Enterprise-grade Security and Control

AI and ML Policy

Cogram is committed to productizing artificial intelligence in a way that safeguards our customers' privacy.
Data use opt-out
Cogram allows you to opt out of having your data used to improve Cogram's services. To do so, please contact support@cogram.com.
PII policies
Cogram never uses personal identifiable information (PII) to train or improve machine learning models. No data are ever shared with third parties for marketing purposes.

Product Security

Multi-Factor Authentication
Two-factor authentication can be enabled by individual users or enforced on an organizational level.
Single Sign-On (SSO)
Cogram supports authentication via enterprise SAML-based SSO.
Role-based Access Controls (RBAC)
Use RBAC to manage permissions based on user roles, on an organization-, group-wide, or user level.

Data Storage

Industry-standard security policies, including Transport Layer Security (TLS) for in-transit and AES-256 for at-rest encryption of data.
Custom Data Retention
Automatically delete data after custom retention timelines or manually on request.
Regular backups
Data is automatically backed up to enable recovery in case of an incident that leads to loss of data.
Custom Data Storage Locations
On request, Cogram can support data storage in a geography of the customer's choice.


Cogram uses a minimal set of subprocessors consisting only of services strictly required for product performance.
Technology and Cyber Insurance
Insurance policies that cover security incidents.
Custom Master-Services Agreement (MSA), Data Processing (DPA), and Service-Level (SLA) Agreements
Beyond Cogram's standard MSA and DPA, Cogram can execute a custom DPA and SLA on request.

Compliance and External Audits

Penetration Testing
Cogram commissions annual penetration testing by an experienced third-party provider.
SOC 2 Type II
Cogram is SOC 2 Type II certified.
GDPR, HIPAA, and Custom Requirements
Cogram complies with the GDPR and can execute a Business Associate Agreement (BAA) under the HIPAA.
Advanced Deployment Options

Dedicated Instance

Services hosted by Cogram on a dedicated virtual server reserved for a single customer's use
Dedicated resources allocated solely for your use. Full control over configurations to optimize Cogram specifically for your requirements.
Data isolation and ability to implement tailored security measures that meet industry-specific data storage requirements.

Private Cloud Storage

Cogram's core database hosted in your private cloud
Host Cogram's core database in an enterprise private cloud environment on Microsoft Azure, Amazon AWS, or Google Cloud.
Compliance and flexibility
Store critical data in your cloud environment while delegating temporary processing to Cogram's cloud services, to combine the compliance of private cloud storage with the flexibility of SaaS.

Private Deployment

To meet the most stringent compliance requirements
Deploy an entire Cogram instance in your enterprise private cloud environment for private cloud storage and processing.
Configurable Scoped Access Rights
Optionally manage updates and enable outside support by provisioning custom scoped access rights for Cogram.
Talk to Sales