top of page

Source-first and secure AI for the workplace

Keeping our clients' data secure is Knode.ai’s top priority. Knode was built from the ground up by the same team that created much of the data infrastructure for the US 911 system in partnership with Apple and Google.

aicpa-soc-logo.png
GDPR Compliance Badge

Compliance Certifications

SOC 2 Type 2 Compliant

Security and trust are integral at Knode.ai. We are certified for Service Organization Controls (SOC 2) Trust Services Principles, focused on security. Our continued SOC 2 Type 2 compliance ensures our organizational and technology controls are independently audited annually.

GDPR Compliant

Customers’ personal information is maintained and secured in accordance with the EU's General Data Protection Regulation (GDPR). We are in process achieving GDPR compliance confirmation.

​

Please see our Privacy Policy for more details.

Secure Data Storage

All data is stored in enterprise databases/caches in a production GCP environment. Data is encrypted at rest with FIPS 140-2 validated crypto module utilizing AES 256 bit encryption. All data in transit is encrypted using TLS 1.2+. 

Tenancy Options

Knode defaults to a multi-tenancy application (similar to slack, google drive, and many others) for cost/monitoring reasons. At additional cost, Knode.ai also offers a Data Single Tenancy Option, which enables customer data to be stored in a separate GCP project. In this instance, you control the cloud account and therefore are responsible for maintaining the resources it contains along with access permissions (e.g. to the Knode application layer).

Data Indexing Controls

Administrators at your company control what data Knode can access or indexes. Access controls are specific to each integration. Existing user permissions are enforced for data indexing, meaning that, for example, users of Google Drive will only be able to search files and folders that they have permission to access. In addition, Administrators can choose to exclude files and folders completely.

Data Retention

Knode’s data retention policy aims to mirror source retention policy exactly. Ingested and indexed customer data is stored in a dedicated partitioned enterprise data store and kept fully synchronized with the application sources thus mirroring customer changes such as access permissions updates, deletions, and modifications. For example, if a document is deleted from the customer system, the document and its index representation is deleted from Knode.

 

Separate from application sources, data can be specifically excluded at any time. For example, if a specific employee is no longer with the customer organization or for any reason, organization administrators can delete users, which will trigger deletion of all user-specific data and metadata. Likewise organization administrators can also enable or delete integrations at any time, which will remove the application-specific data for all users. Finally, if an organization is removed from Knode, all organization data and any related metadata is also completely removed.

Access and Permissions

Authenticated Access

All Knode access requires authentication via Slack.

 

Administrators can enroll specific users or enable your entire organization.

Strict Permissions Enforcement

Knode only shows users information they already have permission to access in source applications.  If any permissions change, Knode’s results reflect those changes.

Search Index in Sync with Applications

Content, permissions, and metadata are continuously synchronized with your source applications. Existing GDPR, CCPA, and data retention processes you have should not be impacted by Knode.

Application Security

All Knode.ai SaaS communications are encrypted over TLS 1.2, which cannot be viewed by a third party. This is the same level of encryption used by banks and financial institutions. All customer data on Knode.ai is encrypted at rest using AES-256 encryption.

 

Knode.ai actively monitors ongoing security, performance, and availability 24/7/365. We run automated security testing on an ongoing basis. We also contract with a third party for penetration testing.

 

Knode.ai maintains ongoing PCI Compliance, abiding by stringent industry standards for storing, processing and transmitting credit card information online.

Knode Screenshot

Infrastructure Security

Knode.ai’s infrastructure is hosted in a fully redundant, secured environment, with access restricted to operations support staff at time of incident only. This allows us to leverage complete data and access segregation, firewall protection, and other security features that ensure the absolute minimum level of access to your data and our production infrastructure.

End-to-End Security

Knode.ai is hosted entirely on Google Cloud Platform (GCP), leveraging its end-to-end security and privacy features. Our team takes additional proactive measures such as continuous monitoring, auditing, pen test, and more, to ensure a secure infrastructure environment. For additional, more specific details regarding GCP’s security, please refer to Security, Privacy, and Cloud Compliance | Google Cloud.

Privacy

We are members of the Privacy Shield framework. For more information on Knode.ai's treatment of data, please see our Privacy Policy and Security Policy.

Data Center Security

Knode.ai customer data is hosted by Google Cloud Platform (GCP), which is certified SOC 2 Type 2. GCP maintains a list of reports, certifications, and third party assessments to ensure complete and ongoing state-of-the-art data center security.

 

GCP infrastructure is housed in Google-controlled data centers throughout the world, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access. More information on GCP data centers and their security controls can be found in Cloud Compliance & Regulations Resources.

Frequently Asked Questions:
Security and Compliance

Have additional questions about security or compliance?

bottom of page