Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.cobalt-ia.com/llms.txt

Use this file to discover all available pages before exploring further.

Cobalt is built for the European market. Your data is hosted exclusively in France, encrypted end to end, and protected by GDPR controls built into every workflow. You own 100% of your data at all times.

Infrastructure & hosting

Location Cobalt runs on AWS Paris (eu-west-3) and Scaleway (France). Both providers are entirely EU-based. No data is ever transferred to or processed outside the European Union. Encryption
  • Data at rest: AES-256 encryption
  • Data in transit: TLS 1.3
Encryption is always on — there is no unencrypted data path and no option to disable it. Availability Cobalt uses a high-availability architecture with automatic failover across availability zones. Infrastructure is monitored continuously.

Authentication & access control

  • Mandatory MFA for all admin accounts — this cannot be disabled.
  • Two-factor authentication (2FA) available for all user accounts (strongly recommended).
  • SSO / SAML available on the Enterprise plan.
  • Granular role-based permissions — control exactly what each user can see and do, down to individual modules and record types.

GDPR compliance

Cobalt is GDPR-compliant by design, not by configuration. The controls you need are built into every workflow. Candidates must give their explicit consent before you can contact them. Cobalt tracks consent status per candidate and per channel, and surfaces warnings if you attempt to contact an unconsented profile.

Right to erasure

Delete any candidate profile in one click. Cobalt removes the record from all systems — including enrichment data, call recordings, and AI-generated summaries.

Data portability

Export any individual profile or your entire database at any time in JSON or CSV format, directly from your account settings. No support request required.

Breach notification

Cobalt maintains incident response processes aligned with GDPR Article 33. If a breach affects your data, you are notified within 72 hours.

Data Processing Agreement (DPA)

A DPA is included with every plan — including the free plan. Enterprise customers can negotiate a custom DPA tailored to their group’s specific requirements. To access the standard DPA or request a custom version, contact the team via in-app chat or email team@cobalt-ia.com.

Data use & AI

Your data is never used to train AI models. This is a contractual commitment written into the DPA, not just a policy statement.
Cobalt uses third-party AI models for document generation, email drafting, summarization, and complex reasoning. Exact providers are bound by the same contractual data-use constraints as Cobalt. Human in the loop Cobalt proposes — you decide. No autonomous action runs without your explicit validation. AI scoring, matching, and sequence suggestions are always presented as recommendations, never as instructions.

Audit & transparency

Audit logs Every action taken in Cobalt — by a user or by an AI agent — is recorded in an immutable audit log. Logs are:
  • Queryable: filter by date range, user, action type, or record.
  • Exportable: download as CSV for compliance reporting or legal review.
  • Immutable: no user, including admins, can edit or delete log entries.
Audit logs are available to all admin users on all plans. Explainable AI scoring When Cobalt scores a candidate against a role, you can see exactly which skills, experience signals, and criteria drove the score. There are no black-box rankings. Anti-bias measures Cobalt applies several measures to reduce algorithmic bias in recruitment:
  1. Regular algorithmic audits [TO CONFIRM: frequency and third-party provider]
  2. Transparent scoring — every score shows its reasoning
  3. Anonymization options — hide name, photo, and other identifiers during the scoring phase
  4. Human final control — a human always makes the final call

Data ownership

You own 100% of your data. Cobalt never claims any rights over your candidate records, company data, or proprietary information.
  • One-click export in JSON or CSV at any time, from your account settings.
  • 30 days to export after you cancel your account — your data remains accessible and downloadable.
  • No vendor lock-in: exported files are structured and portable to any other platform.