Enterprise-Grade Security

Your compliance data deserves the highest level of protection. Kognisense is built on a foundation of UK data residency, enterprise encryption, and zero-trust architecture.

UK Data Residency

All data stored exclusively in AWS London regions. Your information never leaves the UK, ensuring compliance with UK and EU data protection standards.

VPC Isolation

Each customer's data is completely siloed in isolated virtual private cloud environments. Your data never mingles with other customers.

End-to-End Encryption

AES-256 encryption at rest, TLS 1.3 in transit. All documents and extracted data are encrypted throughout the entire processing pipeline.

No AI Training on Your Data

Your proprietary supplier information is never used to train public AI models. Your data stays yours—private, secure, and confidential.

SOC 2 Type II Alignment

Following industry-standard SOC 2 Type II controls for security, availability, processing integrity, confidentiality, and privacy.

Regular Security Audits

Third-party penetration testing and security assessments to ensure our platform meets the highest security standards.

Our Security Practices

Compliance Certifications

Kognisense follows industry-leading security standards and is working toward formal certifications including:

  • SOC 2 Type II compliance
  • ISO 27001 alignment for information security management
  • GDPR compliance for UK and EU data protection
  • Cyber Essentials (UK government-backed cybersecurity certification)

Data Encryption

All data is encrypted using industry-standard protocols:

  • At Rest: AES-256 encryption for all stored documents, databases, and backups
  • In Transit: TLS 1.3 encryption for all data transmission between your browser and our servers
  • Processing: Encrypted during AI processing using AWS Bedrock's secure infrastructure

Access Controls

We implement strict access controls to protect your data:

  • Multi-factor authentication (MFA) for all user accounts
  • Role-based access control (RBAC) to limit data access
  • Just-in-time (JIT) access for administrative functions
  • Comprehensive audit logging of all system access

Infrastructure Security

Built on AWS's secure, UK-based infrastructure:

  • All resources deployed in AWS London (eu-west-2) region
  • Virtual Private Cloud (VPC) isolation for each customer
  • Network segmentation and firewall protection
  • DDoS protection and intrusion detection systems
  • Regular security patches and updates

Incident Response

We maintain a comprehensive incident response plan to handle security events:

  • 24/7 security monitoring and alerting
  • Dedicated incident response team
  • Documented procedures for breach notification
  • Regular incident response drills and training

Data Backup & Recovery

Your data is protected with automated backup procedures:

  • Daily automated backups with 30-day retention
  • Encrypted backups stored in geographically separate AWS regions within the UK
  • Regular disaster recovery testing
  • Recovery Point Objective (RPO): 24 hours
  • Recovery Time Objective (RTO): 4 hours for critical services

Employee Security

Our team follows strict security practices:

  • Background checks for all employees
  • Regular security awareness training
  • Signed confidentiality and data protection agreements
  • Principle of least privilege access

Vendor Management

We carefully vet all third-party vendors and ensure they meet our security standards:

  • AWS (infrastructure) - SOC 2, ISO 27001 certified
  • Payment processors - PCI DSS compliant
  • All vendors sign data processing agreements (DPAs)

Have security questions?

Our team is here to help you understand our security measures and answer any questions about data protection.

Contact Security Team