All data transmission is encrypted in transit and at rest. Production systems are continuously monitored through logging, error handling, and real-time dashboards tracking live metrics. Alerts are triggered for unusual application states (e.g., high error rates, slow performance, failures) and are promptly investigated by our team.Access to Cognition’s AWS cloud environment is granted on a need-to-know basis, aligned with business roles. Only a limited number of employees or contractors have direct access to production systems.
All employees and contractors must use multi-factor authentication (MFA) on all primary work applications. Additionally, they undergo annual security training, covering best practices for password management, social engineering awareness, and phishing prevention.
Cognition obtained SOC 2 Type II certification in September 2024. During this audit, third-party reviewers evaluated all security policies, procedures, and internal and external controls related to:
If you identify a potential security issue, report it to our security team at security@cognition.ai. Cognition will notify Enterprise customers of any security incidents that may impact their environments, following the reporting obligations outlined in customer agreements.
By default, Cognition does not train its models on customer data or code.For Enterprise customers using VPC or on-prem deployments, all customer data remains within the customer’s tenant. Please refer to your Cognition agreement for further details.
What are the intellectual property (IP) rights for Devin’s output?
The output generated by Devin—whether code, work product, or other content—is the customer’s intellectual property and may be used for commercial purposes.However, customers cannot use Devin’s output to train models intended to reverse-engineer or develop a competing product.
When configuring the GitHub integration, users can select which repositories Devin can access. Permissions can be adjusted at any time via GitHub’s App Settings.For details on permissions and security considerations, visit the GitHub Integration Guide.
If Devin requires credentials (e.g., API keys, passwords, cookies), use Cognition’s Secrets feature under the Settings page to securely share and store sensitive information.