top of page

Security + Data Process

How your data is handled

At Cognify, we prioritize the safety and security of your data through a meticulously designed data processing system. From the initial data request to the final deletion, we employ industry-leading security measures such as SOC2 and FERPA compliance, along with AES-256 encryption and multi-factor authentication. Our process includes anonymization techniques to protect personally identifiable information and continuous monitoring to ensure data integrity. We maintain strict role-based access controls and use secure communication channels throughout the entire data lifecycle. Rest assured, every step is taken to safeguard your data, providing peace of mind during your entire engagement with us.

Data
Process

Step 1

​

Data Request

  • Action: Cognify will submit a formal data request to the university.

  • Compliance: Cognify will ensure the request complies with SOC2, FERPA, GDPR, etc.

  • Security: Both parties will use secure communication channels (encrypted emails, secure FTP).

Step 2

​

Data Transfer

  • Action: Client will upload received data in a secure, access-controlled environment (2-factor, AES-256 encrypted Dropbox).

  • Compliance: Client will verify that Cognify’s encryption standards comply with university policies.

  • Security: Role-based access control and multi-factor authentication will be implemented.

Step 3

​

Data Preparation

  • Action: Cognify will anonymize any PII before model training (although the transfer of PII is strongly discouraged by Cognify).

  • Compliance: Cognify will ensure anonymization methods meet regulatory standards.

  • Security: Cognify will validate that anonymized data cannot be re-identified.

Step 6

​

Model Deployment

  • Action: Cognify will deploy models to select individuals via API, then deploy en masse once individuals approve of performance and security.

  • Compliance: Cognify will ensure continuous monitoring and logging of access and usage.

Step 5

​

Model Training

  • Action: Cognify will train AI models in a secure, isolated environment (API testing only) and will contract hosting/other AI for third-party accuracy testing.

  • Compliance: Cognify will confirm data policy with the latest LLM DPAs.

  • Security: Cognify will use encryption for data at rest and in transit during model training.

Step 4

​

Data Processing

  • Action: Cognify will utilize Unstructured.io for data conversion to JSON.

  • Compliance: Cognify has ensured third-party compliance with data protection regulations.

  • Security: Cognify will maintain encrypted data during processing and use secure APIs for data transfer.

Step 7

​

Content Deletion

  • Action: Upon client request, Cognify will delete all university material from the training set.

  • Compliance: Delete content via agreed-upon standards with clients (such as NIST800-88 standards).

bottom of page