Security Policy
Last updated:
1. Security Approach
Kognyt is built to provide Salesforce context for AI tools while protecting customer accounts, connected-org workflows, and billing operations. This page summarizes our current public security posture.
2. Data Protection
- Encryption in transit for network communication with Kognyt services
- Protected storage for service data and secrets where supported by our providers
- Access controls designed around least privilege
- Operational logging and monitoring for reliability and abuse prevention
3. Authentication And Billing Providers
Kognyt currently uses providers such as Supabase for authentication and account-backed data, Razorpay for payment processing, and Vercel services for hosting and analytics. When connected-org flows are enabled, Salesforce OAuth is used for authorized org connections.
4. Salesforce Org Metadata Handling
Kognyt for VS Code and Kognyt IDE process Salesforce org metadata to build Org Context for your chosen LLM. Customer ownership of that metadata remains with the customer. Kognyt processes it only to deliver the service and does not use customer org metadata to train shared models or to improve outcomes for other customers.
5. Responsible Disclosure
If you believe you have found a security issue, contact security@kognyt.dev. Please include enough detail for us to reproduce and investigate the issue.
6. Updates
We may update this page as the product, infrastructure, and connected-org workflows evolve. Material changes will be reflected in the updated date above.