Jump to guide

Security

Security is one of our top priorities and this page outlines best practices and means of getting in touch with us securely.

SSL and TLS

All Cognito endpoints require TLS. TLS is enforced using HSTS. SSL is not allowed on any endpoint and TLS 1.2 is preferred.

Audits

We receive occasional white box security audits. If you would like to see a copy of our latest report, please contact support.

Disclosure

We accept any and all security disclosures through security@cognitohq.com. If you would like to encrypt your message, we provide a PGP key below with which to do that. We offer a bug bounty program through Cobalt.

Server Infrastructure

Our servers are hosted with Heroku and AWS using state of the art at-rest encryption and staff security procedures.

PGP Communication

We use PGP for secure email communications. Below you can find our public key along with additional information allowing you to verify messages from us as well as encrypt messages for us.

Key ID CEE296AD
Key type RSA
Key length 4,096
Fingerprint DC61 8E96 0E24 258A 6583 4274 83D9 7AE0 CEE2 96AD
Email security@cognitohq.com

Download our public key 3KB ASC file - security@cognitohq.com