SOC 2 Reports
Request when availableAudit reports when SOC 2 attestation is completed.
Trust Center
Public policies and security docs. For SOC 2 reports and similar, request access from security.
How coThink collects, uses, stores, and protects information.
Account responsibilities, acceptable use, and customer content.
Enterprise data processing terms and GDPR-aligned commitments.
How coThink uses cookies and similar technologies.
Permitted and prohibited uses of coThink services.
Enterprise contracting terms for platform access, security, compliance, and AI.
Authentication, encryption, access control, and monitoring.
TLS, AES-256-GCM, organization-managed and E2EE encrypted rooms.
Passkeys, SSO, RBAC, MFA, and session security.
Environment separation, operator access, and monitoring.
Secure SDLC, vulnerability management, and application controls.
Customer ownership, BYOM privacy, export, and retention.
Report security vulnerabilities to coThink.
Current controls, planned work, and certification status.
Third-party vendors that may process data on behalf of coThink.
Audit reports when SOC 2 attestation is completed.
Third-party assessment summary when available.
Security architecture, data flows, and operations.
Policies and security docs bundled for vendor reviews.
For eligible HIPAA deployments.