How is your note taking more compliant than other services?

Knapsack is designed with compliance at its core, ensuring that all notes taken meet the highest industry standards for data protection and regulatory requirements. Unlike other services, Knapsack offers end-to-end encryption, including enabling transcripts are saved automatically for Books and Records requirements. For enterprise clients, we enable organizations to maintain a clear record of access and changes for compliance purposes. Furthermore, we are working to integrate our platform seamlessly with existing compliance tools to streamline oversight and reporting.

How does Knapsack ensure data privacy?

Knapsack employs state-of-the-art encryption for data at rest and in transit, ensuring that your information is secure from unauthorized access. We also prioritize zero-knowledge architecture, meaning we never have access to the contents of your files or notes. Knapsack undergoes regular penetration testing and adheres to GDPR, HIPAA, and CCPA guidelines to provide peace of mind for data privacy.

How does Knapsack support FINRA compliance?

Knapsack offers robust tools to support FINRA compliance, including automated archiving of notes, activity logs, and communication records. These features ensure that all necessary records are securely stored in a tamper-proof format and are easily retrievable during audits. Knapsack also provides tools to flag non-compliant content, helping financial advisors proactively adhere to FINRA's strict regulatory standards.

Can Knapsack provide customized compliance solutions?

Yes, Knapsack offers tailored compliance solutions to meet the unique needs of your organization. Our platform can be configured to align with your specific regulatory environment, whether it's SEC, FINRA, HIPAA, or international data protection laws. We also provide APIs and integration options for enterprise customers to work seamlessly with your existing compliance and governance systems.

How can I trust that Knap Inc does not have access to the files and emails I share with Knapsack?

Knapsack employs a zero-knowledge architecture, which ensures that we cannot access or view your data under any circumstances. All files and emails are encrypted on your device before they are stored or transmitted, and only you hold the keys to decrypt them. Additionally, our SOC 2 compliance and regular third-party audits provide further assurance that your data remains private and secure.

What is the name and address of your firm? How long have you been around? How are you financed?

Knap Inc is a Delaware C-Corp based at 620 28th Ave, San Francisco CA 94121 USA. The company has been active since 2023. We are venture backed from top tier investors including Accel, Everywhere Venture, K5 Tokyo Black, Data Tech Fund, and Half Court Ventures.

How do your products work from a data security point of view?

We have two different products: The Knapsack app (which includes a Pro version) pulls in data from cloud services, stores it on your computer, and then runs inference in the Groq cloud, but deletes the prompt and output immediately, a concept commonly called "ephemeral compute." The Knapsack Studio (commonly used in our Enterprise offering) is a web application that pulls data in from enterprise applications and runs AI inference on AWS Bedrock. However, we still focus on an ephemeral compute model, hosting as little data as possible.

Compliance and Security

At Knapsack, your trust is our top priority. We understand that data security and privacy are critical to our users, and we are committed to meeting the highest standards in these areas. The foundation for this is our privacy policy.

How we keep your data private

Here is a quick explainer you can send to your IT or compliance manger if you are trying to sign into Knapsack via Microsoft or Google and are blocked.

"Knapsack is a SOC2 Type 2 and HIPAA compliant AI tool that allows me to be more productive. It only access the data it needs to run those operations, never trains on our data, and deletes the data within 30 days. You can see more on www.knapsack.ai/compliance."

Knapsack Studio (including Outreach)

The Studio also uses ephemeral compute, but it stores your chat conversations and the content of your Knaps for you to access in the browser. We never train on your data; we never sell your data to AI companies (or anyone else).

Knapsack Memory

Memory allows you to connect your data across AI systems. So if you have years of context saved in one chatbot, you can connect it to another chatbot from a different company and you'll be able to access that context. Just like with Knapsack Studio, we do not train on this data or sell it to anyone.

Illustration of a lone hiker in a lush field

Current Compliance

We are proud to be SOC 2 Type 2 Compliant. We're also HIPAA compliant, ensuring that sensitive health data is protected in accordance with the strictest regulations. This demonstrates our ongoing commitment to safeguarding personal and confidential information.

For users who use cloud inference, we use Groq, who are also SOC 2 Type 2 compliant.

Talk to Our Team

Have Questions? Let's Talk

We actively engage with our users to ensure our compliance efforts align with the industry’s most trusted standards. Your feedback plays a vital role in shaping how we prioritize and implement security measures, and we are always ready to listen to your concerns.

Get in touch

Secure by Design

Knap never stores your files to the cloud. After looking through local files, the Knapsack app will send snippets of documents, along with your prompt, to a SOC2 compliant inference cloud called Groq for processing. These snippets and prompts are immediately deleted after your response is returned.

Read the Whitepaper

Frequently Asked Questions

Have Questions?

Please reach out if you have questions, we're always happy to chat.

Loading...

Future proofing

In addition to HIPAA, we are actively working towards full compliance with:

CCPA: So we meet the privacy rights and data protection standards expected in California and beyond.
GDPR: Aligning with the rigorous privacy requirements for protecting user data in the European Union