Security & Access
Enterprise security
Security & Trust
Trust Center
For more details on Cognition’s security posture, visit our Trust Center.
Security
Secure Transmission and Encryption
All data transmission is encrypted in transit and at rest. Production systems are continuously monitored through logging, error handling, and real-time dashboards tracking live metrics. Alerts are triggered for unusual application states (e.g., high error rates, slow performance, failures) and are promptly investigated by our team. Access to Cognition’s AWS cloud environment is granted on a need-to-know basis, aligned with business roles. Only a limited number of employees or contractors have direct access to production systems.General Security Practices
All employees and contractors must use multi-factor authentication (MFA) on all primary work applications. Additionally, they undergo annual security training, covering best practices for password management, social engineering awareness, and phishing prevention.Third-Party Audits and Certification
Cognition obtained SOC 2 Type II certification in September 2024. During this audit, third-party reviewers evaluated all security policies, procedures, and internal and external controls related to:- Data security
- Privacy
- Processing integrity
- Confidentiality
- Availability
Vulnerability Disclosure Program
If you identify a potential security issue, report it to our security team at security@cognition.ai. Cognition will notify Enterprise customers of any security incidents that may impact their environments, following the reporting obligations outlined in customer agreements.Privacy & Intellectual Property
How does Cognition process data accessed by Devin?
Data processing depends on how customers interact with Devin:- Web Application: Cognition only processes data actively provided by the authorized user.
- GitHub & Slack Integrations: The administrator installing the integration can review and manage all permissions granted to Devin.
What is Cognition’s data retention policy?
Cognition retains data processed through Devin only for the duration of the customer relationship unless specified otherwise.- Feedback & User Interaction Data may be retained as needed, as determined by Cognition.
How is customer data used to improve Devin?
By default, Cognition does not train its models on customer data or code. For Enterprise customers using VPC or on-prem deployments, all customer data remains within the customer’s tenant. Please refer to your Cognition agreement for further details.What are the intellectual property (IP) rights for Devin’s output?
The output generated by Devin—whether code, work product, or other content—is the customer’s intellectual property and may be used for commercial purposes. However, customers cannot use Devin’s output to train models intended to reverse-engineer or develop a competing product.GitHub Integration Considerations
When configuring the GitHub integration, users can select which repositories Devin can access. Permissions can be adjusted at any time via GitHub’s App Settings. For details on permissions and security considerations, visit the GitHub Integration Guide.Slack Integration Considerations
Devin only processes data explicitly provided when:- It is tagged (
@Devin) - It receives a direct prompt
- Additional information is shared in an active Slack thread
User Best Practices
Devin’s Limitations
While Devin improves daily, it may still:- Generate hallucinations (inaccurate or misleading responses)
- Introduce bugs into code
- Suggest insecure coding practices
- Code reviews before deployment
- Branch protections to enforce validation checks
- Following your organization’s standard engineering review processes
Handling Secrets
If Devin requires credentials (e.g., API keys, passwords, cookies), use Cognition’s Secrets feature under the Settings page to securely share and store sensitive information.Sharing Feedback
We continuously enhance Devin based on customer feedback.- For feature requests and suggestions, contact your Cognition account team or email support@cognition.ai.
- To report security incidents, email security@cognition.ai.