How does Cogito actually work?

Cogito connects to your existing tools through secure integrations, absorbing all your business data into a unified intelligence layer. It builds a complete model of your organization - understanding relationships between customers, projects, people, and events. When you ask a question, Cogito synthesizes information across all sources and delivers not just an answer, but the full context and connections you need.

How is this different from other AI tools?

Most AI tools are siloed - they work within one app or require you to copy-paste context. Cogito is fundamentally different. It maintains a continuous, unified understanding of your entire business. It sees the connection between a Slack message, a Salesforce deal, a support ticket, and a Google Doc - all at once.

Is my company data secure?

With great knowledge comes great responsibility. Cogito uses end-to-end encryption (TLS 1.3 in transit, AES-256 at rest), never trains AI models on your data, and is building toward SOC 2 Type II certification. You control exactly what Cogito can see.

Which systems can Cogito connect to?

We're building integrations across every category: communication (Slack, Gmail, Zoom), CRM (Salesforce, HubSpot), documentation (Notion, Google Docs, Confluence), project management (Jira, Asana, Linear), finance (QuickBooks, Xero, Stripe), and more.

How long until Cogito understands our business?

Cogito starts learning immediately. Within minutes of connecting your tools, it begins building its model of your organization. Basic questions can be answered right away. Deeper insights emerge within a few hours to a few days.

Can I try Cogito before committing?

Yes, we offer a 30-day money-back guarantee, so you can experience the full power of unified business intelligence risk-free. We also provide personalized demos.

Privacy Policy - Your Data, Your Rights

Last Updated: January 21, 2026

Privacy at a Glance

The short version:

•Your data belongs to you - we just process it to provide our service
•We never sell your data or share it with advertisers
•We don't use your data to train AI models shared with other customers
•You can export or delete your data at any time
•We only access what you explicitly connect

Read on for the full details, or contact privacy@trycogito.ai with questions.

1. Information We Collect

We collect different types of information depending on how you use Cogito:

Account Information

When you sign up, we collect your name, email address, company name, and role. This helps us provide and personalize our service.

Connected System Data

When you connect third-party services (like Slack, Salesforce, Google Workspace, etc.), we access and process the data you authorize. This may include messages, documents, emails, contacts, and records from those systems. We only access what's necessary to provide our service, and you control which systems to connect.

Usage Data

We collect information about how you use Cogito, including queries you ask, features you use, and actions you take. This helps us improve the product and provide better responses.

Technical Data

We automatically collect technical information like IP address, browser type, device information, and access times. This helps us maintain security and troubleshoot issues.

2. How We Use Your Data

We use your information for these purposes:

Providing the Service

We process your connected data using AI to answer your questions, generate insights, and take actions on your behalf. Your data is processed in real-time and stored securely to enable fast responses.

AI Processing

Cogito uses large language models to understand and respond to your queries. Your data may be sent to AI providers (such as Anthropic, OpenAI, or xAI) for processing. Important details about AI provider data handling:

These providers are contractually prohibited from using your data to train their models
Under standard API agreements, providers may retain data for up to 30 days for abuse monitoring, then delete it
For enterprise customers, we can arrange zero-data-retention (ZDR) agreements where AI providers do not store any of your data
AI providers never use your data for any purpose other than responding to your specific query

Improving the Product

We analyze usage patterns (not your content) to improve Cogito's features, performance, and user experience.

Communications

We send service-related emails (like security alerts and product updates). You can opt out of marketing emails at any time.

Security

We use technical data to detect and prevent fraud, abuse, and security threats.

What We Will Never Do

Sell your data to third parties
Share your data with advertisers
Use your data to train AI models that benefit other customers
Access your connected systems without your authorization

3. Data Sharing

We share your data only in these limited circumstances:

Service Providers (Subprocessors)

We work with trusted providers who help us operate Cogito:

Cloud Infrastructure: We use Amazon Web Services (AWS) to host and store data securely.
AI Processing: We use Anthropic, OpenAI, and/or xAI to power our AI features. These providers process data only to respond to your queries and are prohibited from using it for training.
Email: We use Resend to send transactional emails.
Analytics: We use Mixpanel to understand product usage (not your content).
Payment Processing: We use Stripe to handle billing securely.

All subprocessors are contractually bound to protect your data and use it only for the services they provide to us.

Legal Requirements

We may disclose data if required by law, subpoena, or court order, or to protect the rights, safety, or property of Cogito, our users, or the public.

Business Transfers

If Cogito is acquired or merged, your data may be transferred. We'll notify you before any such transfer.

With Your Consent

We may share data for other purposes if you explicitly consent.

We Never Sell Your Data

To be clear: we do not sell, rent, or trade your personal information to anyone, ever.

4. Your Rights

You have control over your data. Here are your rights:

Access

You can request a copy of all personal data we hold about you.

Correction

You can update or correct inaccurate information in your account settings or by contacting us.

Deletion

You can request deletion of your account and associated data. We'll remove your data within 30 days, except where we're legally required to retain it.

Data Export

You can export your data in a standard format before deleting your account.

Disconnect Integrations

You can disconnect any connected service at any time. When you disconnect, we immediately stop accessing new data from that service and delete all previously synced data from that integration within 30 days.

Opt Out

You can opt out of marketing emails using the unsubscribe link in any email.

For GDPR (EU/UK Residents)

If you're in the EU or UK, you also have the right to: object to processing, restrict processing, and lodge a complaint with your local data protection authority. Our lawful basis for processing is contract performance and legitimate interest.

For CCPA (California Residents)

California residents have the right to know what data we collect, request deletion, and opt out of sale (though we don't sell data). We don't discriminate against users who exercise these rights.

To exercise any of these rights, contact privacy@trycogito.ai

5. Data Security

We take security seriously and implement multiple layers of protection:

Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
Access Controls: We use role-based access controls and audit logs. Only authorized personnel can access customer data, and only when necessary for support or legal compliance. All employees undergo background checks, sign confidentiality agreements, and complete security training before accessing any customer systems.
Infrastructure: We host on AWS with SOC 2 certified data centers. We use network isolation, firewalls, and intrusion detection.
Monitoring: We continuously monitor for security threats and anomalies.
Incident Response: We have procedures to detect, respond to, and notify you of security incidents. In the event of a data breach affecting your information, we will notify you within 72 hours of becoming aware of the breach, as required by GDPR and in line with industry best practices.

No system is 100% secure, but we work continuously to protect your data. If you discover a security vulnerability, please report it to security@trycogito.ai.

6. Data Isolation & Residency

Multi-Tenant Architecture

By default, Cogito operates on a secure multi-tenant architecture where customer data is logically isolated. Each customer's data is separated using strict access controls, encryption, and database-level isolation. No customer can access another customer's data.

Enterprise Options

For enterprise customers with additional security requirements, we offer:

Single-tenant deployment: Your data runs on dedicated infrastructure
Self-hosted deployment: Run Cogito entirely within your own environment

Data Residency

You can choose where your data is stored:

United States
European Union
Switzerland

Your data remains in your chosen region. Contact us to discuss your data residency requirements.

7. Cookies & Tracking

We use cookies and similar technologies to:

Essential Cookies

Required for the service to function (authentication, security, preferences). These cannot be disabled.

Analytics Cookies

Help us understand how you use Cogito so we can improve. We use Mixpanel for this purpose. You can opt out of analytics tracking in your account settings.

Do Not Track

Some browsers offer a "Do Not Track" (DNT) setting. Because there is no consistent industry standard for how to respond to DNT signals, we do not currently alter our practices when we detect a DNT signal from your browser.

We do not use advertising cookies or sell data to advertisers.

Your browser settings allow you to block or delete cookies, but this may affect your ability to use certain features.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide services:

Account Data: Retained until you delete your account.
Connected System Data: Retained while the integration is active. When you disconnect a service, we delete that data within 30 days.
Usage Data: Retained for up to 2 years to improve our service.
Technical Logs: Retained for up to 90 days for security and debugging.

After account deletion, we remove your data within 30 days, except where required by law or for legitimate business purposes (like fraud prevention).

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes:

We'll update the "Last Updated" date at the top
We'll notify you by email for material changes
We'll provide a summary of what changed

Your continued use of Cogito after changes take effect means you accept the updated policy. If you disagree with changes, you can delete your account.

10. Children's Privacy

Cogito is designed for business use and is not intended for children. You must be at least 18 years old to use our service. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected data from someone under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact privacy@trycogito.ai.

11. Links to Third-Party Services

Cogito may contain links to third-party websites or services that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy and terms of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data:

Email: privacy@trycogito.ai

Security issues: security@trycogito.ai

We aim to respond to all privacy inquiries within 5 business days.