How does Cosine handle security, privacy, and IP?
Cosine is designed for enterprise-grade security. Whether deployed in the cloud, inside your VPC, or fully on-premise, Cosine ensures your source code, data, and intellectual property remain protected at all times.
Security foundations
Section titled “Security foundations”Data isolation
Section titled “Data isolation”Every customer runs in a dedicated, isolated workspace — no data or context is ever shared between tenants. Each environment has its own storage, model instance, and encryption keys.
Encryption
Section titled “Encryption”- In transit: All communications use TLS 1.3 encryption.
- At rest: Repository data, logs, and model artifacts are encrypted using AES-256.
Access control
Section titled “Access control”- Role-based access control (RBAC) with fine-grained permissions.
- Single sign-on (SSO) and SCIM support for enterprise identity providers (Okta, Azure AD, Google Workspace).
- Full audit logging of user and system activity.
Network security
Section titled “Network security”- Private networking with zero trust principles.
- Optional IP allowlisting.
- Support for VPN, VPC peering, and private endpoints.
Data privacy and ownership
Section titled “Data privacy and ownership”Cosine never trains on customer data. Your code, tickets, and documentation remain your property and are never used to improve shared models.
- No data is transferred to third-party LLM providers unless explicitly approved.
- Customers can request deletion of all stored artifacts at any time.
- Enterprise deployments (VPC/on-prem) guarantee zero egress of source code.
Compliance and certifications
Section titled “Compliance and certifications”Cosine follows industry-standard security frameworks and is in the process of formal certification:
- SOC 2 Type II – in audit phase, completion expected 2025.
- ISO/IEC 27001 – in implementation.
- Aligns with GDPR and CCPA for data protection.
Cosine is already deployed inside organizations whose standards exceed SOC 2 — including global investment banks and defense contractors.
Optional customer controls
Section titled “Optional customer controls”- Custom key management (KMS) – Bring your own encryption keys.
- Data retention policies – Configurable data lifespan and auto-purge schedules.
- Audit exports – Stream logs to your SIEM (Splunk, Datadog, etc.) for centralized monitoring.
Why this matters
Section titled “Why this matters”Most AI tools depend on third-party APIs that require data egress. Cosine’s vertically integrated architecture allows you to operate securely inside your own perimeter — even fully air-gapped if needed.