Source-first and secure AI for the workplace
Keeping our clients' data secure is Knode.ai’s top priority. Knode was built from the ground up by the same team that created much of the data infrastructure for the US 911 system in partnership with Apple and Google.
In Process Compliance Certifications
SOC 2 Compliance
Security and trust are integral at Knode.ai. We are in process for achieving audit certification for Service Organization Controls (SOC 2) Trust Services Principles, focused on security. Our continued SOC 2 certification will ensure our organizational and technology controls are independently audited at least annually.
GDPR Compliance
Customers’ personal information is maintained and secured in accordance with the EU's General Data Protection Regulation (GDPR). We are in process achieving GDPR compliance confirmation.
​
Please see our Privacy Policy for more details.
Secure Data Storage
All data is stored in enterprise databases/caches in a production GCP environment. Data is encrypted at rest with FIPS 140-2 validated crypto module utilizing AES 256 bit encryption. All data in transit is encrypted using TLS 1.2+.
Tenancy Options
Knode defaults to a multi-tenancy application (similar to slack, google drive, and many others) for cost/monitoring reasons. At additional cost, Knode.ai also offers a Data Single Tenancy Option, which enables customer data to be stored in a separate GCP project. In this instance, you control the cloud account and therefore are responsible for maintaining the resources it contains along with access permissions (e.g. to the Knode application layer).
Data Indexing Controls
Administrators at your company control what data Knode can access or indexes. Access controls are specific to each integration. Existing user permissions are enforced for data indexing, meaning that, for example, users of Google Drive will only be able to search files and folders that they have permission to access. In addition, Administrators can choose to exclude files and folders completely.
Data Retention
Knode’s data retention policy aims to mirror source retention policy exactly. Ingested and indexed customer data is stored in a dedicated partitioned enterprise data store and kept fully synchronized with the application sources thus mirroring customer changes such as access permissions updates, deletions, and modifications. For example, if a document is deleted from the customer system, the document and its index representation is deleted from Knode.
Separate from application sources, data can be specifically excluded at any time. For example, if a specific employee is no longer with the customer organization or for any reason, organization administrators can delete users, which will trigger deletion of all user-specific data and metadata. Likewise organization administrators can also enable or delete integrations at any time, which will remove the application-specific data for all users. Finally, if an organization is removed from Knode, all organization data and any related metadata is also completely removed.
Access and Permissions
Authenticated Access
All Knode access requires authentication via Slack.
Administrators can enroll specific users or enable your entire organization.
Strict Permissions Enforcement
Knode only shows users information they already have permission to access in source applications. If any permissions change, Knode’s results reflect those changes.
Search Index in Sync with Applications
Content, permissions, and metadata are continuously synchronized with your source applications. Existing GDPR, CCPA, and data retention processes you have should not be impacted by Knode.
Application Security
All Knode.ai SaaS communications are encrypted over TLS 1.2, which cannot be viewed by a third party. This is the same level of encryption used by banks and financial institutions. All customer data on Knode.ai is encrypted at rest using AES-256 encryption.
Knode.ai actively monitors ongoing security, performance, and availability 24/7/365. We run automated security testing on an ongoing basis. We also contract with a third party for penetration testing.
Knode.ai maintains ongoing PCI Compliance, abiding by stringent industry standards for storing, processing and transmitting credit card information online.
Infrastructure Security
Knode.ai’s infrastructure is hosted in a fully redundant, secured environment, with access restricted to operations support staff at time of incident only. This allows us to leverage complete data and access segregation, firewall protection, and other security features that ensure the absolute minimum level of access to your data and our production infrastructure.
End-to-End Security
Knode.ai is hosted entirely on Google Cloud Platform (GCP), leveraging its end-to-end security and privacy features. Our team takes additional proactive measures such as continuous monitoring, auditing, pen test, and more, to ensure a secure infrastructure environment. For additional, more specific details regarding GCP’s security, please refer to Security, Privacy, and Cloud Compliance | Google Cloud.
Privacy
We are members of the Privacy Shield framework. For more information on Knode.ai's treatment of data, please see our Privacy Policy and Security Policy.
Data Center Security
Knode.ai customer data is hosted by Google Cloud Platform (GCP), which is certified SOC 2 Type 2. GCP maintains a list of reports, certifications, and third party assessments to ensure complete and ongoing state-of-the-art data center security.
GCP infrastructure is housed in Google-controlled data centers throughout the world, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access. More information on GCP data centers and their security controls can be found in Cloud Compliance & Regulations Resources.