Trust

Security

Security isn't a feature we bolt on. It's foundational to every layer of the platform.

Last updated: April 12, 2026

Encryption everywhere

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). File vault contents use an additional layer of per-file encryption with unique keys.

Access control

Role-based access control (RBAC) across every module. Organization admins define who can view, edit, share, and delete. Two-factor authentication is available for all accounts.

Audit trails

Every significant action is logged with who, what, when, and where. Audit logs are immutable and available to organization admins for compliance reporting.

Identity verification

KnowtivID provides biometric face enrollment and document verification for high-security workflows. Biometric data is encrypted and can be deleted by the user at any time.

Forensic watermarking

Sensitive documents in the Secure File Vault are watermarked with invisible forensic markers, enabling traceability in the event of unauthorized distribution.

SSRF & injection protection

All external requests pass through a DNS-aware safe-fetch layer that blocks SSRF attacks. Inputs are sanitized against SQL injection, XSS, command injection, and prompt injection.

AI and Your Data

We never use your data to train AI models — ours or anyone else's. When you use AI-powered features, your inputs are processed to generate a response and are not retained beyond a 30-day debugging window. AI interactions are logged in aggregate for quality monitoring; personal content is never included in those aggregates.

Infrastructure

  • Application and database servers are hosted in secure, SOC 2-compliant data centers
  • Automated backups with point-in-time recovery
  • Network segmentation isolates customer data from public-facing services
  • Continuous monitoring for anomalies and intrusion detection
  • Regular penetration testing and vulnerability assessments

Data Handling

  • Tenant isolation ensures your organization's data is never mixed with another's
  • Soft-delete with configurable retention periods before permanent removal
  • Data export available on request for portability (GDPR Article 20)
  • Secure file vault with per-file encryption keys and access policies
  • Token encryption for third-party connector credentials (OAuth tokens, API keys)

Compliance

Knowtiv is designed with GDPR, CCPA, and general data protection principles at its core. We support Data Subject Requests (DSR), consent management, data retention policies, and audit-ready logging. Organizations in regulated industries can leverage KnowtivID, immutable audit trails, and document watermarking to meet their compliance requirements.

Incident Response

In the unlikely event of a security incident, we follow a structured response process: containment, investigation, notification, and remediation. Affected users and organizations will be notified within 72 hours of confirmed incidents, in accordance with applicable regulations.

Responsible Disclosure

If you discover a security vulnerability in Knowtiv, we encourage you to report it responsibly. Please contact us at security@knowtiv.com with details of the vulnerability. We are committed to investigating and resolving confirmed issues promptly, and we will not take legal action against researchers who follow responsible disclosure practices.

Questions?

For security-related questions or concerns, reach out to security@knowtiv.com or visit our Contact page.