Enterprise-grade security.
Built into every insight.
Knownwell delivers AI-driven client intelligence to teams who can't afford to compromise on data protection. Our security program is SOC 2-audited, Data Privacy Framework certified, and continuously monitored, so you can act on what matters without second-guessing where your data lives.
Security isn't a feature.
It's a foundation.
We believe AI-driven growth shouldn't come at the cost of data safety. Knownwell's security program is built on three principles that shape every product decision, every infrastructure choice, and every line of code we ship.
Proactive Compliance
We maintain a SOC 2 report and adhere to the Data Privacy Framework, ensuring our internal processes meet recognized industry standards rather than reacting to audits after the fact.
Deep Infrastructure Protection
From unique production database authentication to restricted encryption key access, our environment is hardened against unauthorized access at every layer of the stack.
Privacy by Design
We collect only what's necessary to power your insights. We do not collect personal health information or credit card data, and customer data is never used to train third-party AI models.
Defense in depth,
by category.
Our security controls are continuously monitored and mapped to the categories below. The Trust Center reflects our live status. What you see here is a curated summary.
Infrastructure Security
- Unique production database authentication enforced
- Encryption key access restricted
- Unique account authentication enforced
Organizational Security
- Asset disposal procedures utilized
- Production inventory maintained
- Portable media encrypted
Product Security
- Data encryption utilized in transit and at rest
- Control self-assessments conducted
- Penetration testing performed annually
Internal Security Procedures
- Continuity and Disaster Recovery plans established and tested
- Cybersecurity insurance maintained
- Documented internal procedures across the SDLC
Data & Privacy
- Data retention procedures established
- Customer data deleted upon account closure
- Data classification policy established
You decide
what we see.
Knownwell is built on a positive opt-in model. No data enters the platform until you explicitly authorize it, and every boundary you set is enforced before content is ever accessed.
Positive opt-in only
No data is ingested until you explicitly activate it through the Knownwell Data Hub. Knownwell cannot initiate access to your systems, and only the integrations you authorize are ever connected.
Exclusion controls
Exclude specific users, mailboxes, departments, Active Directory groups, or client domains at any time. High-sensitivity mailboxes and restricted teams can be walled off from ingestion entirely.
Sensitive filtering
Attachments are never ingested. PHI and PII are automatically redacted before storage. Internal-only communications are excluded by default, and message content is only accessed after metadata confirms an authorized match.
Responsible AI,
by default.
Because Knownwell is an AI platform, our security model goes beyond standard SaaS controls. We've built specific guardrails around how customer data interacts with AI models.
Zero-retention AI inference
Customer data sent to underlying AI models is processed under zero-retention agreements. No customer data is used to train third-party models, ever.
Data minimization at the source
We collect customer PII only as needed to deliver insights. We explicitly do not collect personal health information (PHI) or credit card data. Less data collected means less data exposed.
Audit trail for every inference
Every AI-generated insight is logged with timestamps, data sources accessed, and the model invoked. Customers can request access logs for their tenant on demand.
Who we work with.
We use a small, deliberately chosen set of subprocessors to deliver Knownwell. Our primary infrastructure is hosted on Google Cloud Platform (GCP).
Have security questions?
Most enterprise security reviews start and end at our Trust Center, but if your team has specific questions, we're always just an email away at infosec@knownwell.com.