Trust & Security Center

Security is the product.
It's also how we run.

We ask enterprises to trust us at the user edge — the most sensitive point in their environment. That trust has to be earned in how we build the product, handle your data, and run our own infrastructure. Here is where we stand, stated plainly.

01 · This site, hardened

How this website is secured

A security company's own website is the first thing practitioners inspect. Ours is configured to the standard we hold our product to — verifiable in the response headers your browser receives right now.

HTTPS everywhere + HSTS

Served exclusively over TLS with HTTP Strict Transport Security and preload — connections can't be downgraded to plaintext.

Strict Content Security Policy

A restrictive CSP limits scripts and resources to our own origin, with framing denied (clickjacking-resistant) via frame-ancestors 'none'.

No third-party tracking

No analytics scripts, no advertising tags, no tracking pixels. Fonts are self-hosted — nothing about your visit is shared with a third party.

Defensive headers + privacy by default

A locked-down Permissions-Policy disables camera, microphone, and geolocation access and opts out of cohort tracking; cross-origin isolation headers are set.

Want to verify? Open your browser's developer tools → Network → the document request, and inspect the response headers.

02 · Your data

How we handle data

We practice data minimization by default. We collect only what's needed to operate the site and respond to genuine inquiries, and we never sell, rent, or trade personal information.

Minimal collection

Server logs for security and operations, plus whatever you choose to share when you contact us. Nothing more.

No sale, no sharing

We do not sell or share personal information, and we run no behavioral advertising.

GDPR & CCPA/CPRA aligned

Access, rectification, erasure, restriction, and portability rights are honored under applicable law.

Defined retention

Operational logs are retained only as long as needed — generally no more than twelve months.

Full detail lives in our Privacy Policy and Terms of Use.

03 · The product

Product security principles

The CognitionAI Engine operates at the user edge, where AI is actually used. The way it's built reflects a deliberate set of principles.

Host-agentless by design

The browser-side approach is built to avoid heavyweight host agents and to minimize footprint on the endpoint.

Least privilege

The platform is designed to operate with the narrowest access needed to inspect and enforce policy on AI activity.

Edge-first processing

Inspection and enforcement are designed to happen at the point of interaction, reducing what needs to leave the environment.

Policy you control

Enforcement is governed by policy your security team defines — not opaque, unconfigurable behavior.

04 · Privacy & compliance

Privacy & compliance

We're an early-stage company, and we'd rather tell you exactly where we are than imply a posture we haven't earned. We do not yet hold formal third-party security certifications. We design and operate to align with the privacy regulations that govern our users' data, and we'll publish certifications here as we earn them — not before.

GDPRAligned
CCPA / CPRAAligned
Evaluating us through a security review?

Security and procurement teams can request our current security documentation and a direct conversation about our roadmap. Request documentation & a briefing →

05 · Responsible disclosure

Report a vulnerability

We welcome reports from the security community. If you believe you've found a vulnerability in our website or platform, we want to hear from you and we commit to engaging in good faith.

We do not currently operate a paid bug-bounty program, but we recognize and credit researchers who report responsibly.

Evaluating Salience?

Talk to our team for current security documentation, architecture detail, and a walkthrough tailored to your environment.

Request a Demo
Last updated · June 2026