory requirements.
Active Account Information
While your account remains active, associated information persists to support ongoing service delivery. Profile details, learning progress, and communication history stay accessible so the platform can provide personalized experiences and maintain operational continuity.
Post-Closure Retention
Account closure initiates graduated deletion. Profile details and educational records get archived for ninety days in case you choose to reactivate, then move to permanent deletion. Transactional records follow longer retention schedules due to accounting requirements—financial documentation remains accessible for seven years to satisfy potential audit demands.
Communication Archives
Support correspondence retention depends on context. Routine questions get purged twelve months after resolution. Substantive educational guidance may remain longer if it contributes to improving curriculum materials, though identifying details get stripped during that repurposing.
Anonymized Analytics
Aggregated usage patterns that inform platform improvements persist indefinitely, but only after individual identifiers have been irreversibly removed. Once information gets truly anonymized—meaning it can't be re-associated with specific individuals—it falls outside personal data frameworks entirely.
Legal Foundations and Regulatory Compliance
Our information handling practices rest on several legal bases that authorize processing under Canadian privacy frameworks.
Contractual Necessity
Most information handling qualifies as contractually necessary—you can't meaningfully participate in educational programs without providing identifiers that enable account access, progress tracking, and communication. When you enroll, you're implicitly agreeing that certain information exchange is prerequisite to service delivery.
Legitimate Operational Interests
Some processing serves legitimate business functions that don't directly depend on contractual obligations: platform security monitoring, fraud prevention, service improvement analytics. These activities occur because they support sustainable platform operation, not because they're explicitly required for each transaction.
Consent-Based Activities
Certain information uses require explicit permission: promotional communications, third-party service integrations, participation in optional research studies. These activities don't proceed without your affirmative authorization, which you can withdraw at any time.
Legal Obligations
Tax reporting, financial auditing, and responses to valid legal demands rest on statutory requirements that override individual preferences. We process information in these contexts because Canadian law mandates compliance, not because we choose to do so.
Framework Updates and Change Notification
This stewardship framework evolves as operational practices develop and regulatory landscapes shift. Material changes—those affecting how information gets handled or what rights you can exercise—trigger proactive notification. You'll receive email alerts describing modifications and their effective dates, usually with thirty days advance notice.
Minor adjustments that clarify existing practices without changing substance may occur without individual notification, though we'll update the effective date displayed at this document's beginning. Periodic review helps you stay informed about current practices.
Continued platform use after change notifications constitutes acceptance of updated practices. If modifications prove unacceptable, you retain the right to close your account before they take effect, at which point prior framework terms govern information handling during the wind-down period.
Special Considerations for Minors
Cognixo Path targets family investing education, which means some participants may be under eighteen. We recognize that minors' information requires additional protective consideration.
Account creation for individuals under eighteen requires parental consent. Parents or legal guardians maintain authority to review their minor child's educational records, exercise control rights on their behalf, and receive notifications about platform activities. As minors approach adulthood, we encourage family discussions about transitioning account control, though legal authority remains with guardians until provincial age-of-majority thresholds are reached.
We don't knowingly collect information from children under thirteen without explicit parental authorization. If we discover underage account creation has occurred without proper consent, we immediately suspend access and contact listed guardians to establish appropriate permissions or initiate account closure.
Questions, Concerns, and Rights Exercise
330 Craig St
Parksville, BC V9P 1L5
Canada
This framework reflects our current understanding of legal obligations and operational requirements as of March 2025. It applies to information handling practices within Canadian jurisdictions where Cognixo Path maintains operations.
For cookie policies, tracking technologies, and web analytics practices, please reference our separate Cookie Management document accessible through the site footer.