Security
Your data, protected
Cogito has deep access to your business data. That access demands equally deep security. All data encrypted, never used for model training, scoped to each user's permissions, and fully under your control.
Data protection
Your business data is encrypted, isolated, and under your control at every stage.
Encrypted everywhere
TLS 1.3 in transit, AES-256 at rest. All data encrypted at every stage.
Minimal retention
We only keep data as long as necessary. Request complete deletion anytime - we purge everything within 30 days.
Data residency
Your data is hosted on AWS in the US (us-east-1) and EU (eu-west-1). Choose your region during setup.
Revoke access anytime
Disconnect any integration instantly. Request full data deletion and we purge everything - indexed content, conversation history, all of it.
Access & permissions
Fine-grained controls that respect your existing security policies.
Per-user permissions
Cogito respects your existing tool permissions. If someone can't access a Slack channel, Cogito won't use it to answer their questions.
SSO & SAML
Single sign-on via SAML 2.0 and OIDC. Enforce your identity provider, MFA policies, and session controls from day one.
OAuth-only integrations
Cogito connects to your tools via OAuth 2.0. We never store your passwords. Tokens are encrypted and scoped to the minimum permissions required.
Admin controls
Manage your team from a single dashboard. Assign roles, control who can access what, review usage, and set policies - all without contacting support.
AI & processing
Full transparency into how your data is processed and which providers are involved.
No model training
Your data is never used to train AI models. Queries are sent to providers solely to generate a response and are not stored.
Vetted AI providers
All AI vendors are vetted for data protection. Their terms prohibit using your data for training. We don't sell or share your data with anyone.
Transparent AI processing
Queries are processed via enterprise APIs from OpenAI and Anthropic with zero-retention agreements. Your data is never stored by AI providers.
Operations
Security built into every layer of how we build and run Cogito.
Full audit trail
Every query, action, and data access is logged. Export audit logs anytime for compliance review.
Strict internal access
Employee access requires MFA, follows least privilege, and is logged. No one accesses customer data without justification.
Secure infrastructure
Production cloud with 24/7 monitoring, automatic failover, and regular security assessments.
Responsible disclosure
We welcome responsible security disclosure. If you find a vulnerability, contact security@trycogito.ai. We respond within 24 hours.
Where we are today
Cogito is pre-launch. We've built security into the architecture from day one, but we haven't completed formal certifications yet.
SOC 2 Type II and ISO 27001 certifications are on our roadmap. GDPR-ready data handling is built in. If your organization has specific compliance requirements, we're happy to discuss how we can meet them.
Questions about security?
Request our security documentation or ask us anything.
security@trycogito.ai →