Skip to main content
When you use Claude Code or Cursor with Cogniscape installed, a lightweight background process captures development activity metadata from your coding sessions. This page explains exactly what is collected, what is not, and the purpose behind each data point.
Cogniscape never reads your prompts, your conversation history, or the content of your files. It captures activity metadata — the same kind of information that already appears in your git log.

What triggers data collection

Cogniscape registers hooks in your AI coding tool that fire at specific moments during a session. No data is collected outside of these events.
EventWhen it fires
Session startYou open a new Claude Code session
Session summaryThe agent finishes its work and returns control to you
Plan approvedYou approve an implementation plan
Task createdA task is created during the session
Task completedA task is marked as done
Subagent conclusionA background agent finishes its work

What we capture and why

Every field we collect serves a specific purpose in answering the five core questions Cogniscape is built around: what happened, who did it, when, how, and why.

Identity and context

FieldExamplePurpose
Developer name"alice"Attribute activity to the right person (who)
Repository"acme/backend"Scope activity to a project (what)
Branch"feat/retry-payments"Track which initiative is being worked on (what)
Session duration1842 (seconds)Understand effort distribution (when / how)
Timestamp"2026-03-28T14:32:00Z"Place activity in time (when)

What the AI assistant did

FieldExamplePurpose
AI response summary"Implemented retry logic with exponential backoff..."Understand the work that was done (what / why)
Tool usage counts{"Edit": 12, "Read": 8, "Bash": 5}Gauge session complexity (how)
Files touched["src/payments/retry.ts", "tests/retry.test.ts"]Track which areas of the codebase were involved (what)
Recent commands["npm test", "git status"]Understand the development workflow (how)
Test resultspassed: trueTrack quality signals (how)
Token usage by model{"claude-opus-4-6": 45000}Resource attribution (internal analytics)
The AI response summary contains only the assistant’s messages — never your prompts or questions. It is also truncated and sanitized before storage: code blocks, URLs, and identifiers are stripped.

Plan and task metadata

FieldExamplePurpose
Plan steps["Create migration", "Add API route", "Write tests"]Track planned vs. actual work (why / how)
Task title"Add retry logic to payment service"Describe units of work (what)
Task status"completed"Track progress (how)

What we do NOT capture

This is the most important section of this page. The following data never leaves your machine:
When you type a message to Claude Code or Cursor, that text stays local. Cogniscape explicitly filters out all user messages — only assistant responses are processed, and even those are truncated and sanitized.
The full transcript of your session is never sent to Cogniscape. The CLI reads the transcript file locally to extract metadata (duration, tool counts, file lists) and then discards the file reference. The transcript itself is never uploaded.
Cogniscape captures file paths (e.g., src/payments/retry.ts) but never the content of those files. Paths are also converted to repository-relative format — absolute paths and home directory references are stripped before transmission.
No IDE configuration, environment variables, .env files, API keys, or authentication tokens are ever accessed or transmitted. The CLI only reads the hook payload provided by the AI tool and your local git configuration (name, email, branch).
Only the last 5 commands you ran are captured, and each is truncated to 200 characters. Long commands, heredocs, and multi-line scripts are dropped entirely. Command output (stdout/stderr) is never captured.
All file paths are converted to repository-relative paths before transmission. Your home directory, workspace root, and any worktree prefixes are stripped. The server never learns your filesystem layout.

How data flows from your machine

The following diagram shows the complete data path from your coding session to the Cogniscape knowledge graph. 
Your Machine                              Cogniscape Cloud
─────────────                             ────────────────

Claude Code / Cursor


Hook fires (e.g., session end)


Cogniscape CLI (local binary)
    ├── Reads hook payload (provided by AI tool)
    ├── Reads git config (name, email, branch)
    ├── Reads transcript locally (extracts metadata only)
    ├── Strips absolute paths
    ├── Truncates commands (200 chars, last 5)
    ├── Filters out user messages
    └── Sends structured event ──────────────► API endpoint


                                            Sanitization
                                            ├── Code blocks removed
                                            ├── URLs stripped
                                            ├── Identifiers excluded
                                            └── Passes to knowledge graph


                                            AI extraction
                                            ├── Entities (natural language)
                                            ├── Facts (natural language)
                                            └── Stored as semantic descriptions
Sanitization happens at two stages: first on your machine (the CLI strips paths and truncates data), then on the server (the ingestion pipeline removes code blocks, URLs, and sensitive patterns). Defense in depth — even if something slips past the first stage, the second stage catches it.

Frequently asked questions

No. Your prompts are never captured, transmitted, or stored. No one — including Cogniscape, your manager, or your organization’s admin — can access what you typed into Claude Code or Cursor.
No. Cogniscape sees file paths (which files you touched) but never file contents. This is architecturally enforced — the CLI does not read your source files, only the hook payload and git metadata.
It stays local. Since Cogniscape never captures user messages, anything you paste into a prompt — passwords, API keys, personal notes — is never transmitted to Cogniscape.
No. Cogniscape only fires during the specific hook events listed above. There is no background monitoring, no keystroke logging, and no screen capture. Between hook events, the CLI is completely idle.
Yes. The Cogniscape CLI is a local binary that runs on your machine. You can inspect the hook configuration in ~/.claude/settings.json (Claude Code) or ~/.cursor/hooks.json (Cursor) to see exactly which events trigger data collection. You can also run the CLI with verbose logging to see the exact payload before it is sent.
Running cogniscape uninstall removes all hooks from your AI tool’s configuration and deletes the CLI binary. No residual data collection occurs after uninstall. Historical data already in the knowledge graph is retained according to your organization’s data retention policy.

Questions?

If you have questions about developer privacy, contact us at [email protected].