On this page
1. Our security principles
Security is built into CogniFlow, not bolted on. Four principles guide every design decision:
- Your data is yours. You own it; we process it only to deliver the service to you.
- Least privilege everywhere. Every person and component gets only the access it needs.
- Wrong should be contained, visible, and reversible. Especially for any automated action.
- Confidentiality is structural. Customers receive intelligence — never our methods, and never another customer's data.
2. Deployment models
| Model | Where it runs | Best for |
|---|---|---|
| Standard & Industry 5.0 (cloud) | Cognitive Lab's managed, multi-tenant cloud | Most manufacturers |
| CogniFlow Secure | Entirely inside the customer's own environment, air-gapped | Defense, government, critical infrastructure |
The same security principles apply across all models. The Secure model additionally keeps all data and processing within the customer boundary, with no external calls — see Section 9.
3. Multi-tenant isolation
In our cloud tiers, every customer workspace ("tenant") is logically isolated. Each request is bound to its tenant, and the platform is designed so that one tenant can never read, query, or infer another tenant's data. Tenant isolation is enforced consistently across the platform — including the dashboards and APIs that present data — and is verified by our automated test suite.
4. Access control & authentication
- Role-based access control with a clear hierarchy (viewer, analyst, manager, administrator). People see and do only what their role permits.
- Authentication via secure sign-in, with support for enterprise single sign-on (SSO/SAML) for customers who require it.
- Internal access to production systems is limited to authorised personnel on a need-to-know basis and is logged.
5. Encryption
Data is encrypted in transit using industry-standard TLS, and at rest using strong, widely adopted encryption. Secrets and credentials are managed through dedicated secret-management facilities rather than stored in code or configuration.
6. Safe automation by design
CogniFlow can recommend actions and, where you enable it, take bounded actions in your systems. This capability is wrapped in safety controls that are part of the product's design, not optional add-ons:
- Default-deny authorisation. Nothing is automated unless you have explicitly enabled it, within limits you set.
- Human-in-the-loop. Anything beyond your configured limits is routed to the right person for approval, with full context.
- An instant emergency stop. Anyone can halt all automated action; only an administrator can resume it.
- Reversible by default. Actions are bounded and logged, and the system can reverse an action whose outcome does not match expectations.
- Read-only by default for shop-floor signals. Live machine data is read; the platform does not command machines unless a customer explicitly configures a governed action path.
7. Audit & accountability
Consequential events — recommendations, approvals, automated actions, reversals, and administrative changes — are recorded in a tamper-evident audit record that can be reconstructed in plain language after the fact. Access to dashboards and data is itself auditable. This makes automated operations explainable, accountable, and defensible to auditors and regulators.
8. Protecting your data — and our IP
Our confidentiality model protects both directions:
- Your data is isolated to your tenant (or kept entirely on-premises in the Secure model) and is never sold, never used for advertising, and never shared with other customers.
- Our intellectual property — the methods that produce the intelligence — is never exposed to customers or third parties. You receive results and explanations, not algorithms or architecture. This protects the integrity and security of the platform for everyone.
9. CogniFlow Secure (air-gapped / defense)
- Fully self-contained. The entire platform — including its intelligence — runs inside the customer's environment, with no external calls. The boundary is verified by test, not merely asserted.
- One-way data boundary. A proprietary boundary architecture allows classified and unclassified operations to share intelligence safely, under the customer's classification policy.
- Offline by design. Licensing and software updates are delivered as signed packages that are verified before they are applied; expiry never harms or deletes customer data.
- Full audit of every movement. Every data movement and action is recorded for compliance.
10. Infrastructure & operational security
- Cloud infrastructure is hosted with a leading provider in hardened, access-controlled facilities.
- Production environments are separated from development and test.
- Backups and recovery procedures are maintained to support availability and resilience.
- Changes to production follow controlled, reviewed processes.
11. Vulnerability management
We keep dependencies current, monitor for known vulnerabilities, and apply security updates on a risk-prioritised basis. Our software is developed with security in mind, including code review and automated testing. We welcome responsible disclosure of potential vulnerabilities (see Section 14).
12. Incident response
We maintain an incident-response process to detect, contain, investigate and remediate security incidents. If a security incident affects your personal data or Customer Data, we will notify affected customers without undue delay and in line with applicable law and contractual commitments, and will cooperate on remediation.
13. Compliance & certifications
We design our practices to support our customers' obligations under applicable privacy and security laws, including Canada's PIPEDA, the EU/UK GDPR, and US state privacy laws. See our Privacy Policy for data-handling details and a Data Processing Addendum for GDPR customers.
14. Reporting a security concern
If you believe you have found a security vulnerability or have a security concern, please contact us through the contact form and mark it as a security matter. We take every report seriously and will respond promptly. Please give us a reasonable opportunity to investigate and remediate before any public disclosure.
Questions about this document? Contact our privacy and security team via the contact form. We respond personally within 48 hours.