We are excited to announce Trustpage has been acquired by Vanta!

Read the press release →
Company logo


  • Website
  • Trust Center

  • Compliance

    • GDPR

      Cognota complies with all post-Schrems II DPA requirements.

  • Product Security

    • Audit Logs

      Every event in the stack generates an event log as data assets are processed and/or their state is modified. An audit log is kept for all major actions performed by users within the Cognota application. For each action, the audit log contains the user or service which performed the action, the process which generated the event log, and a time stamp synced to the logging service. Passwords are not logged. The audit log is only accessible to Cognota administrators via the available interface; no programmatic access is available, nor are internal processing logs shipped outside of the secure environment.

    • SAML SSO

      Customers are encouraged to configure access into Cognota through an SSO via SAML 2.0 with their IdP.

  • Data Security

    • Data Encrypted At-Rest

      All Customer Data and Confidential Information is encrypted at-rest using AES256, both in the application database and in the encrypted data backup process.

    • Data Encrypted In-Transit

      All upstream and downstream data transfer between the user’s machine and the application servers and services is done over an encrypted connection denoted by the “https://” URL. The Cognota application encryption is based on a 2048-bit SSL certificate and 256-bit encryption with only TLS v1.2+ protocols allowed with the “MEDIUM” and “HIGH” class of cipher suites (anonymous DH ciphers disabled). If a user tries to visit a non-encrypted (“http://”) URL, they are redirected to the “https://” equivalent to force the encrypted connection at all times. Additionally, all internal processing flows between service components are encrypted using TLS v1.2+ transport.

    • 1 more topic

  • Privacy

    • Privacy Policy
    • Data Retention Policy

      Customer Data is destroyed at the conclusion of the engagement. No Customer Data is retained after the end of the commercial relationship. All Customer Data is destroyed according the process described in the Cognota Customer Data Return & Destruction Policy.

    • 2 more topics

  • Incident Management & Response

    • Data Breach Notification

      Security incident notification are governed by the terms located in Section 6 of the Terms of Service, and under Exhibit 3 of the Data Processing Agreement.

      In event of a Security or Privacy breach incident, all Customers will be notified in writing within 24hrs of incident validation, and will receive regular reports as the incident is addressed and ultimately remediated.

    • Incident Response Plan (IRP)

      A copy of Cognota's Incident Response policy document is available to all Customers under NDA.

  • Availability & Reliability

    • Service Monitoring

      Cognota utilizes both internal and external monitoring solutions to check the health, responsiveness, and uptime of its processing environment. When monitoring agents identify an anomalous event, appropriate team members are notified and the response process activated via email, secure corporate chat, and SMS notifications.

  • Organizational Security

    • Employee Background Checks

      Prior to onboarding, all personnel must successfully complete employment, education, and criminal background checks.

    • Employee Security Training

      All Cognota personnel are required to undergo security awareness and security policy training annually, with consent and compliance recorded for audit and assurance purposes.

    • 2 more topics

  • Business Continuity

    • Business Continuity Plan

      The Cognota Business Continuity program covers corporate operations, work-from-home process, pandemic operating procedures, and customer support and success to ensure uninterrupted service to all Customers. The Cognota Business Continuity Policy is available for review to all Customers under current NDA.

    • Disaster Recovery Plan

      The Cognota Disaster Recovery program covers production operational disruption, security incidents, privacy incidents, force majeure events, and material non-compliance events. The Cognota Disaster Recovery policy is available for review to all Customers under current NDA.

    • 1 more topic

  • Threat Management

    • Static Application Security Testing (SAST)

      Cognota utlizes the Veracode platform for code security, assurance, and FOSS compliance.

  • Subprocessors

    • Sign up to view Cognota's Subprocessors

Sign up to see the rest of Cognota's posture and unlock unlimited access.

Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.

Sign Up
Join the community:
Copyright © 2023 Trustpage. All rights reserved.
Logos provided in part by Clearbit.