Privacy & Security
at Cognitive3D
Cognitive3D considers the protection of Privacy and Security to be of paramount importance. We hold ourselves accountable to the highest standards when it comes to security practices so that our customers can focus solely on building the best 3D applications. The following summary will explain how information is collected and protected by us and through our Public Site and our Platform.
Disclosure of Data Collection
We recognize the difference and significance on the scope of data being collected by the Cognitive3D Platform, and wanted to try a new approach on communicating that clearly with our customers and end-users. Cognitive3D customers are required to clearly disclose to their end-users that data collection is being conducted on their behalf by Cognitive3D, and their intended use of data.
Below is an outline of the key data types that are collected on behalf of Cognitive3D customers using the Cognitive3D SDK for data collection, then stored on the Cognitive3D Platform for data visualization. For a deeper look at our data use policies, please take a look at our Privacy Policy.
Eye movements
Where users look with their eyes, which can be used for gaze or eye tracking fixations on the world or objects.
3D position
How user moves through 3D space, including direction, movement and teleportations through the scene.
Head movements
How users move their head, which can be used for inferred gaze whether or not an eye tracker is present.
Hand movements
How users move their hands, which includes controllers, but also hand tracking on certain devices.
Biometrics
Sensor data including HRV, Cognitive Load, and can include GSR, EEG or other integrations by our customer.
Responsible Data Collection
We recommend our customers follow the responsible data collection guidelines below:
- You should only collect what you need - nothing more.
- End-user data is not for sale.
- Consent should be given before collecting data.
- Do not store personally identifiable information (PII) on our platform.
- Respect and facilitate privacy laws. End-users can request for data to be deleted.
Platform Security
At Cognitive3D, information security is a top priority and we understand that it is critical to all users of our platform. Cognitive3D is currently in the process of securing its SOC 2 Type 1 certification. SOC 2 certification is more than just a piece of paper. It's a constant commitment to our customers, and it shows that we take platform security and privacy seriously.
We have licensed Secureframe for year-round monitoring of our SOC 2 compliance and observation compliance for our Type 2 audits which are conducted by an external accounting firm. We also leverage an external vendor to perform regular penetration tests of the Platform.
Responsible Security Disclosure
We're committed to ensuring the security of our customers' data and our platform systems. We encourage security researchers to report vulnerabilities they find in our systems, platform, or software development kits. If you found a potential vulnerability, please email security@cognitive3d.com for next steps.
We appreciate your help in keeping our systems and platform secure.
What is SOC 2?
SOC 2 is an auditing procedure that ensures Cognitive3D is secure and our customer data is protected. It defines criteria for managing customer data based on “trust service principles” – security, availability, processing integrity, confidentiality and privacy.
Our operations, risk assessment processes, information and communication practices, monitoring, and control activities will be evaluated by an accredited third-party and meet the standard for SOC 2 certification. In short, the SOC 2 certification asserts that we are following industry standards and best practices to ensure that:
- Our systems and data are securely managed
- Our customer data is private
- Our organization is protected