Skip to main content
ENTERPRISE TRUST

Security & Data Residency

How Knoq handles your data. Designed for teams whose security review asks hard questions: what is stored, where it lives, and who can see it.

What Knoq persists

The persistence surface is deliberately small. Everything Knoq writes to its own database is listed below — nothing more.

Encrypted OAuth tokens

Every source-tool credential is encrypted with AES-256 via lib/crypto.ts before it touches disk.

Session + event metadata

Chat session rows, event IDs, timestamps, and status markers used to render transcripts.

Usage counters + costs

Per-session token counts and cost data for billing and analytics.

Append-only audit log

Org-level and platform-level audit trails. Rows are never updated or deleted.

Verified answers

Answers your experts have marked as canonical for your organisation.

Per-user agent memory

Encrypted preference and context store, scoped strictly to (org, member).

Anthropic event payloads

Tool-result content above a size threshold is redacted before persistence.

Not persisted

  • Full document bodies from source tools (Notion pages, Slack threads, GitHub files, etc.)
  • Live tool-result content beyond the session lifetime
  • Agent reasoning chains beyond the metadata needed to replay a transcript

Real-time MCP queries

Knoq does not crawl, index, or copy your source tools. When you ask a question, the agent queries each connected tool over the Model Context Protocol (MCP) at request time, reads just what it needs to answer, and returns.

This means deletes, permission changes, and edits in your source tools are reflected immediately on the next query. There is no stale mirror of your data to drift out of sync, leak, or be exfiltrated.

Permission inheritance

Knoq accesses only the data that your own OAuth token already permits in the source tool. If you cannot read a Notion page or a private Slack channel today, Knoq cannot read it on your behalf either.

Revoke the token in the source tool and access ends immediately. There is no separate service account with elevated scopes and no back-channel into your workspace.

Compliance

The architecture supports the following frameworks. Copy is kept precise because the wrong word here is worse than no word.

SOC 2 Type II readiness

Architected to the SOC 2 Type II control set. Formal attestation is in progress; Knoq does not currently claim SOC 2 certification.

GDPR data minimisation

We persist only what is required to operate the service. Agent memory and account data can be deleted on request.

CCPA

California residents can request disclosure and deletion of personal data stored about them.

Token lifecycle

How OAuth credentials live, refresh, and die inside Knoq.

Encryption at rest

AES-256 via lib/crypto.ts before any token row is written to Postgres.

Encryption in transit

TLS 1.2+ between your browser, Knoq, Anthropic, and every MCP server.

Automatic refresh

Tokens are refreshed roughly 5 minutes before expiry so sessions never break mid-query.

User-initiated revocation

Disconnect any connector from /settings/integrations. Tokens are deleted from Knoq and the OAuth grant is revoked upstream.

Compliance + transparency

Trust Center & subprocessors

Certifications in flight, current subprocessor register, and how to request security reports under NDA.

Trust Center Subprocessors
Interactive

See exactly what flows where

The Data-Flow Inspector traces a single query through Knoq, your MCP servers, and Anthropic — annotating every hop with what is transmitted, what is persisted, and what is discarded.

Open the Data-Flow Inspector

Updates

Material changes to how we handle customer data, dated. Subscribe by watching /security/subprocessors — enterprise MSA customers receive email notice 30 days before any new subprocessor begins processing their data.

  1. Initial public subprocessor register published

    Subprocessors

    Every third-party service that processes customer data is now listed with purpose, region, and compliance posture.

    Read more

  2. Data Processing Addendum available under MSA

    Policy

    Enterprise customers can request our DPA and signed subprocessor notice list at security@knoq.one.

  3. SOC 2 Type I observation window opened

    Compliance

    Knoq is operating under SOC 2 controls while the Type I audit is in progress. Type II scheduled.

    Read more

  4. AES-256-GCM encryption enforced on every OAuth token

    Architecture

    All connector credentials stored in Knoq are encrypted at rest via lib/crypto.ts before they reach the database.

  5. Retention policy published

    Policy

    Primary-storage purge within 30 days of org deletion. Backup purge within 90 days.

Got a deeper question?

Security teams, vendor reviewers, and compliance officers — reach us directly. We answer questionnaires, share sub-processor lists, and walk through the architecture on request.

security@knoq.one

Retention policy

How long each class of data lives, measured from the event that starts the clock.

Active organizationRetained indefinitely while the org is active.
Deleted organizationPurged from primary storage within 30 days.
Neon database backupsPurged within 90 days.