Trust Centre
Security and compliance at Cogent Clinic.
The published documentation behind every claim on this site: policies, security, sub-processors, and data rights, each written to be cited in your own DPIA or governance records. Documents not published here are available to reviewers on request at [email protected].
Policies and terms
The documents that govern the relationship: what you agree to, what we promise, and the formal statement of what the device is for.
- Privacy Policy How Cogent collects, uses and protects personal data under UK GDPR, including its roles: controller for clinicians, processor for client content.
- Terms of Service The terms on which clinicians use Cogent Clinic, covering pricing, acceptable use, intellectual property, warranties and disclaimers, and liability.
- Data Processing Agreement The processor-side commitments Cogent makes when clinicians process patient data through the product, auto-incorporated for all customers.
- Service Level Agreement The availability, support, breach-notification, and service-credit commitments that sit alongside the Terms of Service.
- Cookie Policy What cookies and similar technologies are used for, with strict-necessary only by default and no marketing or ad tracking.
- Acceptable Use What the product is designed for and what has been deliberately deferred, framed for clinicians' compliant use.
- Scope of use Who the product is for, what it does and does not do, and the clinician's responsibilities, written to be citable in a DPIA or supervision log.
- Intended Purpose (medical device) The canonical intended purpose statement for the Cogent Clinic medical device, used in the Declaration of Conformity and the MHRA registration.
Security and clinical safety
How the system is secured, the principles the AI is held to, and the clinical safety approach behind the Class I registration.
- Security Encryption, access control, 2FA, audit chain, rate limiting, and the architecture choices that keep patient content out of Cogent's own reach.
- AI principles The principles governing AI inside Cogent Clinic: the clinician stays the author of record, and the AI does not do clinical reasoning on their behalf.
- Clinical safety approach How clinical risk is managed: the controls in place, alignment with DCB0129 principles, and what a deploying clinician needs to do on their side.
Sub-processors
Every outside service that touches any part of the work, named, with what it does and where it runs.
Your rights, and your clients'
Data rights, retention, lawful basis, and the page written for your clients to read.
- For your clients A plain-English notice clinicians can hand to clients or publish on a clinic website: what Cogent Clinic is and what is done with a client's information.
- Your data rights Access, rectification, erasure, portability, restriction, and objection, with the steps for exercising each one set out plainly.
- Data retention Exactly how long each category of data is retained, and when it is deleted or anonymised.
- Lawful basis The lawful basis Cogent relies on for each category of processing, and how that basis is reflected in the privacy notices.
If something goes wrong
How incidents are handled and how you would hear about one.