- Trust Centerhttps://trust.cognigy.com
Cognigy complies with the California Consumer Privacy Act (CCPA), which gives California residents the right to know what personal information is being collected about them and the right to request that it be deleted. Cognigy enables its customers to meet their CCPA obligations by providing tools and features to manage and protect personal information collected through its conversational AI solutions.
Cognigy has successfully completed the Cloud Security Alliance's Consensus Assessments Initiative Questionnaire (CAIQ) version 4.0.2 for the STAR Security Questionnaire. By undergoing this comprehensive assessment, we have demonstrated our commitment to transparency and adherence to industry-recognized security practices. The completion of the CAIQv4.0.2 STAR Security Questionnaire affirms our dedication to maintaining the highest levels of security and compliance for our customers on our cloud-based conversational AI platform, Cognigy.AI.
3 more topics
- Product Security
- Data Security
- Data Encrypted At-Rest
Cognigy uses Data Encrypted At-Rest to protect sensitive data stored on its servers. This means that data is encrypted when it is stored on disk, making it unreadable to anyone who does not have the encryption key.
As a European company, we at Cognigy understand the importance of data privacy and are fully committed to protecting the information our customers provide when using our conversational AI platform, Cognigy.AI. We adhere to the strictest data protection regulations, including the General Data Protection Regulation (GDPR), to ensure that our customers' data is collected, stored, and processed in a secure and compliant manner.
When using Cognigy.AI, our customers can rest assured that their data is protected with robust encryption algorithms such as HTTPS and SSL. Furthermore, user passwords for Cognigy.AI accounts are encrypted and hashed in accordance with our encryption policy, ensuring maximum protection against unauthorized access.
At Cognigy, we do not share any personally identifying information with third-parties unless required to do so by law, and we take all necessary measures to ensure that our customers' data is handled in accordance with industry standards and regulations. Our commitment to data privacy and security is unwavering, and we are dedicated to providing our customers with a trustworthy and compliant Enterprise Conversational AI solution.
- Data Retention Policy
At Cognigy, we retain data only for as long as necessary to fulfill our business or legal obligations, including regulatory or contractual requirements. When data is no longer required, it is securely disposed of or archived in accordance with our Data Management Policy, which provides detailed information on retention periods. Data owners may, in consultation with legal counsel, determine the appropriate retention periods for their data.
1 more topic
- Incident Management & Response
- Data Breach Notification
Cognigy operates a formal security incident response plan that is governed by our Information Security Policy and related procedures. Escalation procedures exist to ensure the timely communication of any data breach through the management chain and to any affected customers without undue delay.
- Incident Response Plan (IRP)
Cognigy has an Incident Response Plan that outlines our Security Incident management process. This policy details our escalation procedures and communication plans in the event of an incident, ensuring that any incidents are addressed and remediated as quickly as possible while keeping affected customers informed. To obtain a copy of our Incident Response Plan and learn more about our procedures, please make a request.
- Availability & Reliability
- Auto Scaling
- Data Redundancy
At Cognigy, data redundancy is available as a commercial option to our customers, providing an additional layer of protection for their data by ensuring that it is backed up in multiple locations.
2 more topics
- Organizational Security
- Confidentiality Agreements
- Employee Background Checks
We conduct employee background checks where applicable by law to ensure that our team is comprised of trustworthy and qualified individuals who meet our high standards of performance, ethics, and compliance.
7 more topics
- Business Continuity
- Disaster Recovery Plan
Cognigy has a comprehensive Business Continuity and Disaster Recovery Plan in place that outlines our response to unplanned disruptions such as natural disasters, power outages, cyberattacks, and other unforeseen circumstances. Our plan is designed to ensure the continuity of our operations, minimize the impact of disruptions, and quickly restore services to our customers in accordance with their SLAs.
- Data Backups
Cognigy stores all customer data on fully redundant Amazon Web Services (AWS) storage systems, with backups stored in secure AWS facilities offsite from production facilities to ensure maximum protection against data loss. Additionally, access to backup media is highly restricted, ensuring that customer data remains secure and confidential.
- Physical Access Control - Data Center
Cognigy leverages industry-leading Amazon Web Services (AWS) and Microsoft Azure data centers, which implement the highest physical security measures to protect our customers' data. These data centers employ best practices such as badge and biometric access entry systems, redundant power sources, redundant air conditioning units, and fire suppression systems. Additionally, 24/7 security personnel and cameras monitor the data centers to ensure that only authorized personnel have access and all access attempts are logged for auditing purposes.
- Threat Management
- Bug Bounty
Cognigy takes the security of our systems seriously, and we value the security community. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users.
We require that all researchers:
Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing
Perform research only within the scope set out below
Use the identified communication channels to report vulnerability information to us
Keep information about any vulnerabilities you’ve discovered confidential between yourself and Trustpage until we’ve had 90 days to resolve the issue.
If you follow these guidelines when reporting an issue to us, we commit to:
Not pursue or support any legal action related to your research
Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within 72 hours of submission)
Recognize your contribution in our Security Researcher Hall of Fame below, if you are the first to report the issue and we make a code or configuration change based on the issue
Consider paying a cash reward if the vulnerability is determined to be of high impact and probability
The impact assessment is based on the attack’s potential for causing privacy violations, financial loss, and other user harm, as well as the user-base reached.
The probability assessment takes into account the technical skill set needed to conduct the attack, the potential motivators of such an attack, and the likelihood of the vulnerability being discovered by an attacker.
If you believe you’ve found a security vulnerability in one of our products or platforms please send it to us by emailing [email protected] Please include the following details with your report:
Description of the location and potential impact of the vulnerability;
A detailed description of the steps required to reproduce the vulnerability (POC scripts, screenshots, and compressed screen captures are all helpful to us); and
To learn more about the qualifying vulnerabilities that apply to our program, please read our full Vulnerability Disclosure Policy.
- Penetration Testing
2 more topics
Sign up to view Cognigy's Subprocessors
Sign up to see the rest of Cognigy's posture and unlock unlimited access.
Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.