Cognition Financial
  • Header Image

Privacy Shield Policy


Effective: May 25, 2018

Last Updated: March 26, 2020

Cognition Financial Corporation and its affiliate Cognition Lending Corporation (together, "Cognition Financial," "our," "we" or "us") comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Frameworks (together the "Privacy Shield Principles"), as set forth by the U.S. Department of Commerce, regarding the collection, use and retention of Personal Data (as defined below) transferred from European Union (EU) member countries and Switzerland to the United States. We have certified that we adhere to the Privacy Shield Principles with respect to such data. If there is any conflict between this privacy shield policy (this "Privacy Shield Policy") and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern.

To learn more about the Privacy Shield program and to view our certification page, please visit

With respect to Personal Data that it receives or transfers pursuant to the Privacy Shield Principles, Cognition Financial is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

This Privacy Shield Policy applies to,,,, and (the "Websites").

Please also see our User Privacy Policy for more information regarding our data handling practices.


In this Cognition Financial Privacy Shield Policy:

"Guest" means an individual who accesses and uses the Services and who resides in the EU or Switzerland.

"Personal Data" means any information relating to a Guest that identifies or can be used to identify that Guest, either separately or in combination with other data readily available to us, that we receive in the U.S. from the European Union or Switzerland in connection with the Services, including information received offline.

"Services" means our hosted loan origination software applications and related support services available only to Guests of the Websites.


We commit to comply with the Privacy Shield Principles with respect to Personal Data received from Guests in connection with the use of the Services. This Privacy Shield Policy does not apply to Personal Data transferred under Standard Contractual Clauses or any approved derogation under EU data protection law.

Privacy Shield Principles

We commit to processing Personal Data in accordance with the Privacy Shield Principles as follows:

1. Notice

Prior to collecting Personal Data, we notify Guests covered by this Privacy Shield Policy about the categories of Personal Data that Cognition Financial collects and the purposes for collection and use of their Personal Data. This notice occurs when a Guest saves a loan application on one of the Websites. We will only process Personal Data in ways that are compatible with the purpose for which we collected it or for other authorized purposes.

The types of Personal Data the we collect from Guests depends on the purpose for which each Guest chooses to use the Services.

  • When a Guest creates an account to use the Services, we collect name, email address and address.
  • When a Guest initiates and completes a loan application through the Services, we collect information provided by Guests that is required by the lender to process each application (collectively, "Loan Application Information"). We use Loan Application Information to evaluate, process, and underwrite the loan application. We will also retain and use Loan Application Information in our capacity as a lender, or as a service provider to a lender, including to establish and administer loan accounts, protect Guests from fraud, and to satisfy certain regulatory requirements. Our collection, use and disclosure of Loan Application Information will comply with the lender’s privacy policy and applicable law. We may supplement the Loan Application Information with information from other sources, such as credit bureaus and the higher education institution or employer for which the Guest seeks a loan (as applicable). All supplementary information is treated as Personal Data when it directly or indirectly identifies the Guest.
  • We may ask a Guest to complete an optional survey about his or her experience with the Services. Guests are not required to complete surveys. We use the information provided in survey responses to improve our products and services.
  • When a Guest submits a request for support, we may collect the following types of Personal Data: name, telephone number, email address and other information that the Guest chooses to give us to respond to the support request.
  • We automatically collect the date and time of the Guest’s access to the Services. Depending on the settings of a Guest's computer or mobile device ("Device"), We may also automatically collect: Device make, model, screen resolution, plug-in information, language preference, browser type and language; country and time zone in which the Device is located; and metadata stored on the Device. This information is collected through cookies and/or flash stored objects (FSOs).

All Personal Data is collected to operate, manage, improve, and ensure the technical functionality and security of the Services. Before we use Personal Data for a purpose that is materially different from the purpose for which we collected it (as set forth in this Privacy Shield Policy) or that was later authorized, Cognition Financial will provide Guests with the opportunity to opt out.


2. Choice

To the extent Cognition Financial collects a Guest’s Personal Data on any one or more of the Websites, we will obtain opt-in consent whenever Privacy Shield requires, including if we disclose Personal Data to non-agent third parties or before Personal Data is used for a different purpose than that purpose for which it was collected or later authorized.

Please send requests to limit the uses or disclosures of Personal Data to

3. Accountability for Onward Transfer

Cognition Financial shares Personal Data collected through the Services as follows:

  • Service Providers: We may share Information with service providers with whom we have contracted to perform services on our behalf, such as companies that help us process and service loans, and, where permitted by law, companies that help us market products and services.
  • Corporate Transaction: We may share and transfer personal data if we are involved in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control by Cognition Financial or any affiliated company (in each case, whether in whole or in part).


If we transfer Personal Data covered by this Privacy Shield Policy to a third party, we take reasonable and appropriate steps to ensure that each third-party transferee processes Personal Data transferred in a manner consistent with our obligations under the Privacy Shield Principles. We will ensure that each transfer is consistent with any notice provided to Guests and any consent they have given. We require a written contract with any third party receiving Personal Data and ensure that the third party processes the Personal Data for limited and specified purposes consistent with any consent provided by Guests and provides at least the same level of protection as is required by the Privacy Shield Principles. We take reasonable and appropriate steps to ensure that third parties process Personal Data in a manner consistent with our obligations under the Privacy Shield Principles. If it is determined that the third party cannot meet its obligations, it is required to take reasonable and appropriate steps to remediate or cease processing Personal Data.

Under certain circumstances, we may be required to disclose Personal Data (i) in response to valid requests by public authorities, including for national security, law enforcement, or regulatory requirements, (ii) in response to any legal process served on Cognition Financial or any applicable lender, (iii) to protect the rights or property of Cognition Financial or any applicable lender.

Cognition Financial remains liable under the Privacy Shield Principles if a third-party performing services on our behalf processes Personal Data that we transfer to them that is covered by this Privacy Shield Policy in a manner inconsistent therewith unless we can prove we were not a party to the events giving rise to any damages.

4. Security

We take appropriate measures to protect Personal Data covered by this Privacy Shield Policy from loss, misuse and unauthorized access, disclosure, alteration, unavailability and destruction. In determining these measures, we consider the risks involved in the processing and the nature of the Personal Data.

5. Data Integrity and Purpose Limitation

We adhere to the Privacy Shield Principles for as long as we retain Personal Data in identifiable form. We take reasonable and appropriate measures to comply with the requirement under the Privacy Shield to retain Personal Data in an identifiable form only for as long as it serves a purpose of processing.

We limit the collection of Personal Data covered by this Privacy Shield Policy to information that is relevant for processing. We do not process Personal Data in a way that is incompatible with the purpose for which it was collected or later authorized by a Guest.

6. Access

A Guest whose Personal Data is covered by this Privacy Shield Policy has the right to access his or her Personal Data and to correct, amend, limit use of or delete the Personal Data if the Personal Data is inaccurate or processed in violation of the Privacy Shield Principles. Notwithstanding the foregoing, we are not required to grant the rights to access, correct, amend and delete Personal Data if the burden or expense of providing access, correction, amendment or deletion is disproportionate to the risks to the Guest’s privacy or if the rights of persons other than the Guest are or could be violated.

Please submit requests for access, correction, amendment or deletion to

7. Recourse, Enforcement, and Liability

In compliance with the Privacy Shield Principles, we commit to resolve complaints about Guests’ privacy and our collection or use of Personal Data transferred to the United States pursuant to the Privacy Shield Principles. European Union and Swiss Guests with inquiries or complaints about the Privacy Shield Principles should first contact us at

We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If a Guest does not receive a timely acknowledgment their complaint, or if their complaint is not satisfactorily addressed, please visit for more information and to file a complaint. This service is provided free of charge.

If a complaint cannot be resolved through the above channels, under certain conditions, a Guest may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at

We commit to periodically review and verify our compliance with the Privacy Shield Principles and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. We acknowledge that our failure to provide an annual self-certification to the U.S. Department of Commerce will remove us from the Department’s list of Privacy Shield participants.

Changes to this Cognition Financial Privacy Shield Policy

Cognition Financial may amend this Privacy Shield Policy, including notice about any amendment, consistent with the requirements of the Privacy Shield Principles.

How to Contact Cognition Financial

If a Guest has any questions about this Privacy Shield Policy or would like to request access to their Personal Data, please contact us as follows:

Cognition Financial Corporation
200 Clarendon Street, 3rd Floor
Boston, MA 02116
Attention: Information Security