How Cognition works

Most AI platforms store your conversations in plaintext. If their database leaks, your prompts leak. If an employee is curious, they can read everything. Cognition doesn't work that way.

Your data is encrypted in your browser before it ever reaches the server. The server stores scrambled bytes. It can't read them. We can't read them. Nobody can, unless they have your password.

This page explains how that works, in plain English.

Start here

Go to app.cognitionai.tech and create an account. You'll pick an email and a password.

That password is important. It doesn't just log you in — it generates the encryption key that protects all your data. Cognition runs your password through 600,000 rounds of a key-stretching algorithm (PBKDF2) to produce a strong 256-bit key. This takes a second or two on purpose. It makes brute-force guessing impractical.

Once you're in, go to Settings and add an AI provider — OpenAI, Anthropic, Ollama, or anything OpenAI-compatible. Enter your API key. It gets encrypted with your personal key before it's stored. The server never sees it in readable form.

Then just start chatting. Pick a model, type a message. Everything you send and receive gets encrypted before it touches the database.

If you forget your password, your data is gone. There's no recovery email, no admin reset. The server doesn't know your key. This is the point — but it means your password matters.

How it works

Here's what happens when you use Cognition:

Your browser is the only place your data exists in readable form. The encryption key is derived from your password and held in memory. It's never saved to disk, never sent to the server, never stored in your browser's local storage. When you lock Cognition or close the tab, the key is gone.

The server is a dumb filing cabinet. It stores encrypted blobs and retrieves them on request. It runs the web app and proxies your messages to AI providers. But it cannot read what's inside those blobs.

AI providers receive your messages in plaintext — that's necessary for them to respond. If you want full privacy, use Ollama with a local model. Your prompts never leave your machine.

Your key

Your password goes through PBKDF2 — a key-stretching function — with 600,000 iterations. This is slow on purpose. If someone stole the database and tried to guess passwords, each guess would take seconds instead of microseconds. A random salt means no two users' keys look alike, even if they pick the same password.

The result is a 256-bit encryption key, held in your browser's memory as a Web Crypto CryptoKey object. The browser marks it non-extractable, meaning even JavaScript running on the page can't read the raw key bytes. It can only be used for encrypt and decrypt operations.

Every time you save something — a message, a conversation title, an API key — Cognition generates a fresh random 12-byte IV (initialization vector) and encrypts with AES-256-GCM. Identical messages produce completely different ciphertext each time. The result is stored as two base64 strings separated by a colon.

When you lock your vault or close the tab, the key reference is set to null and garbage collected. There's also an auto-lock timer — after 15 minutes of inactivity, Cognition locks itself.

What's protected

Encrypted — everything that's yours:

Every message you send and every response you receive
Conversation titles
Your API keys (OpenAI, Anthropic, etc.)
Agent configurations and system prompts
Workflow pipelines

Not encrypted — the boring structural stuff the server needs to function:

Your email and account creation date
Conversation IDs and timestamps (not their contents)
Which provider type you're using (but not the API key)
Message roles — whether something is from you or the AI

Think of it like an envelope. The server can see the envelope — who sent it, when, what shape it is. But it can't open it and read the letter inside.

The tradeoff

When you send a message to an AI model, Cognition has to send it in plaintext to the AI provider. That's how AI works — the model needs to read the message to respond. The server holds your decrypted API key in memory for a few seconds while it proxies the request, then forgets it.

This is the one place where your data exists outside the encrypted vault, briefly, in transit. If that concerns you, there's a solution: run Ollama with a local model. Your prompts stay on your machine. Combined with Cognition's encryption, nothing ever leaves your network.

AI providers can see your prompts. When using cloud models (OpenAI, Anthropic), your messages pass through their servers. Cognition protects your data at rest and in storage — but inference requires plaintext. For full privacy, use local models via Ollama.

AI providers

Cognition doesn't bundle its own AI. You bring your own keys, connect to whatever providers you want.

Ollama

Local models on your machine. Auto-detected if running. Nothing leaves your network. Full privacy.

OpenAI

GPT-4o, GPT-4, and the rest. Enter your API key — it's encrypted before storage.

Anthropic

Claude Opus, Sonnet, Haiku. Same deal — key encrypted, proxied per request.

Any OpenAI-compatible

Together, Groq, Mistral, local servers — anything with a compatible API.

Add providers in Settings. Your API key is encrypted with your vault key before it's saved. When you chat, Cognition briefly decrypts the key in your browser, sends it with the request, and the server uses it for that one call. It's never stored in plaintext.

Ollama shows a Local badge. Cloud providers show Cloud. So you always know where your data is going.

Agents & workflows

Agents are custom AI personalities. You give them a name, a role, a system prompt, and pick which model they use. Think of them as saved configurations — a "Researcher" agent that's thorough and citation-heavy, a "Coder" agent that writes clean Python, a "Writer" that matches your tone.

There are four built-in templates to start from (Researcher, Coder, Writer, Analyst), or you can build your own from scratch. Everything about an agent — including the system prompt — is encrypted.

Workflows

Workflows chain agents together. You define a sequence — say, Researcher → Analyst → Writer — feed in some input, and each agent processes the output of the previous one. The results stream live to your screen.

Useful for repeatable multi-step work: gather information, analyze it, then turn it into something polished. All intermediate results are encrypted before storage.

Workspaces

Each user can create isolated development environments — Docker containers that run inside Cognition. You get a full Ubuntu machine with Node, Python, git, and common dev tools, accessible through your browser.

A workspace gives you three panels side by side: a file browser on the left, a code editor with a terminal in the middle, and an AI assistant on the right. The terminal is a real interactive shell over WebSocket — it's not a simulation.

The AI assistant in a workspace has tools: it can read and write files, make edits, run shell commands, and search through your code. Everything it does happens inside your container, isolated from the host machine and from other users.

Workspaces need Docker, so they only work when Cognition is running on a machine with Docker installed. The hosted version at app.cognitionai.tech supports them.

You can connect a personal Telegram bot to your Cognition account. Create a bot through Telegram's @BotFather, paste the token into Cognition, pick an AI provider and model, and you're set.

Once connected, you can message the bot from your phone and get AI responses. It also has workspace commands — start and stop containers, run shell commands, manage files — all from Telegram. Handy for monitoring or quick tasks when you're away from your computer.

The bot token and API key are encrypted server-side (separately from your vault encryption, since the server needs to start the bot on its own). One bot per account.

Encrypted memory

Cognition can remember facts about you across conversations — your preferences, working context, communication style, and key facts. Unlike every other AI platform, these memories are encrypted client-side with your vault key. The server stores only ciphertext.

How it works

After each AI response, a separate background AI call extracts key facts from the conversation. These facts are encrypted in your browser, then stored on the server as ciphertext. On vault unlock, all memories are decrypted locally and injected as context into every conversation — so the AI gives personalized responses without the server ever seeing your data.

What gets remembered

Memories are categorized automatically:

Preference — "Prefers TypeScript over JavaScript", "Likes concise responses"
Context — "Building a healthcare SaaS", "Works at a startup"
Style — "Prefers code examples over explanations"
Fact — "Located in San Francisco", "Uses VS Code"

Full control

Open the Memory page from the sidebar (the brain icon). You can view all memories with category filters, add memories manually, edit or delete any memory, and toggle auto-extraction on or off. The extraction runs in the background — it never slows down your chat.

Zero-knowledge. Memory extraction happens via your AI provider using your own API key. The extracted facts are encrypted before storage. The server never sees plaintext memories.

Browser-native AI

Run AI models entirely in your browser. No server, no network, no API keys — the most private option possible. Cognition uses WebLLM (powered by WebGPU) to run open-source models directly on your device. Your prompts never leave the browser tab.

Three privacy tiers

Cognition is the only AI platform with three distinct privacy levels, each clearly labeled:

Device — Browser-native via WebGPU. Data never leaves your browser tab. Zero network activity.
Local — Ollama on your machine. Data stays on your network but uses a local server process.
Cloud — OpenAI, Anthropic, or any OpenAI-compatible API. Prompts sent to provider (encrypted in transit).

How it works

Go to Settings → Add Provider → Browser. If your browser supports WebGPU (Chrome 113+, Edge 113+), you'll see a green "WebGPU supported" indicator. Click Enable Browser AI to add four curated models to your model selector.

The first time you select a browser model, it downloads the model weights (200MB–2.2GB depending on size). These are cached in your browser's Cache Storage — subsequent loads are instant.

Available models

Model	Size	Best for
SmolLM2 360M	~200MB	Quick tasks, low-end hardware
Llama 3.2 1B	~700MB	General use, good balance
Qwen 2.5 1.5B	~1GB	Multilingual, reasoning
Phi 3.5 Mini	~2.2GB	Best quality, needs more VRAM

Requirements

Browser: Chrome 113+, Edge 113+ (WebGPU support required)
GPU: Any modern GPU with WebGPU drivers (integrated graphics work for smaller models)
Storage: 200MB–2.2GB for model weights (cached in browser)

Maximum privacy. When using a Device model, inference runs in WebAssembly on your GPU. No API calls, no server proxy, no network requests of any kind. Combined with Cognition's client-side encryption, your conversations are truly private — not even theoretically accessible to anyone.

Canvas

When the AI generates renderable content — HTML pages, Mermaid diagrams, SVGs, or formatted documents — Cognition automatically opens a live preview panel next to the chat. Think of it as an artifacts viewer, built right in.

What it renders

HTML — Full web pages rendered in a sandboxed iframe. Safe to preview interactive content.
Mermaid — Flowcharts, sequence diagrams, entity-relationship diagrams, and more. Rendered via mermaid.js.
SVG — Vector graphics displayed inline at full fidelity.
Markdown — Formatted documents with the same prose styling as chat messages.

How it works

When the AI's response includes a fenced code block with a supported language (html, mermaid, svg, markdown), the canvas panel slides open automatically. During streaming, the preview updates in real-time — you watch the page or diagram build itself as tokens arrive.

For past messages, a Canvas button appears next to the Copy button on any supported code block. Click it to open that content in the panel anytime.

Actions

The canvas panel header includes quick actions: Copy the source code, Download it as a file, or Open in new tab (HTML only). When multiple artifacts are in the same response, tabs let you switch between them.

Still encrypted. Canvas renders artifacts from your decrypted messages — the server never sees the content. Everything stays zero-knowledge.

Autonomous agents

Most AI assistants are reactive — they wait for you to open a chat. Cognition's autonomous agents run 24/7 on the server, executing tasks on a schedule without needing your browser open.

How they work

Create an agent with a system prompt, a list of goals, an AI model, and a schedule. The server-side scheduler fires at the configured interval — every 5 minutes, every hour, once a day. The executor builds a prompt from your goals, calls the AI, processes tool results, and saves everything encrypted.

Tools

HTTP Fetch

Fetch any URL and process the content. Monitor websites, check APIs, scrape data — with a 30-second timeout and 10K character limit per request.

Telegram Alert

Send notifications to your linked Telegram bot. Get real-time alerts on your phone when the agent finds something important.

Agent Notes

Save findings and observations as encrypted alerts. Build up a log of agent discoveries over time.

Schedules

Seven interval options: 5 min, 15 min, 30 min, 1 hour, 6 hours, 12 hours, 24 hours. Agents auto-resume when the server restarts — no manual intervention needed.

Error handling

If an agent fails, the error count increments and an alert is created. After 5 consecutive failures, the agent automatically pauses to prevent runaway errors. You can review the error, fix the config, and re-enable.

Server-side encryption. Agent configs (including API keys) are encrypted with AES-256-GCM using a key derived from the server's JWT_SECRET — the same pattern as Telegram bot tokens. The server needs autonomous access because agents run without your browser.

Knowledge graph

Your second brain, encrypted. The knowledge graph lets you organize information as nodes (documents, bookmarks, code snippets, notes) connected by typed edges (references, supports, contradicts, derived from).

Node types

Six types to categorize your knowledge: Document (long-form content), Bookmark (URLs with notes), Code (snippets and files), Note (quick thoughts), Memory (facts about you), and Conversation (saved chat insights). Each node has a title, body, optional URL, and tags.

Connections

Link nodes with typed edges: References, Relates to, Derived from, Contradicts, Supports, Part of. Each connection has a strength score (1-10) and an optional label. Select any node to see all its connections in the side panel.

Search

Keyword search across all decrypted nodes — titles, bodies, tags, and URLs. Because the server only stores ciphertext, search happens entirely in the browser after your vault decrypts the graph.

Client-side encrypted. Every node and edge is encrypted with your vault key (AES-256-GCM) before leaving the browser. The server stores only ciphertext. Graph decryption and search happen entirely in your browser — the server has zero knowledge of your knowledge.

App layer

Extend Cognition with sandboxed apps that run inside your encrypted workspace. Apps are loaded in iframes with strict sandboxing and communicate with Cognition through a controlled postMessage bridge.

Security model

Apps run in iframes with sandbox="allow-scripts allow-forms" — no allow-same-origin, which means they cannot access your cookies, localStorage, or DOM. Every request goes through the permission bridge, which validates that the app has been granted the specific permission for each method call. Rate limited to 100 requests per minute.

Permissions

Storage

Store and retrieve app-specific data in an isolated key-value store. Data persists within your session.

Alerts

Create notifications that appear in your alert bell. Apps can notify you of timers, completions, or important events.

AI Chat

Send messages to your configured AI models. Apps can use AI to power smart features — using your API keys.

Knowledge

Read from, write to, or search your encrypted knowledge graph. Apps can integrate with your second brain.

Built-in apps

Cognition ships with two apps to get you started: Pomodoro Timer (focus sessions with break intervals and session tracking) and Quick Notes (markdown editor with live preview and storage persistence). Both use the dark theme and monospace typography of the main app.

You grant the permissions. Before installing an app, you see exactly what it can access. Apps start with no privileges — you approve each permission explicitly. Every bridge request is logged and rate-limited. If you revoke or uninstall, the app loses all access instantly.

Crypto credits

Cognition lets you pay for AI access with cryptocurrency. No credit cards, no accounts with third-party payment processors. Just send crypto and get an API key.

How it works

Open the Credits page from the sidebar (the wallet icon). Select a chain — Base (recommended, low fees) or Ethereum. You'll get a unique deposit address derived just for you.

Send ETH, USDC, or USDT to that address. The platform watches the blockchain every 30 seconds. When your deposit is confirmed, it converts the crypto to a USD balance using live market prices.

Getting your API key

Once you have a balance, click Purchase Key. The platform provisions a personal OpenRouter API key loaded with your credits. The key appears once — copy it immediately.

Then go to Settings, add a new provider:

Type: OpenAI Compatible
Base URL: https://openrouter.ai/api/v1
Paste your key

That's it. You now have access to 200+ models through OpenRouter — Claude, GPT-4, Llama, Mistral, Gemini, and more. The key is yours. It works here, or in any OpenAI-compatible client. Traffic goes directly to OpenRouter, not through us.

Supported tokens

ETH	Native — min 0.001 ETH
USDC	ERC-20 stablecoin — min $1
USDT	ERC-20 stablecoin — min $1

Base requires 5 confirmations. Ethereum requires 12. Deposits typically appear within a few minutes.

Privacy

Each user gets a unique deposit address derived from an HD wallet. The platform sees the deposit and credits your account, but there's no link between your Cognition identity and your wallet address beyond what's visible on-chain. Your OpenRouter key is encrypted in your vault like any other API key.

Pro tip: Base has much lower gas fees than Ethereum mainnet. For small deposits, use Base.

Encryption audit

We don't ask you to take our word for it. Cognition has a built-in audit page that lets you verify the encryption yourself, right in the app.

Open the Audit page from the sidebar (the shield icon). Here's what you'll find:

Vault fingerprint

A unique identifier derived from your encryption key — similar to Signal's safety numbers. If your password or salt changes, the fingerprint changes. It proves your vault identity without revealing the key itself.

What the server sees

The audit page pulls your actual data from the database and shows you the raw ciphertext — the scrambled base64 blobs that the server stores. Next to each one is a Decrypt button. Click it, and your browser decrypts the ciphertext right in front of you, proving that only your key can read it.

This is real data from your account, not a demo. If you have conversations or messages stored, you'll see their encrypted form and can verify the decryption yourself.

Database column audit

A complete map of every column in every database table, showing which ones are encrypted (green) and which are structural metadata (gray). You can see exactly which fields the server can read and which are opaque ciphertext.

Live encryption test

Type anything into the test box and hit Encrypt. Your browser encrypts it with your vault key, shows you the ciphertext, then decrypts it back — all locally. Nothing is sent to the server. You can run it as many times as you want. Notice that the ciphertext is different each time, even for the same input — that's because every encryption uses a fresh random IV.

Verify with DevTools

The audit page also gives you instructions for verifying independently using your browser's developer tools:

Network tab — watch the API requests. Message bodies contain only base64 ciphertext, never plaintext.
Application storage — no encryption keys in localStorage or IndexedDB. The key lives only in JavaScript memory.
Source code — the entire encryption implementation is ~80 lines in a single file. No external crypto dependencies.

Try it now: open app.cognitionai.tech/audit while logged in. Click Decrypt on any ciphertext sample to prove that only your browser can read your data.

No system is perfectly secure. Here's an honest look at what Cognition protects against and what it doesn't.

Someone steals the database	They get encrypted blobs. Useless without your password. Protected.
A server admin tries to read your data	They see the same encrypted blobs. No key, no access. Protected.
Your internet connection is intercepted	HTTPS encrypts in transit. Your data is also encrypted before it even leaves the browser. Double layer. Protected.
Someone tries to brute-force your password	600,000 PBKDF2 iterations + random salt. Each guess takes seconds. Mitigated.
You leave your computer unlocked	Auto-lock kicks in after 15 minutes. When locked, the key is gone from memory. Protected.
The AI provider logs your prompts	Cognition can't prevent this — the model needs to read your message. Use local models for full privacy. Not in scope.
Server memory is inspected during a request	Your API key exists briefly in memory while the AI request is proxied. Rare attack, but technically possible. Partial.
Malware or a browser extension reads the page	If something has access to your browser's DOM, it can read what you see. This is true for every web app. Not protected.

The bottom line: if someone gets the server — the database, the disk, a full memory dump after restart — they can't read your conversations. They'd need your password. And with 600,000 rounds of key stretching, guessing it isn't practical.

For maximum privacy, pair Cognition with Ollama and a local model. Your prompts stay on your machine. Your conversations are encrypted at rest. Nothing ever touches a third-party server.