Security & Trust

Built for Security, Designed for Trust.

At Cognlay, security isn't a post-script—it's the core primitive. Here is how we protect your reputation and your data.

Enterprise-Grade Encryption

In transit: TLS 1.3. At rest: AES-256 for stored data. OAuth tokens are encrypted and we never see your password.

Secure OAuth Authentication

Google authentication happens directly with Google. Cognlay receives a secure access token (not your password).

Minimal Data Access

We request only the Gmail API permissions needed for outbound automation and reply tracking.

SOC 2-Level Security

RBAC, audit logging, MFA for production access, and dependency scanning. Built for enterprise reliability.

Isolated Data Architecture

Logical isolation per customer. AI processing happens in isolated contexts to ensure privacy.

Transparent Response

Automated monitoring for anomalies. Confirmed breaches trigger notifications within 72 hours.

Gmail API Scope Disclosure

gmail.sendAutonomous drafting and sending
gmail.readonlyReply tracking and sentiment analysis
gmail.modifyThread label management

We never request access to Drive, Calendar, or permission to delete your communications.

Compliance FAQ

Who can access my data?

Only authorized Cognlay personnel who need access to provide support. All access is logged and auditable.

Where is my data stored?

Google Cloud Platform infrastructure. Data does not leave authorized regions without consent.

Can Cognlay read my emails?

We require read access for reply detection. No human reads your emails unless explicitly requested for support.