mindfulnessKnowledge Peak
Back to Home

Security

How we protect your data and maintain a secure service

Last updated: November 8, 2024

Our Security Commitment

At Knowledge Peak, security is a top priority. We implement industry-standard security measures to protect your data and ensure the integrity of our service.

Data Encryption
Your data is encrypted both in transit and at rest

In Transit

  • • All data transmitted using TLS 1.3 encryption
  • • HTTPS enforced across all connections
  • • Secure API communications with authentication

At Rest

  • • Database encryption using AES-256
  • • Secure storage of credentials and API keys
  • • Regular security updates and patches
Access Control
Strict controls on who can access your data
  • • User authentication managed by Clerk (industry-leading auth provider)
  • • Role-based access control for team accounts
  • • Multi-factor authentication (MFA) support
  • • Automated session timeout and logout
  • • Limited employee access on need-to-know basis
Infrastructure Security
Secure hosting and infrastructure practices
  • • Hosted on secure, enterprise-grade cloud infrastructure
  • • Regular automated backups with encryption
  • • DDoS protection and rate limiting
  • • Network isolation and firewall protection
  • • Regular security monitoring and logging
Third-Party Security
Trusted partners we work with

We partner with industry-leading services that maintain high security standards:

  • Authentication: Clerk (SOC 2 Type II certified)
  • Payments: Stripe (PCI DSS Level 1 certified)
  • AI Processing: OpenAI and xAI (enterprise security standards)
  • Database: Neon (PostgreSQL with encryption)
AI Data Processing
How your content is handled during AI generation
  • • Prompts are sent securely to AI providers via encrypted connections
  • • We do not store generated article content by default
  • • AI providers process requests according to their security policies
  • • No training on your data without explicit consent
Important: Data You Should NOT Submit
Follow these security best practices to protect sensitive information

⚠️ Never Submit Highly Sensitive Data

While we implement security measures and use trusted AI providers, prompts sent to AI services may be retained according to their privacy policies. To protect your organization and customers, never include the following in your prompts:

  • Personally Identifiable Information (PII): Real names, addresses, phone numbers, email addresses, social security numbers, government IDs, dates of birth
  • Financial Data: Credit card numbers, bank account details, payment information, financial statements
  • Authentication Credentials: Passwords, API keys, access tokens, security codes, authentication secrets
  • Protected Health Information (PHI): Medical records, patient data, health conditions, treatment information
  • Trade Secrets & Proprietary Data: Confidential business information, unreleased product details, internal processes, competitive intelligence
  • Legal & Compliance Data: Attorney-client privileged information, ongoing investigation details, confidential legal matters
  • Customer Confidential Data: Non-public customer information, private conversations, confidential agreements
  • Security Information: System vulnerabilities, internal security configurations, network architecture details

✓ Best Practices for Safe Usage

  • Use Generic Examples: Replace real data with fictional examples (e.g., "John Doe" instead of real customer names)
  • Anonymize Information: Remove or redact all identifiable details before submitting prompts
  • Use Public Information Only: Base prompts on publicly available information or generalized scenarios
  • Create Templates with Placeholders: Generate content with [PLACEHOLDER] markers that you fill in manually afterward
  • Review Before Submitting: Always double-check prompts to ensure no sensitive data is included
  • Educate Your Team: Ensure all users understand these guidelines before accessing the service

🛡️ Your Responsibility

Users are solely responsible for ensuring their prompts do not contain sensitive, confidential, or regulated data. Knowledge Peak cannot control how third-party AI providers process or retain submitted information. When in doubt, do not submit potentially sensitive information.

For questions about data security or to report a security concern, contact security@knowledgepeak.ai

Incident Response
How we handle security incidents
  • • 24/7 security monitoring and alerting
  • • Documented incident response procedures
  • • Immediate investigation of potential security issues
  • • Notification to affected users as required by law
  • • Post-incident analysis and improvements
Security Best Practices for Users
How you can help keep your account secure
  • • Use a strong, unique password for your account
  • • Enable multi-factor authentication (MFA)
  • • Keep your email account secure
  • • Log out when using shared computers
  • • Report suspicious activity immediately
  • • Keep your browser and software up to date
Report a Security Issue

If you discover a security vulnerability or have security concerns, please contact us immediately:

Email: security@knowledgepeak.ai

Please do not publicly disclose security issues until we have had a chance to address them.

See also: Privacy Policy | Terms of Service | Cookie Policy