Security by Design. Privacy by Default.

Enterprise-grade security with multi-tenant isolation, encryption, and compliance frameworks to protect your most sensitive data.

Defense in Depth

Multiple layers of security controls protect your data at every level of the stack.

Application Security

  • SQL injection protection with parameterized queries
  • XSS prevention and input sanitization
  • CSRF token validation
  • Rate limiting on all API endpoints
  • Secure session management with JWT

Data Protection

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Multi-tenant data isolation
  • Encrypted backups with point-in-time recovery
  • Secure file upload validation

Access Control

  • Role-Based Access Control (RBAC)
  • Granular permissions per role
  • Password hashing with bcrypt
  • Session timeout and invalidation
  • SSO and OAuth2 integration support

Monitoring & Audit

  • Comprehensive audit logging
  • Real-time security monitoring
  • Automated threat detection
  • Activity tracking per user
  • Advanced log analysis

Multi-Tenant Architecture

Cognaium operates on a true multi-tenant architecture where each organization's data is completely isolated. We use tenant-specific identifiers at every layer of the stack to ensure data never crosses organizational boundaries.

Subdomain Routing

Each organization gets a dedicated subdomain with automatic request routing and validation.

Data Isolation

Tenant ID validation on every database query ensures complete data segregation.

Credential Isolation

Per-tenant encryption keys and authentication contexts prevent cross-tenant access.

100%
Data Isolation
0
Cross-Tenant Access
Real-time
Validation
Automatic
Routing

Compliance & Certifications

Built to meet the most stringent regulatory requirements across industries.

HIPAA (Healthcare)

Full compliance for Protected Health Information (PHI) with administrative, physical, and technical safeguards. BAA available for enterprise customers.

GDPR (Europe)

Data protection and privacy controls including right to erasure, data portability, and consent management for EU operations.

SOC 2 Type II Aligned

Infrastructure built to audit-ready standards for security, availability, processing integrity, and confidentiality.

AI Detection
Audio Monitoring
Browser Security
Violation Logging

Proctoring Security

Our proctoring system uses AI-powered person detection and audio monitoring, ensuring assessment integrity while respecting privacy. All proctoring data is encrypted and can be deployed on-premise for enterprise customers.

  • Local processing option for sensitive environments
  • Encrypted WebSocket connections
  • Configurable data retention policies
  • GDPR-compliant consent workflows