Trust Center • Security • Privacy • Compliance • Responsible AI

Trusted by Design. Secure by Default. Governed Responsibly.

Cognera Health™ is built with privacy, security, compliance, responsible AI governance, and operational resilience at its core for mental health, behavioral health, wellness, integrated care, and continuous care delivery.

Privacy • Security • Data Rights • Retention

Privacy Policy

Cognera Health™ is committed to protecting personal information, consumer health data, Protected Health Information (PHI), electronic Protected Health Information (ePHI), clinical information, and other sensitive information processed through our healthcare technology platforms.

Website Terms • Product Terms • EULA • AI Disclaimer

Terms & Conditions

Please read these Terms & Conditions carefully before accessing or using Cognera Health™ products, services, websites, mobile applications, APIs, integrations, platforms, and related offerings.

Access • Correction • Deletion • Privacy Preferences

Data Deletion & Privacy Rights

Account & Data Deletion

Cognera Health provides an account and data deletion process for products and services with account creation capabilities, including mobile app workflows and web-based request support for app store disclosures.

  • Account deletion and deactivation requests
  • In-app path: Settings → Account → Delete Account
  • Identity verification and authority review
  • Request review, eligibility determination, confirmation, and audit documentation

Retention & Legal Hold Exceptions

Deletion does not necessarily require deletion of clinical records, healthcare records, compliance records, security records, audit records, or information that must be preserved for lawful, contractual, regulatory, or continuity-of-care reasons.

  • Healthcare record retention requirements
  • HIPAA, HITECH, state law, and contractual obligations
  • Legal holds, litigation holds, investigations, and regulatory reviews
  • Fraud prevention, security investigations, and operational integrity
Privacy Preferences • Data Rights • Sensitive Information Management

Do Not Sell or Share Personal Information

Cognera Health provides mechanisms for eligible individuals to exercise applicable privacy choices and manage preferences regarding the use and sharing of personal information.

Do Not Sell or Share Commitment

Cognera Health is committed to protecting the privacy and confidentiality of personal and health information.

  • We do not sell PHI or ePHI.
  • We do not use health information for advertising or marketing purposes.
  • We do not share identifiable health information for cross-context behavioral advertising.
  • We do not disclose health information to data brokers.
  • We do not permit third parties to use identifiable health information for their own advertising, marketing, or profiling purposes.
  • We do not monetize personal health information through data sales or targeted advertising.

Any sharing of information is limited to authorized service providers, business associates, healthcare operations, legal requirements, security purposes, or other permitted uses described in our Privacy Policy.

Individuals may exercise applicable privacy rights and choices in accordance with applicable laws and our privacy practices.

State Privacy Choices

Eligible individuals shall submit opt-out or privacy choice requests related to sale, sharing, cross-context behavioral advertising, targeted advertising, analytics, or similar state privacy rights recognized under applicable law.

Right CA CO CT VA
Access
Delete
Correct
Portability
Opt-Out
Compliance Governance

Governance, Risk & Compliance Oversight

Cognera Health™ maintains governance, risk management, compliance, privacy, cybersecurity, information governance, and operational oversight programs designed to support applicable healthcare, regulatory, security, and business requirements. Our governance framework promotes accountability, transparency, risk management, policy adherence, and continuous improvement across our platform, operations, data practices, and AI-enabled capabilities.

Important Notice: References to laws, regulations, frameworks, standards, guidelines, or best practices indicate alignment with, support for, or implementation of controls informed by those requirements and do not imply certification, accreditation, endorsement, attestation, or regulatory approval unless expressly stated.

Healthcare Regulations

  • HIPAA Privacy Rule
  • HIPAA Security Rule
  • HIPAA Breach Notification Rule
  • HITECH Act
  • Telehealth and behavioral health considerations

Privacy Regulations

  • GDPR
  • UK GDPR
  • CCPA
  • CPRA
  • Applicable state privacy laws
  • Consumer health data privacy laws

Security Frameworks

  • HITRUST CSF
  • ISO/IEC 27001
  • ISO/IEC 27701
  • SOC 2 Trust Services Criteria
  • NIST CSF, 800-53, 800-66, 800-88
Security Program

Administrative, technical, and operational safeguards.

Administrative Safeguards

  • Governance and compliance oversight
  • Risk assessments
  • Workforce security
  • Security awareness training
  • Vendor risk management
  • Incident response procedures

Technical Safeguards

  • AES-256 encryption at rest
  • TLS encryption in transit
  • Multi-Factor Authentication
  • Role-Based Access Controls
  • Audit logging and monitoring
  • Security event monitoring

Operational Safeguards

  • Business continuity planning
  • Disaster recovery planning
  • Backup management
  • Recovery testing
  • Compliance audits
  • Continuous risk evaluation

Human oversight remains central.

CogneraAI™ is designed to assist and augment healthcare professionals through intelligent documentation, engagement support, operational intelligence, and clinical workflow assistance.

  • Human-in-the-loop oversight
  • Transparency and explainability
  • Accountability and auditability
  • Bias monitoring and model validation
  • Privacy protection and security controls
  • Clinical oversight and continuous monitoring

AI-generated outputs support human decision-making and do not replace professional judgment, diagnosis, treatment decisions, or licensed healthcare services.

Information lifecycle management.

Cognera Health maintains documented policies governing information lifecycle management, retention, deletion, preservation, archival, and secure disposal activities.

  • Data minimization and purpose limitation
  • Defined retention schedules
  • Legal hold and preservation management
  • Secure deletion and destruction
  • Customer and individual rights support
  • Auditability and disposition evidence
Information TypeTypical RetentionNotes
Clinical records7 yearsGenerally retained following last documented activity unless longer retention is required.
Assessments and communications7 yearsAssociated with clinical record retention as applicable.
Authorizations and disclosures6 yearsMaintained for auditability and privacy compliance.
Security, audit, compliance, and governance records6 yearsRetained longer for investigations, legal holds, or contractual obligations.
Backup and recovery dataLifecycle scheduleRetained according to approved backup and disaster recovery schedules.
Vendor & Business Associate Oversight

Third-party trust is governed, reviewed, and documented.

BAAs

Business Associate Agreements where vendors create, receive, maintain, or transmit PHI/ePHI.

Risk Reviews

Vendor due diligence, security assessments, and privacy review processes.

Data Protection

Contractual privacy, security, retention, deletion, and data protection requirements.

Offboarding

Data return, secure destruction, access revocation, and destruction verification.

Information Lifecycle Management

Data Retention, Deletion & Secure Disposal

Cognera Health™ maintains documented policies governing the retention, preservation, archival, deletion, destruction, anonymization, and secure disposal of information throughout its lifecycle.

Compliance Governance

Compliance

Cognera Health maintains a comprehensive governance program supporting privacy, security, compliance, risk management, responsible AI governance, and operational resilience.

Framework notice: Cognera Health uses alignment language intentionally. References to HITRUST, ISO/IEC 27001, ISO/IEC 27701, SOC 2, NIST, GDPR, CCPA/CPRA, HIPAA, and HITECH describe governance practices designed to support applicable requirements and do not imply certification unless expressly stated.

Privacy Governance

HIPAA Privacy Rule, GDPR, UK GDPR, CCPA/CPRA, privacy rights management, consent, authorization, disclosure tracking, and privacy review activities.

Security Governance

Access controls, encryption, MFA, audit logging, monitoring, vulnerability management, endpoint security, and technical safeguards.

AI Governance

Human oversight, bias monitoring, explainability, model validation, AI risk reviews, auditability, and responsible AI practices.

Risk Management

Enterprise risk assessments, PHI/ePHI risk reviews, AI risk assessments, vendor risk reviews, security assessments, and corrective action tracking.

Vendor Governance

Business Associate Agreements, vendor due diligence, security reviews, data protection obligations, and secure offboarding procedures.

Monitoring & Audit

Compliance reviews, internal audits, independent assessments, evidence retention, KPI monitoring, and regulatory readiness activities.

Compliance Governance Summary

Protecting information entrusted to Cognera Health.

Cognera Health™ is committed to protecting the privacy, security, confidentiality, integrity, and availability of information entrusted to us by healthcare providers, organizations, and individuals.

Our compliance program is designed to support applicable healthcare, privacy, cybersecurity, and information governance requirements, including HIPAA, HITECH, GDPR, UK GDPR, CCPA/CPRA, and industry-recognized frameworks such as HITRUST, ISO 27001, ISO 27701, SOC 2, and NIST guidance.

  • Privacy and security governance
  • Risk management and compliance monitoring
  • Role-based and least-privilege access
  • Encryption of sensitive data at rest and in transit
  • Vendor and Business Associate oversight
  • Incident response and breach management procedures
  • Workforce training and awareness programs
  • AI governance and human oversight
  • Audit logging, monitoring, and compliance reviews
  • Business continuity and disaster recovery planning
  • Continuous improvement and regulatory readiness
Enterprise Security Reviews

Security & Compliance Requests

Healthcare organizations, enterprise customers, procurement teams, auditors, and security reviewers can request additional information for vendor due diligence, security questionnaires, Business Associate Agreement review, and compliance documentation.

Vendor Due Diligence

Security questionnaires, vendor assessments, procurement reviews, and compliance documentation requests.

BAA & Contract Review

Business Associate Agreement coordination, data protection terms, privacy obligations, and customer governance requirements.

Security Review

Security controls, incident response overview, backup and disaster recovery practices, and responsible disclosure coordination.

Subprocessors & Service Providers

Cognera Health engages approved cloud infrastructure providers, communication providers, analytics providers, security providers, support providers, and other service providers necessary to operate, secure, maintain, and support its services.

Subprocessors and service providers are subject to applicable privacy, security, confidentiality, contractual, data protection, access control, retention, deletion, and vendor oversight obligations.

Responsible Disclosure

To report a security vulnerability, privacy concern, or security-related issue involving Cognera Health systems or services, please contact Security.

Security Questionnaire Requests

Enterprise customers, healthcare organizations, procurement teams, and auditors can request vendor questionnaires, compliance documentation, security summaries, and Business Associate Agreement review through Security.

Request guidance: Please contact Security or Compliance for enterprise review requests.
Governance Program • Enterprise Controls • Customer Responsibilities

Governance Program Structure

Cognera Health™ maintains an integrated governance program designed to connect enterprise governance, privacy, information lifecycle management, consumer rights, operational controls, vendor oversight, and responsible AI governance into a cohesive trust framework.

Important Notice: Information provided on this website is for informational purposes only and does not constitute legal advice, regulatory advice, privacy advice, security advice, compliance certification, or professional services advice. References to regulations, frameworks, standards, and industry practices indicate alignment with, support for, or implementation of controls informed by those frameworks and do not imply certification unless expressly stated.
Governance Documentation

Available Governance Documents

Enterprise customers, procurement teams, security reviewers, and authorized stakeholders can review or request governance documentation supporting privacy, compliance, data retention, secure disposal, and responsible AI oversight.

Privacy Policy

Privacy and responsible data stewardship practices.

View Privacy Policy

Terms & Conditions

Website and service use terms, user responsibilities, disclaimers, and legal notices.

View Terms & Conditions

Compliance Governance Framework

Privacy, security, risk management, AI governance, operational resilience, and compliance oversight.

View Compliance Governance Framework

Data Retention & Secure Disposal Policy

Retention schedules, deletion controls, legal holds, archival handling, and secure disposal practices.

View Data Retention & Secure Disposal Policy

Security Reviews

  • Vendor Due Diligence
  • Security Questionnaires
  • Penetration Testing Requests
  • Security Documentation Requests

Security

Responsible Disclosure

To report a suspected security vulnerability, privacy concern, or security-related issue, contact the Cognera Health security team.

Security

Contact Cognera Health

Contact

Contact the appropriate Cognera Health team for privacy, security, compliance, legal, sales, support, and general inquiries.

Data Deletion

Account deletion, data deletion, app store data safety, and privacy request support.

Data Deletion Request

Do Not Sell or Share

California and state privacy opt-out requests.

Submit Opt-Out Request

Privacy

Privacy rights, data protection, and personal information requests.

Privacy

Compliance

Compliance governance, regulatory alignment, and enterprise due diligence.

Compliance

Security

Security controls, vendor reviews, security questionnaires, and responsible disclosure.

Security

Legal

Terms, contracts, legal notices, and governance documentation questions.

Legal

Due Diligence

Enterprise security reviews, questionnaires, vendor assessments, BAAs, and governance documentation requests.

Security

Support

Product support, customer assistance, and account-related questions.

Support

General

General inquiries about Cognera Health products, services, and company information.

General

Emergency Notice

Cognera Health does not provide emergency services, crisis intervention services, diagnosis, treatment, or medical care. Individuals experiencing a medical emergency, psychiatric emergency, or crisis must immediately contact emergency services, a crisis hotline, or a qualified healthcare provider.

Built for trust. Designed for care.

Explore how Cognera Health™ delivers continuous, secure, responsible, and clinically grounded care technology.

Explore Platform Explore Solutions Contact Us