// Trust & Security Report

    Cognii, Inc. logo

    Cognii, Inc.

    AI-powered educational technology suite for K-12, higher education, and corporate training: Virtual Learning Assistant (conversational tutoring chatbot), Assessment Engine (NLP open-response grading), Analytics Platform (instructor dashboards), and Authoring Tools. Integrates via LTI, hosted SaaS, or API.

    Certifications held

    0

    Maturity

    Startup

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 8 unconfirmed / not-held certifications
    SOC 2 Type 2
    NOT CONFIRMED

    No public evidence. No SOC 2 report or attestation found on cognii.com, in search results, or in any third-party listing. Multiple security/trust path attempts (cognii.com/security, /trust, /data-security, /compliance) returned HTTP 404.

    source: cognii.com
    ISO 27001
    NOT CONFIRMED

    No public evidence. ISO 27001 certificate or scope document not found on cognii.com or in any external search result.

    source: cognii.com
    HIPAA
    NOT CONFIRMED

    No public evidence. HIPAA is not mentioned on cognii.com. The company operates in EdTech, not healthcare, and no BAA or HIPAA compliance statement was found.

    source: cognii.com
    GDPR (posture)
    NOT CONFIRMED

    GDPR rights acknowledged for EU residents in the privacy policy: 'Under GDPR, if you are an EU resident, you may request that we provide access to and/or a copy of certain information we hold about you [...]'. No DPA is published and no formal GDPR adequacy documentation is offered. Privacy policy last updated March 20, 2019 and may not reflect current GDPR obligations.

    source: cognii.com
    FERPA (compliance posture)
    NOT CONFIRMED

    FERPA posture is asserted, not certified. Privacy policy states: 'Our collection and use of Student Data provided by a Teacher or School is governed by our Terms of Service and by the provisions of the Family Educational Rights and Privacy Act (FERPA).' No independent FERPA audit or certification is documented.

    source: cognii.com
    ISO/IEC 42001 (AI Management)
    NOT CONFIRMED

    No public evidence. ISO 42001 not mentioned on cognii.com or in any external source.

    source: cognii.com
    CSA STAR
    NOT CONFIRMED

    No public evidence. CSA STAR not mentioned on cognii.com or in any external source.

    source: cognii.com
    PCI DSS
    NOT CONFIRMED

    No public evidence. PCI DSS not mentioned. Billing information is collected but no PCI compliance statement is published.

    source: cognii.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    United States primarily. Policy states: 'Your information collected through the Service may be stored and processed in the United States or any other country in which Cognii or its subsidiaries, affiliates or service providers maintain facilities.' No specific cloud provider or data residency commitment is disclosed.

    Unknown and unaddressed. The privacy policy (last updated March 2019, predating modern AI training disclosures) permits Cognii to 'collect, analyze, and share anonymized or aggregated data or data derived from Student Data for certain purposes, but only if the disclosure of such data could not reasonably identify a specific individual or specific School.' Whether this clause covers AI model training is not clarified. No opt-out mechanism for AI training is mentioned. The policy is silent on generative AI or model training entirely.

    // Security controls

    Encryption in transit

    SSL/TLS. Privacy policy states: 'We use industry-standard Secure Socket Layer (SSL) encryption technology to safeguard the account registration process and sign-up information.'

    cognii.com

    Encryption at rest

    Partially implied. Privacy policy mentions 'data encryption' among security safeguards but does not specify encryption at rest or the algorithm used.

    cognii.com

    Access controls

    Limiting access to personal data to employees who require it to perform their job functions, per privacy policy.

    cognii.com

    Firewalls

    Mentioned in privacy policy as a security safeguard. No specifics provided.

    cognii.com

    Employee training

    Privacy policy states Cognii provides 'periodic training for its employees involved in the collection and dissemination of Student Data.'

    cognii.com

    Data retention and deletion

    Data retained only as long as necessary to deliver services. Deleted upon account deletion request, with a 1-year backup retention period after deletion.

    cognii.com

    Third-party security assessment

    None found. No penetration tests, SOC reports, or third-party security audits are publicly disclosed.

    cognii.com

    Incident response / breach notification

    Not addressed in the publicly available privacy policy or terms.

    cognii.com

    // Products & data scope

    Virtual Learning AssistantAI tutoring / conversational learning

    data: Student responses, learning session data, email addresses, class roster data provided by teachers.

    Chatbot-style tutoring that collects open-ended student answers. Student data owned and controlled by the School/Teacher per privacy policy. No AI training opt-out disclosed.

    Assessment EngineAutomated essay / open-response grading

    data: Student written responses, grading data, instructor-authored rubrics.

    NLP-based scoring; accuracy described as 'comparable to human scoring.' No independent validation or third-party audit of the NLP pipeline disclosed.

    Analytics PlatformLearning analytics / instructor dashboard

    data: Aggregated and individual student performance data, session replay data.

    Real-time dashboards with concept-level insights. Session replay raises additional privacy considerations not addressed in the 2019 privacy policy.

    Authoring ToolsLearning content authoring

    data: Instructor-created content, assessment items.

    Content creation interface for educators. Data scope is primarily instructor-generated material.

    // What to watch

    • OUTDATED PRIVACY POLICY: Last modified March 20, 2019. Does not address AI model training, generative AI, modern data transfer mechanisms (SCCs replacing Privacy Shield), or current GDPR obligations. Material gap for a company handling K-12 student data.
    • NO FORMAL SECURITY CERTIFICATIONS: No SOC 2, ISO 27001, HIPAA, or equivalent found for a platform that processes student data including minors. Dedicated security/trust pages return HTTP 404.
    • AMBIGUOUS AI TRAINING CLAUSE: The 2019 privacy policy permits use of anonymized/aggregated student data 'for certain purposes' without defining whether AI model training is included. No opt-out is offered. This is a material flag for an AI-native EdTech company.
    • NO DPA AVAILABLE: No Data Processing Agreement (DPA) found publicly. Required for GDPR-compliant data controller/processor relationships with EU institutions.
    • VERY SMALL COMPANY: Reported ~$641K revenue and ~1-person team in 2024 (per Latka). Raises questions about the capacity to maintain and audit a security program at the level expected for an EdTech platform handling minors' data.
    • VAGUE DATA REGION: Policy states data may be processed in 'the United States or any other country in which Cognii or its subsidiaries, affiliates or service providers maintain facilities.' No specific commitment to US-only or EU data residency.
    • NO BREACH NOTIFICATION POLICY: Privacy policy and terms do not address incident response or data breach notification timelines.
    • STUDENT DATA INCLUDES MINORS: Children under 13 require parental permission per policy, but no COPPA certification or FTC SafeHarbor seal is claimed.

    // At a glance

    Pricing model

    Not publicly disclosed. Contact sales model. Integrations via LTI, hosted SaaS, or API. Likely per-institution or per-seat contract pricing.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Cognii, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    cognii.com

    > Browse all vendor trust reports