Security - KnowledgeScout

Encryption

Data at rest

Every customer database is independently encrypted using AES-256. Each customer gets a unique encryption key. Compromising one database does not expose any other customer's data. Backups are encrypted at rest and stored off-server.

Data in transit

All traffic is encrypted with TLS 1.2+. HTTP connections are automatically redirected to HTTPS. We enforce strict SSL between our edge network and origin servers.

API keys and secrets

BYO AI keys are encrypted at application level on top of database-level encryption.

Data isolation

Every customer gets their own separate database. There is no shared database between tenants. One customer's queries cannot access another customer's data. This is physical isolation, not just row-level permissions in a shared database.

Data residency

You choose where your data lives when you sign up. We currently offer three regions:

Sydney, Australia (AU/NZ)
London, United Kingdom (UK/EU)
Dallas, United States (US and rest of world)

Your data stays in the region you choose. It does not replicate across regions.

Infrastructure

KnowledgeScout runs on dedicated high-performance servers with NVMe SSD storage in each region. Our edge network provides DDoS mitigation, bot management, Web Application Firewall (WAF), and automatic threat blocking in front of all traffic.

Backups and recovery

Customer databases are backed up nightly and stored encrypted off-server. We retain daily backups for 7 days, weekly for 4 weeks, and monthly for 3 months.

Because each customer has their own database, we can restore a single customer's data without affecting anyone else.

Access controls

Role-based access within each tenant (Reader, Editor, Admin)
Read acknowledgements for compliance tracking
Audit trails for content changes (version history with rollback)
Custom branding and subdomain per tenant

Audit trail and accountability

Every article has a version history. Every change is tracked: who wrote it, who approved it, who acknowledged reading it, and when. You can show a regulator exactly what your stated policy was on any given date, not what an AI happened to synthesise across your systems that day.

For AI agents that write back to your knowledge base, every draft lands in a human review queue. Nothing publishes itself. The audit trail captures both human and agent contributions, with the same versioning either way.

AI and your data

Our AI chatbot is grounded in your knowledge base. It does not use the internet, other customers' data, or any external sources. If the answer is not in your content, it says so.

Your content is never used to train AI models. AI queries are processed through our AI provider's API (or your own API key on Business and Enterprise plans) and are subject to data processing terms that prohibit training on customer data.

Business and Enterprise customers can bring their own AI API keys (OpenAI, Anthropic, Azure, self-hosted models) for full control over AI processing.

Analytics and tracking

We use cookie-free analytics on both our website and our platform -- no tracking cookies, no consent banners, and we never share your usage data with third parties. We hold ourselves to the same standard we ask our customers to hold.

Website: Plausible Analytics (Estonia, EU) and Cloudflare edge analytics -- both aggregate-only, no cookies, no personal data stored.
Platform: PostHog -- cookie-free product analytics for understanding feature usage. No personal data retained in identifiable form.
Error monitoring: Sentry -- application error tracking for rapid diagnosis. Error reports include stack traces and anonymised technical data. No customer content is captured.

Authentication

Email and password authentication with secure password hashing
Passwordless email sign-in (one-time code, no password required)
Sign in with Microsoft (Entra ID) and Sign in with Google
Session-based authentication with CSRF protection

Sub-processors

We use a small number of trusted sub-processors. A full list is available at knowledgescout.io/legal/subprocessors.

Questions?

If you have security questions or need more detail for a procurement review, contact us at hello@knowledgescout.io.