Trust & Infrastructure

Security, Residency, and Ownership.

Details about CogniSwitch's Security certifications, data residency options, deployment models, and what it means to own your intelligence layer.

Security Certifications

SOC 2
Type I Verified
HIPAA
Compliant
BAA
Available
AES-256
Encryption
Encryption at rest
AES-256 via AWS KMS
Customer-managed keys available on Enterprise plans
Encryption in transit
TLS 1.3
Penetration testing
Annual third-party assessment
Reports available under NDA
Access control
Role-based with MFA enforcement
Quarterly access reviews
View full security controls

Data Residency

Your data stays in the region you choose. We do not replicate customer data across regions without explicit consent.

Available regions
US (N. Virginia, Oregon), EU (Frankfurt, Ireland)
Additional regions available on request
Data isolation
Logical tenant isolation with dedicated encryption keys
Cross-border transfers
None by default
Required transfers use Standard Contractual Clauses
GDPR compliance
Data processing agreements available

Deployment Options

Choose the deployment model that fits your security and operational requirements.

Multi-tenant Cloud

Shared infrastructure with logical isolation. Fastest to deploy, lowest operational overhead.

    • SOC 2 / HIPAA compliant
    • Automatic updates
    • 99.9% uptime SLA
    • Standard data residency options

Dedicated Cloud

Single-tenant deployment in isolated infrastructure. Your own environment, our management.

    • Dedicated compute & storage
    • Custom data residency
    • Network isolation (VPC)
    • 99.95% uptime SLA

On-Premise

Deploy within your own infrastructure. Maximum control for regulated environments.

    • Air-gapped option available
    • Your security perimeter
    • Custom integration support
    • Dedicated success engineer

Intelligence Ownership

Your knowledge graphs, policies, and extracted intelligence belong to you.

Knowledge graphs
Customer-owned, exportable anytime
Standard formats: JSON-LD, RDF, custom
Model training
We never train on your data
Your data improves only your instance
Data portability
Full export within 72 hours of request
Deletion
Complete removal within 30 days
Cryptographic verification available

Data Handling

What we do and don't do with your data.

We do
    • Process your documents to build knowledge graphs
    • Store your data in your chosen region
    • Encrypt everything at rest and in transit
    • Provide complete data export on request
    • Delete your data within 30 days of contract termination
We don't
    • Train foundation models on your data
    • Share your data with other customers
    • Access your data without explicit authorization
    • Retain data after contract termination
    • Sell or monetize your information

Trust isn't built through promises. It's built through transparency, verifiable controls, and giving customers ownership of their intelligence.

Request Security Review