Author:  Aaron Kennedy / Clive Trott

In this article we answer some of the more common questions we get around our Security and Data policies and processes.


A typical question or statement is:  "I am curious what happens to our data once it leaves CW and gets ingested at Cognition360" our article How is security and encryption handled? explain this in detail.

We also cover all of the terms in our legal terms & documents, which can be found here: Documents : Cognition360, however, we understand that it's a lot of reading so we attempt to answer the most common questions here.  

In short, we’ve never had a customer unable to use Cognition360 because of a data/security concern. If you have specific requirements, or additional questions, please reach out to us at and we can setup a call with a technical representative from our side.


Question 1: Are we in our own tenant?

Question 2: What happens to our data if we don’t proceed?

  • We have a robust administrative process to remove all data in line with our Privacy Policy.  Storing data means that we are incurring a cost, therefore this step is performed within hours of a notification to cancel.  

Question 3: Who has access to our data if we do continue?

  • Only the Cognition360 support team will have access to your data at a database level.  For report level access, this is shared by the support team and our Partner Success Manager who will be handling your onboarding and day to day questions.  

Question 4: Is it just us? 

  • See above, unless you signup for one of our partnerships (this is covered in the sub process agreement). By default, only C360 has access to this.

Question 5: Or do they harvest insights and other information as part of the EULA?  

  • See above

Question 6: What mechanism, protocols, and security guarantees do they make about our data? 

Question 7: Does all it get ingested or just some of it?

  • We do not ingest all your data but we bring in a good amount to ensure our solution gives you the most appropriate insights over a reasonable period of time.  We currently ingest about 5 years worth of data from core fields with an additional +/- 1 Year's worth of data for Service Audit.
  • Anyway, I had a few questions after I read through the setup documentation:


    1. Cognition360 Windows Service
      1. Why can’t the service be installed to a location under “C:\Program Files\” or “C:\Program Files (x86)” ?
  • We have found that in some instances these locations have different user permissions and as the service needs to be able to both read and write files we suggest not to install the service here. However, it is possible to set up the data folder (compare files) to a different location and then the service could be installed here. I would be happy to meet with you (calendly link above) to go over the installation options in more details.

      1. Can you confirm that your database connection settings supported a named instance?
  • Yes, this is a standard .Net connection string and it can include a named instance. In the server field please use the syntax {ServerName}\{NamedInstance}.

      1. Regarding the Comparison Data Location, how much data and what type is potentially stored here? Flat files? Structured data files like XML or JSON? Database snapshots?
  • The comparison data location stores a file per database entity that we are ingesting. They are XML files and they contain a row per primary key and each row contains a hash of the rows data for comparison. The size of the comparison data location will be directly relational to the size of the database and the amount of data you have. We have small customers where this location is less than 200 Mb whereas some of our bigger customers this can be GB in size. The compare data location folder can be moved after installation if disk space at the original install specification is not enough.

    1. Office 365 Service Account
      1. How does Cognition360 access our Tenant and Power BI during the setup/onboarding/ongoing – through a web browser, through some automated tooling to do updates/refreshes, through an app? This information will help us to understand if your access method will be allowed under our Conditional Access and Tenant security
  • For report deployment we have a service applet that we run that uses a Azure AD Application ID that is created as part of the pre-on-boarding steps. This is used in conjunction with the AD Username and Password for authentication. All other access to your tenant will be via the Power BI website. Access is primarily at the provisioning stage when we set up the workspaces, deploy the reports and set up the security access for you. After this, access is limited to support and any report updates that occur over time. 

      1. How is the MFA token stored and access that you will use when accessing our Tenant? i.e. our documentation platform that we use allows you to save the initial TOTP token and then acts as the generator of the one-time-codes that people use when they need to login to a clients system for something.
  • We use a secure password service to store all passwords and their integrated MFA process to stored the access token. In addition to this one person from the provisioning team will be set up with MFA in case we need to reset the password or have login issues. We use multiple MFA processes and am sure we can integrate yours into our process. Again happy to work through this with you as needed.


For any questions, please contact