> ## Documentation Index
> Fetch the complete documentation index at: https://docs.devinenterprise.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Enterprise security

# **Security & Trust**

<Card title="Trust Center" icon="shield-check" href="https://trust.cognition.ai">
  For more details on Cognition's security posture, visit our [Trust Center](https://trust.cognition.ai).
</Card>

## **Security**

### **Secure Transmission and Encryption**

All data transmission is **encrypted in transit and at rest**. Production systems are continuously monitored through logging, error handling, and real-time dashboards tracking live metrics. Alerts are triggered for unusual application states (e.g., high error rates, slow performance, failures) and are promptly investigated by our team.

Access to Cognition's AWS cloud environment is granted on a **need-to-know basis**, aligned with business roles. Only a limited number of employees or contractors have direct access to production systems.

### **General Security Practices**

All employees and contractors must use **multi-factor authentication (MFA)** on all primary work applications. Additionally, they undergo **annual security training**, covering best practices for password management, social engineering awareness, and phishing prevention.

### **Third-Party Audits and Certification**

Cognition has been **SOC 2 Type II certified** since September 2024. During these audits, third-party reviewers evaluated all security policies, procedures, and internal and external controls related to:

* **Data security**
* **Privacy**
* **Processing integrity**
* **Confidentiality**
* **Availability**

For more details, visit our [Trust Center](https://trust.cognition.ai).

### **Vulnerability Disclosure Program**

If you identify a potential security issue, report it to our security team at [security@cognition.ai](mailto:security@cognition.ai). Cognition will notify Enterprise customers of any security incidents that may impact their environments, following the reporting obligations outlined in customer agreements.

## **Privacy & Intellectual Property**

### **How does Cognition process data accessed by Devin?**

Data processing depends on how customers interact with Devin:

* **Web Application**: Cognition only processes data actively provided by the authorized user.
* **Integrations**: The administrator installing the integration can review and manage all permissions granted to Devin.

For **Enterprise customers with dedicated deployments**, all customer data is stored within the customer's tenant.

### **What is Cognition's data retention policy?**

Cognition retains data processed through Devin only for the duration of the customer relationship unless specified otherwise.

* **Feedback & User Interaction Data** may be retained as needed, as determined by Cognition.

### **How is customer data used to improve Devin?**

By default, Cognition **does not** train its models on customer data or code.

For Enterprise customers using **dedicated deployments**, all customer data remains within the customer's tenant. Please refer to your Cognition agreement for further details.

### **What are the intellectual property (IP) rights for Devin's output?**

The output generated by Devin—whether code, work product, or other content—is the **customer's intellectual property** and may be used for commercial purposes.

However, customers **cannot** use Devin's output to train models intended to reverse-engineer or develop a competing product.

### **Integrations**

#### **SCM Platforms**

When configuring the SCM integration, users can select which repositories Devin can access. Depending on integration type, permissions can be adjusted at any time via the SCM platform's settings or by regenerating the fine-grained access token.

#### **Messaging Platforms**

Devin **only processes data explicitly provided** when:

* It is tagged (`@Devin`)
* It receives a direct prompt
* Additional information is shared in an active thread

<Note>
  For details on specific integrations, see the [Integrations](/integrations/overview) page.
</Note>

## **User Best Practices**

### **Devin's Limitations**

While Devin improves daily, it may still:

* Generate **hallucinations** (inaccurate or misleading responses)
* Introduce **bugs** into code
* Suggest **insecure coding practices**

To mitigate risks, we strongly recommend:

* **Code reviews** before deployment
* **Branch protections** to enforce validation checks
* Following your organization's standard engineering review processes

### **Handling Secrets**

If Devin requires credentials (e.g., API keys, passwords, cookies), use Cognition's [Secrets Manager](/product-guides/secrets) under the **Settings page** to securely share and store sensitive information.

### **Sharing Feedback**

We continuously enhance Devin based on customer feedback.

* For feature requests and suggestions, contact your Cognition account team or email [support@cognition.ai](mailto:support@cognition.ai).
* To report security incidents, email [security@cognition.ai](mailto:security@cognition.ai).

Your input is invaluable in refining Devin as an AI software engineer.