Your data is yours.
Coggo is built with strong technical controls. Here is exactly how we handle recordings, transcripts, and notes.
What happens to your recording.
Recorded in your browser
Audio captured locally, never leaves your device until you choose to process it.
Uploaded encrypted to Cloudflare R2
Region-pinned storage (US, EU, or Asia-Pacific). TLS 1.3 in transit, AES-256 at rest.
Transcribed by a veterinary speech recognition service
Purpose-built medical speech model. Zero-retention agreement — your audio is processed and discarded immediately, never retained by the provider.
SOAP generated by our AI engine
State-of-the-art language model for SOAP and AI variants. Zero-retention agreement — your transcript is processed and discarded immediately.
Stored in Cloudflare D1
Encrypted at rest. Region-pinned. Accessible only to authenticated users in your clinic.
What we have in place today.
In transit: TLS 1.3
All connections to and from Coggo use modern TLS. Older protocols rejected.
At rest: AES-256
Cloudflare R2 and D1 use AES-256 encryption at rest by default.
SOC 2 Type II authentication
We never see or store passwords. MFA support. Session management handled by a certified enterprise authentication provider.
Role-based access
Admin, Vet, Receptionist roles. Last-admin protection prevents lockout.
Data residency
Audio and notes stored in your selected region (US, EU, or Asia-Pacific). Never transmitted outside.
Action logging
Pro plans include per-user audit log. Filterable, exportable, retained.
What we will never do.
- We never use your data to train AI models.
- We never sell your data.
- We never share data with third parties beyond our AI and transcription providers, both operating under zero-retention agreements.
- We never transmit audio outside your selected region.
- We never override your clinical judgment — every note is reviewable and editable before you sign it.
Where we are. Where we are going.
Honest about what is in place today vs what is in progress.
Strong technical controls
Encryption, region-pinning, role-based access, audit logging, zero-retention AI providers — all described above.
SOC 2 Type II certification
Working toward formal SOC 2 audit. Until certified, we describe our controls transparently rather than claiming a certification we do not yet hold.
HIPAA BAA
Business Associate Agreement available for US customers who need it. Currently provided on request via legal@coggo.ai. Veterinary medicine generally does not require HIPAA, but some clinics want one anyway.
GDPR data processing agreement
DPA available for EU customers on request via legal@coggo.ai. Standard contractual clauses included for international data transfer.
Found a security issue?
Email security@coggo.ai. We respond within 24 hours and aim for a full resolution within 5 business days.
We do not currently offer a paid bug bounty, but we publicly credit reporters who request it, and we are committed to working with researchers in good faith.
Get your next two hours back.
Signup takes 30 seconds. First note in under 2 minutes. No credit card. No installs.