We see the bill.
Never the content.
Cognocient is a cost-metadata proxy. It sits between your code and AI providers to extract token counts, model names, and attribution headers — and nothing else. Your prompts, responses, and user data are invisible to us by design.
Core security principles
Zero payload logging
Cognocient is a cost-metadata proxy. We extract token counts and attribution headers — we never read, store, or transmit your prompt text or AI responses. Your intellectual property and customer data stay entirely private.
AES-256 key encryption
Your OpenAI, Anthropic, and provider API keys are encrypted at rest with AES-256-GCM. They are decrypted in memory only for the millisecond required to forward your request, then immediately discarded.
Opt-in debug tracing only
Prompt content logging is disabled by default. If your team enables debug tracing for development purposes, it is scoped to a specific API key, has a configurable retention window (max 7 days), and can be wiped on demand.
In-region data residency
Cost metadata is stored in the same region as your account (US or EU). We do not transfer your call metadata across regions. EU customers are stored exclusively on EU infrastructure.
Exactly what we store — and what we don't
No ambiguity. Here is the complete list.
How the proxy handles your request
Your application
│
│ POST /v1/chat/completions
│ Authorization: Bearer sk-cog-YOUR-KEY
│ X-Cost-Feature: ticket-resolver
│ Body: { "model": "gpt-4o", "messages": [...] } ← never read or stored
▼
Cognocient proxy ─────────────────────────────────────────────────────
1. Authenticate your proxy key
2. Extract: model name, token estimate, attribution headers
3. Retrieve your provider key from encrypted vault (in memory only)
4. Forward the UNMODIFIED request to OpenAI / Anthropic / etc.
5. Receive the response → extract: actual token counts, cost
6. Log metadata row: { timestamp, model, tokens, cost, feature, dept }
7. Stream the UNMODIFIED response back to your application
8. Provider key discarded from memory
──────────────────────────────────────────────────────────────────────
│
│ Response streams back immediately
▼
Your application (latency added: ~3–8ms)Added latency is typically 3–8 ms per request — imperceptible to end users and well within provider SLAs.
Compliance posture
Because we never see your data, Cognocient simplifies — rather than complicates — your compliance posture for regulated industries.
GDPR
We process only cost metadata — no PII from your end users. Your account data is processed under standard contractual clauses for EU customers.
HIPAA
Because we never read or store PHI contained in prompts, routing healthcare AI traffic through the proxy does not introduce new HIPAA obligations. We execute BAAs for Business plan customers on request.
SOC 2 Type II
SOC 2 audit in progress. Current controls cover logical access, change management, and incident response. Report available to enterprise customers under NDA.
CCPA
We do not sell or share your data with third parties for advertising or marketing purposes. Data subject requests are handled within 30 days.
Call log retention
90 days on Growth and Business plans. 30 days on Base. Logs are immutable during the retention window and auto-deleted at expiry. Manual deletion available on demand.
Data residency
US accounts store data in AWS us-east-1. EU accounts store data in AWS eu-west-1. No cross-region transfer. Region is set at account creation and cannot be changed retroactively.
Account deletion
Closing your account triggers immediate deletion of all call logs, spend data, and configuration. Provider keys are wiped from the encrypted vault within 24 hours.
Questions or security disclosures?
For security vulnerability reports, compliance documentation requests, or BAA execution, contact our security team directly.
security@cognocient.comWe respond to all security reports within 24 hours.