Compliance & Data Protection

Meeting the highest standards for data security, privacy, and regulatory compliance across industries.

HIPAA Compliance

Cognaium is designed to be fully compliant with the Health Insurance Portability and Accountability Act (HIPAA). We implement all necessary administrative, physical, and technical safeguards to protect Protected Health Information (PHI).

  • Strict access controls and identity management
  • Comprehensive audit logs for all data access
  • Encrypted data at rest and in transit
  • Business Associate Agreements (BAA) available
  • Regular security assessments and training

GDPR Compliance

For our European customers and global CRO partners, we align our data processing practices with the General Data Protection Regulation (GDPR) requirements.

  • Right to be forgotten and data portability
  • Consent management and preference centers
  • Data minimization and purpose limitation
  • Transparent data processing documentation
  • Data Protection Impact Assessments (DPIA)

Multi-Tenant Data Isolation

Our multi-tenant architecture ensures complete data isolation between organizations. Each tenant's data is segregated at the database level with tenant-specific identifiers enforced on every query.

  • Tenant ID validation on all API requests
  • Subdomain-based routing and validation
  • Separate encryption contexts per tenant
  • Isolated file storage and media assets
  • Cross-tenant access prevention at middleware level

Encryption

AES-256 at rest

Isolation

Per-tenant databases

Audit

Complete logging

RBAC

Granular permissions

SOC 2 Type II Aligned

Our infrastructure is built to audit-ready standards for security, availability, processing integrity, and confidentiality.

CCPA Compliance

California Consumer Privacy Act compliance with data access, deletion, and opt-out capabilities for California residents.

Industry Standards

Following OWASP security guidelines, NIST frameworks, and industry best practices for secure software development.

For compliance documentation, BAA requests, or security questionnaires, please contact our security team. [email protected]

Last updated: January 2026