Does Cosine store code or PII? Can we opt out of training?

Cosine aligns with SOC 2 and ISO 27001 standards, supporting secure deployments for regulated industries with strict data governance requirements.

Cosine does not use your data for model training or share it with third parties. Your code, tickets, and documentation always remain private and under your control.

Data handling overview

Code and repository data

When you connect a repository, Cosine securely indexes your code to understand structure and context. This data stays within your chosen deployment (Cloud, VPC, or on-prem) and is never transferred to shared or external environments.

  • Data is stored only for the duration of task processing and retrieval.

  • Customers can delete repositories or all associated data at any time.

  • Enterprise customers can choose to disable all data persistence.

Personally identifiable information (PII)

Cosine does not require or process PII beyond basic account metadata (e.g., email for authentication). Within task data, any incidental PII remains fully contained inside your deployment and is not logged or transmitted externally.

Model training

Cosine never trains shared models on customer data.

  • Your proprietary code and documentation are excluded from global training datasets.

  • Fine-tuning (if requested) happens only on your instance, within your secure environment.

  • When the model is updated, your data does not leave your perimeter.

Data retention and deletion

Customers control retention policies:

  • Cloud deployments – Data stored in encrypted form and automatically purged after defined intervals.

  • VPC/on-prem deployments – Full control over data storage, backup, and deletion.

You can request full deletion of all data artifacts at any time via the admin dashboard or API.

Opting out of training

All customers are opted out of global training by default. No additional configuration is required.

If you request private fine-tuning on your own codebase, it occurs entirely inside your environment — with your approval, custom data governance, and no data egress.

Why this matters

Most AI tools rely on shared model training pipelines, which can expose sensitive intellectual property. Cosine’s architecture was built to eliminate that risk, giving you the benefits of AI automation without compromising ownership or privacy.

Related pages

→ Next: What does implementation look like?

PreviousIs Cosine SOC 2 / ISO 27001 compliant?NextDeployment and ROI

Last updated

Was this helpful?