Privacy Policy

    Privacy Policy

    Last updated: July 28, 2025

    TLDR

    • SOC 2 Type 2 Compliant: All services and infrastructure meet SOC 2 Type 2 security standards.
    • Zero Data Training: We never use Google Workspace data (or any connected source data) to train generalized AI or ML models.
    • Product Separation:
      • Knapsack Assistant: Local-first, zero-knowledge, no cloud storage, no retention after processing unless linked to Studio with user consent.
      • Knapsack Studio: Cloud-hosted, collaborative, encrypted, with a 30-day data retention policy.
      • Knapsack Memory: Cross-application context storage with 30-day default retention unless pinned by the user.
    • Your Rights: Full GDPR and CCPA rights, including access, deletion, correction, portability, and non-discrimination.
    • Data Sharing: No sale of personal information; sharing only with trusted service providers under strict contractual privacy obligations.
    • Security: End-to-end encryption, strict access controls, and regular security audits.
    • Opt-Out & Consent: You control optional data sharing and can opt out by contacting privacy@knap.ai.

    Full Policy

    1. Scope

    By using our services, you agree to the practices described in this Privacy Policy. If you do not agree, discontinue use of our services. Continued use constitutes your informed consent.

    2. Product-Specific Privacy Approaches

    2.1 Knapsack Assistant on Desktop (Local & Ephemeral)

    • Processes data locally where possible.
    • When cloud inference is needed, data is routed securely to SOC 2 Type 2-compliant partners (e.g., Groq) and deleted immediately after processing.
    • No content is retained after processing unless explicitly saved by you or unless linked to Studio with your consent..

    2.2 Knapsack Studio (Cloud-Hosted Collaboration)

    • Securely hosts your uploaded or created content.
    • Encrypted at rest and in transit.
    • Retains content for 30 days by default unless deleted sooner by you.

    2.3 Knapsack Memory (Cross-App Context)

    • Stores contextual links across applications to improve workflow continuity.
    • Default retention is 30 days unless explicitly pinned for longer use.
    • You control whether Memory captures cross-application context.

    3. Types of Data Collected

    • Personal Data: Name, email, phone number, and voluntary information.
    • Usage Data: IP address, device type, browser type, visited pages, timestamps, and diagnostic data.
    • Cookies & Tracking: Used for authentication and performance. Disabling cookies may reduce functionality.
    • External Data: From integrations you authorize (e.g., CRM, calendar, email systems).

    4. Use of Data

    • Deliver, maintain, and improve services.
    • Provide customer support and communicate updates.
    • Ensure security and prevent fraud.
    • Comply with legal and regulatory obligations.

    5. Sharing of Data

    • Only with service providers under strict contractual privacy obligations.
    • For legal compliance, safety, or fraud prevention.
    • In business reorganizations or acquisitions under equivalent privacy safeguards.
    • Never for sale of personal information.

    6. Retention of Data

    • Assistant: No post-processing retention.
    • Studio: 30-day default retention.
    • Memory: 30-day default retention unless pinned.
    • Extended retention only when legally required.

    7. Data Transfers & Frameworks

    • Complies with the EU-U.S. Data Privacy Framework (DPF) and UK/Swiss extensions.
    • All data transfers are secured and adhere to DPF Principles.

    8. Choice & Consent

    You can opt out of:

    • Data sharing beyond original purposes.
    • Optional processing unrelated to core functionality.
      Contact privacy@knap.ai to exercise these choices.

    9. Your Rights (GDPR & CCPA)

    • Know & Access: Categories and specific pieces of data collected.
    • Delete: Request deletion of data we collected.
    • Correct: Update inaccurate information.
    • Portability: Obtain portable copies of your data.
    • Non-Discrimination: No discrimination for exercising privacy rights.
    • Authorized Agents: Can act on your behalf with written consent.

    10. Limits to Privacy

    Links to external sites are provided for convenience. We are not responsible for their content or privacy practices. Data provided to third parties is subject to their policies.

    11. Security

    • End-to-end encryption for sensitive data.
    • Strict access controls and monitoring.
    • Annual security training and SOC 2 Type 2 certification for systems and processes.
      No method of transmission or storage is 100% secure, but we maintain commercially reasonable safeguards.

    12. Children’s Privacy

    We do not knowingly collect data from individuals under 16. Contact us if you believe such data has been provided.

    13. Changes to This Policy

    We may update this Privacy Policy and will notify users by updating the “Last Updated” date and, for major changes, via email or in-product notice.

    14. Contact Us

    • Email: privacy@knap.ai
    Illustration of man hiking through valley
    Automate your day to day

    Safe, simple, personalized AI

    Chat with your data. Automate task completion.