1. AI and ML Policy
No training of AI
Cogram does not use customer data to train AI or machine learning models.
Human review of AI-generated content
Meeting notes or reports drafted by Cogram are only accessible to Cogram's user and are not automatically shared with others.
2. Product Security
Multi-Factor Authentication
Two-factor authentication can be enabled by individual users or enforced on an organizational level.
Single Sign-On (SSO)
Cogram supports authentication via SAML-based SSO (2.0).
Role-based Access Controls (RBAC)
Use RBAC to manage permissions based on user roles, on an organization-, group-wide, or user level.
3. Data Storage
Encryption
Industry-standard security policies, including Transport Layer Security (TLS) for in-transit and AES-256 for at-rest encryption of data.
Custom Data Retention Timelines
Automatically delete data after custom retention timelines or manually on request.
Regular backups
Data is automatically backed up to enable recovery in case of an incident that leads to loss of data.
Custom Data Storage Locations
Cogram can support data storage in a geography of the customer's choice.
4. Advanced Deployment Options
Private Cloud or On-prem Storage
Host Cogram's core database in an enterprise private cloud environment on Microsoft Azure, Amazon AWS, or Google Cloud, or on-premise.
5. Legal
Subprocessors
Cogram uses a minimal set of subprocessors consisting only of services strictly required for product performance.
Custom Master-Services Agreement (MSA), Data Processing (DPA), and Service-Level (SLA) Agreements
Beyond Cogram's standard MSA and DPA, Cogram can work with custom DPAs and SLAs.
6. Compliance and External Audits
Penetration Testing
Cogram commissions annual penetration testing by an experienced third-party provider.
SOC 2 Type II
Cogram is SOC 2 Type II certified.
GDPR
Cogram complies with the GDPR.
