Security, Governance & Trust

Our platforms are designed to comply with GDPR and PIPEDA and are aligned with CCPA requirements, using a privacy‑by‑design approach that emphasizes data minimization, secure processing, and configurable retention. We continually improve our controls and pursue higher certifications such as ISO 27001 as part of our roadmap.

Cicero, TeamworkAR, and related integrations collect only the minimal information needed to deliver and measure learning experiences—typically first name, last name, email address, company or organization, and optional learning progress or performance data. Additional content you choose to upload (such as documents, diagrams, models, playbooks, procedures, or media) is used to create realistic scenarios and guided workflows but is not required for every use case.

We maintain clear boundaries around data ownership so you stay in control.

You own the content you upload to Cicero, TeamworkAR, and supporting integrations (such as documents, diagrams, models, playbooks, procedures, or media) and the minimal user profile data needed for provisioning.

• CGS owns operational metrics, system logs, and audit trails necessary for reliability, billing, security, and compliance.

• Scenarios, AI coaches, and combined workflows built on the platform are co‑owned: they exist within our products and rely on CGS IP and algorithms, but we make no claim over your underlying source content.

Data is typically hosted in the US, with options for additional regions such as Canada, Spain, and Singapore—or deployment in your own cloud—depending on your compliance and residency requirements. For global organizations, Cicero supports aggregate‑only, cross‑region reporting by sending anonymized, non‑identifiable aggregates (for example, average scores and usage by region) to a central data lake, avoiding individual re‑identification in line with GDPR and local privacy rules.

Retention is configured in your MSA/SOW according to legal and corporate policies in each jurisdiction, often aligning to multi‑year standards such as seven‑year record retention. When deletion is triggered by cancellation, explicit request, or end of retention:

• Day 0: The deletion event is initiated.

• Days 0–30: Client‑owned records enter a soft‑delete state; they are marked inactive and can be reactivated during this window (typically within about 7 days).

• Around Day 30: Hard deletion removes client‑owned content from production databases, object storage (such as S3), search indexes, and caches.

• Days 30–90: Encrypted, immutable backups expire according to the configured backup policy.

• Up to 1 year: Audit and SIEM logs are retained for security and compliance, then expire, with minimal or no PII by design.

Analytical data may be retained in anonymized, aggregate form, with personally identifiable information removed in accordance with GDPR, CCPA, and PIPEDA.

If you run a proof of concept or trial and choose not to proceed, all trial‑related data is securely deleted within 30 calendar days of written notification.

No. Customer content and end‑user inputs are never used to train our core models or any underlying foundation models; they are used only for the duration of the specific scenario or task and are not written back into the model. Removing a document from your corpus immediately removes it from future responses.

We encrypt data in transit and at rest using industry‑standard protocols and maintain encrypted, immutable backups governed by your retention policy (typically 35–90 days, defined in your MSA/SOW).

We use role‑based access control (RBAC), multi‑factor authentication, and tenant isolation so that only authorized users can access sensitive data across Cicero, TeamworkAR, and integrated environments.

Customer documents and knowledge are stored in secure, tenant‑isolated environments, with segmented infrastructure, least‑privilege access, and a clear separation between customer content and operational telemetry.

We combine continuous monitoring, input sanitization, adversarial testing, and regular security reviews to identify potential issues, backed by a defined incident‑response process to investigate and remediate security events.

We support hybrid hosting (for example, front‑end in CGS Immersive’s cloud with back‑end in your private cloud), closed‑system modes where data can be processed and deleted after specific tasks, and bring‑your‑own‑LLM options to align with internal security and data‑sovereignty policies.

Cicero uses retrieval‑augmented generation (RAG) so the model can consult your documents without learning them. Your approved content is converted into embeddings and stored in a secure, tenant‑isolated vector database; when a user runs a scenario, the system retrieves the most relevant snippets and passes them to the model for that interaction only. The base model remains unchanged—no fine‑tuning, no parameter updates, and no permanent absorption of your data—allowing you to update or remove documents instantly and maintain strong governance.

We align our AI governance program with ISO 42001, apply bias‑mitigation techniques, and focus on explainable behavior so AI‑generated feedback and scoring stay consistent with your policies and regulatory expectations.

We combine technical and operational controls to protect the platform. Input sanitization and filtering reduce the risk of malicious or adversarial inputs; data encryption protects information in transit and at rest; adversarial testing helps identify vulnerabilities; and continuous monitoring with threat‑intelligence tools supports rapid detection and response. We also maintain defined incident‑response processes to manage and remediate any security events.

Cicero, TeamworkAR, and our integrations connect with your existing learning and HR ecosystem via APIs, Single Sign‑On (SSO), and standards such as SCORM and xAPI. This enables secure data exchange with LMS, HR, and identity platforms, supports detailed progress tracking, and allows you to keep sensitive user and performance data within your own systems when desired.

We support a range of deployment patterns, including hybrid hosting (for example, front‑end in CGS Immersive’s cloud with back‑end in your private cloud), closed‑system modes where data is processed and deleted on task completion, and bring‑your‑own‑LLM approaches where you supply a proprietary model. These options allow you to reduce exposure, maintain data sovereignty, and align with internal security policies and regulatory constraints.

Standard Data Processing Agreements (DPAs) are available to help you meet GDPR, CCPA, PIPEDA, and other regional privacy obligations. Our legal team can work with you to address specific contractual requirements, define retention and residency parameters, and document shared responsibilities across security, privacy, and incident response.