Official Company Name | COGNIVIEW LLC | (operating as) PDF2XL |
Headquarters Address | 1495 Spalding Dr. Atlanta, GA 30350 - 4210 USA | (Do not send check payments to this address) |
Supplier Type | Manufacturer |
|
Organization Type | Partnership |
|
Primary Contact | Colleen Ludgate, VP | Request info from [email protected] |
Secondary Contact | Lior Weinstein, CEO | Request info from [email protected] |
Accepted Payment Methods | Visa, MasterCard, AMEX (secure online invoice can be provided)
Check: (payable to) COGNIVIEW LLC 1007 Mansell Rd, Suite A #520 Roswell, GA 30076 United States
Bank Transfer (please request remittance information) | Preferred method
Checks can take several weeks to post to our account. Please send us a proof of payment so we can process your order sooner.
All fees to be paid by the BUYER. |
Registered | 2000-12-09 |
|
TAX ID EIN | 47-1809330 |
|
DUNS Number | 080050125 |
|
Product/Service | Software |
|
CIN# | No |
|
Product | PDF2XL PDF2Word Merge PDF Split PDF |
|
Made in: | USA |
|
GDPR Compliant | No |
|
Software mainly procured or provided in (50%+): | USA |
|
Cyber liability Insurance? | No |
|
Application security testing performed? | Yes |
|
Type of testing performed | SCA (Software Composition Analysis) |
|
Secure Coding Standards | Not applicable | The application is intended to be run on a user restricted environment without need of internet access |
Oracle Java | Not required, nor run |
|
Developer training on secure coding techniques | During initial development, some developers had special training. Software is already mature and minimal changes have been performed to it. |
|
Storage of passwords/credentials in code repository or within the application code | No |
|
How is the service run? | On-premise |
|
Software Bill of Materials (SBoM) Inventory keot | Yes |
|
Encryption | GCM AES 128-bit |
|
How PDF2XL retains data | PDF2XL retains data in the following ways: | Regarding sensitive information: PDF2XL will retain user authentication data (email, password) users disk and cloud, usage LOG (which contains PDF filename when conversion occurs, and some minimal information from the PDF file, like number of pages) on user disk. PDF2XL can also send to cloud a dump file that might contain pieces of the PDF file and the LOG, but it only occurs when all three conditions happen: user allows it, there is an internet connection, and the app crashed with a PDF file opened.
PDF2XL needs libraries, tools and executables: (1) in order to be run. That data is kept locally on the users disk, mostly raw in binary format. Sometimes, users want the user interface to be localized for their language, and store such localized data(2) is stored in a server that could be downloaded to the users machine (which is also binary data). Each time the user performs actions on the application, some tracking information is written to a log file (3) in simple text format, no encryption; some data is also sent to a remote server where the most widely used segments can be viewed. Segments are kept in a database in plain text. The user can disallow such data to be sent to the server by opting out on settings screen.
When the app behaves badly and crashes, one tool collects binary status of the app and builds a file (5) that is shared to the BugSplat (bugsplat.com) service which retains data for further investigation. When the user has opted out from sharing data to PDF2XL, a screen appears asking permission to send data (which could be manually inspected by the user) anonymously. In order to run the app, it requests a token with authorization data (7) from Auth0 (auth0.com). The token is a signed file which is kept on the user's disk so PDF2XL knows which functions are available for the user. Auth0 also stores email/password authentication data (6) with their encryption method. Authentication data is also stored on the user's disk to ease the request of an updated token. The file rests encrypted. |
User application access | Desktop install, activate with email and password | Authentication and Authorization via Auth0 |
SSO (single sign on) | No |
|
KYC Documents | No |
|
UI Languages available | Spanish French English Portuguese Italian German Dutch |
|
Default language | The application should match the local pc language. If not, it can be easily switched in the Options. |
|
Software packages needed to install | PDF2XL needs Microsoft C++ redist. It is delivered with the software installation package. |
|
Written Quality Program | Not applicable |
|
Recognized Quality Registrar certification | Not applicable |
|
Supplier Pre-Qualification System | Not applicable |
|
Data processing agreement (DPA/ADV/TOM's) | Not applicable |
|
TIA (Transfer Impact Assessment) | Not applicable |
|
EU Standard Contractual Clauses (SCC) of June 4, 2021 (or newer) | Not applicable |
|
Swiss annex to the EU SCCs accepted | Yes |
|
How the software integrates with Microsoft Entra ID for authentication | Integration with remote authentication servers is possible but must be negotiated with sales team. | |
How the program integrates with Microsoft Entra ID for user provisioning | Integration with remote authentication servers is possible but must be negotiated with sales team. | |
How the program integrates with Microsoft Entra ID for authorization | Integration with remote authentication servers is possible but must be negotiated with sales team. | |
Primary user linking attribute | Email address |
|
License management | A portal is provided to the email address used to register the software. The person with this email address can add licenses, reassign users, and add secondary admins, who also have these privileges. |
|
Major components of the application, and the underlying technology stack | Application run as standalone executable; no internet connection is necessary. The application receives a PDF as input, user selects which data to extract, manipulate data on a preview, and the app gathers data using built-in routines to transform data. |
|
Zero-trust network architecture | Never deployed in this environment |
|
Diagrams and documentation for network communication between application components or between systems required for the product to function | There is no documentation for this
The app does not need internet to perform the task, but if available, it reaches the internet for 5 reasons: | (1) to download the authentication token from auth0 (there is another way to download the token)
(2) to upload usage stats
(3) to send crash reports
(4) to look for updates
(5) to list and download contents for OCR or i18n to change app language. |
Scale of each component of the application | PDF2XL can be used with human intervention, so for every human a new authorized installation is necessary. PDF2XL can be used to perform specialized automated tasks. In both cases, the scaling depends on PDF requirements. | Sales team will be glad to provide more information.
|
Technical administration tasks required | Team must keep the software updated. If app runs disconnected (offline), the team will be required to manually refresh authentication token after expiring. | Failure to keep software updated limits our ability to assist if a problem with the application occurs. |
SOC2 Certification | We are not SOC2 certified. We don't need to be since this is an offline software and no data is sent to us. |
|
HIPPA Compliance | The software is installed locally and all files are processed locally without any outside connections and hence would be 100% HIPPA compliant. |
|
SECTION 508 ACCESSIBILITY STANDARDS applies to: | 1194.21 Software Applications and Operating Systems | Most of the specifications for software pertain to usability for people with vision impairments. For example, one provision requires alternative keyboard navigation, which is essential for people with vision impairments who cannot rely on pointing devices, such as a mouse. Other provisions address animated displays, color and contrast settings, flash rate, and electronic forms, among others. |
HOSTING
Who is physically hosting sensitive information and in what locations? | PDF2XL is a standalone software that runs on a single computer. It can optionally track user interaction to populate segments on a hosted database for further analysis.
On crash events , user has the option to send some information to bugsplash servers for further analysis.
User and password is hosted on auth0.com provider. For corporate license management, there is a server where admin can manage the licenses. |
Are application and data process segmented or virtualized from other hosted services or other client data hosted by Cogniview/PDF2XL? | No |
Is all sensitive application information on third-party hosted servers accessible only to Cogniview/PDF2XL and not the hosting firm (provider)? | N/A No sensitive information is shared or kept. The app can optionally track user interaction and store it on a remote server for application features statistics. Authentication is stored by auth0.com service |
Is sensitive application information (e.g. PHI, PII, account data) on third-party hosted servers encrypted and keys managed to provide access only to vendor and not the hosting firm? | N/A No sensitive information is shared or kept. The app can optionally track user interaction and store it on a remote server for application features statistics. Authentication is stored by auth0.com service. |
Does Cogniview/PDF2XL use a third-party firm to host sensitive information? | N/A No sensitive information is shared or kept. The app can optionally track user interaction and store it on a remote server for application features statistics. Authentication is stored by auth0.com service |
Does Cogniview/PDF2XL have a current SOC2 type 2 or equivalent certification? | No. As this is an offline/desktop software, we are not required to be SOC2 certified since no data is sent to us |
AUTHENTICATION
Does the application use the user's native JHED/Single-Sign-On authentication? | No |
1Does the application use federated identity for user access (e.g. Shibboleth, SAML2, OAuth, and OpenID)? | No |
For on-premise server deployment, does the implementation of the system support LDAPS (Secure LDAP) for Active Directory authorization and authentication? | Yes. PDF2XL is meant to be installed on the user's machine, not on server. PDF2XL allows automation, which is meant to be configured by the customer. Cogniview can develop LDAP or AD for authentication, but that requires negotiation. |
4Does all vendor access to user data require Multi-Factor Authentication? | N/A PDF2XL only accesses files that the user has already authorized. On automation, user must create means to allow PDF2XL to access it. |
SECURITY
| Yes. An administrator's dashboard is provided at the time of the first purchase. |
Application automatically terminates user sessions after a specified period of inactivity.
| The PDF2XL standalone app will keep the user authorized to for as long as the user is allowed to access (which can be controlled on the admin dashboard). Re-activation may be necessary after machine changes like updates, or if you have a non-persistent server environment. |
Application provides role-based access capability to restrict access to specific records or modules within the system. | N/A PDF2XL allows access to all features that are licensed by the plan type. There is no access to sensitive information within the app, so no user access levels are required to operate the software. |
Transmission encryption (information in transit) meets applicable NIST standards and encrypts authentication actions and sensitive information (e.g. TLS 1.2 connection or higher with AES 128-bit keys or higher). | Yes. All webservices that transmit secured information (user/pass/authorization tokens/etc) is made with TLS 1.2 and AES 128. PDF2XL is an offline standalone app, so no transmission is necessary to operate the software
|
System allows for patching and updating of platform technologies immediately upon patch issuance after necessary testing (e.g. MS Security Updates). | Yes. No sensitive information is kept or transferred by PDF2XL. Updates to the OS can cause issues for PDF2XL, but we are confident against security breaches that cause leaking of sensitive information from PDF2XL. |
Security features comply with applicable federal (HIPAA, et al) health information standards for data integrity, confidentiality, auditing, and availability. | Yes. The software is installed locally and all files are processed locally without any outside connections and hence would be 100% HIPPA compliant. |
ACTIVITY LOGGING
System logs access attempts and successful logins by user ID, date, time, session initiation and termination. | PDF2XL can operate fully offline. Authenticating to use PDF2XL can cause a log on auth0, stating the last time user has successfully authenticated. |
System maintains an audit trail of administration and maintenance performed by date, time, user ID, and terminal. | No. No interfaces keep or transfer sensitive information, so no auditable data is kept. |
System allows client to automatically download complete user access logs in a standard format. | No. No interfaces keep or transfer sensitive information. The only data the PDF2XL server can keep is the user email. Requesting the wipe of data can be performed through support team. |