How Cognoir treats your documents and your data.

Every answer is cited. When Cognoir gives an answer, it points to the passage it came from. You can verify the citation in two clicks. This is not a feature; it is how the system works.

Workspaces are isolated. The retrieval system queries only the documents in the workspace of the user asking the question. Your library never appears in another customer’s results.

Delete is delete. When you delete a document, it is removed from storage and from the search index. No soft deletes, no shadow copies, no retention beyond the operational window required to serve the current request.

Your documents are not used to train AI models.

Cognoir does not train models on customer data. The providers we use for the underlying language and retrieval work also do not train on input data sent through our integration; their commercial terms with us prohibit it, and we pass that protection through to you.

If a future provider changed those terms, we would change providers.

Encryption. Documents are encrypted at rest (AES-256, managed by our storage and database providers) and in transit (TLS 1.3 everywhere). Encryption keys are not held by Cognoir in plaintext.

Region. US and EU hosting available at signup. EU hosting means document storage and processing in EU regions only.

Authentication. Email verification on signup, password hashing with industry-standard algorithms, lockout after repeated failed login attempts, breached-password rejection when you change or reset your password.

GDPR. EU and UK users can export their full data (documents, conversations, generated content, audit log) within 24 hours of request, delivered as JSON. Account deletion is irreversible and removes everything except a minimal deletion record.

Account deletion. When you delete your account, all documents, conversations, generated study materials, knowledge bases, and personal data are removed from production storage and the search index within minutes. A record that the deletion occurred (date, account ID, no content) is retained for seven years for fraud and abuse protection.

Audit log. Every meaningful action on your account — uploads, deletions, sharing changes, billing changes — is logged with timestamp, user, and action. You can export your audit log alongside your data export.

On our terms, not theirs. Every provider is contractually prohibited from training on your content or repurposing it. We hold each to the standards on this page — encryption in transit and at rest, strict workspace isolation, and deletion that propagates through to them.

No single point of dependency. Each provider is interchangeable: our model, retrieval, storage, and database layers are abstracted so a provider can be replaced without disrupting your workspace or weakening these guarantees. If a provider ever changed terms in a way that conflicted with them, we would move.

Transparent to customers. The current subprocessor list — each provider, its role, and the data it handles — is available to customers on request, and we notify customers in advance of any change. Ask at security@cognoir.com.

We follow GDPR 72-hour breach notification timelines.

Our status page is at status.cognoir.com.

Found a security issue? security@cognoir.com