Book your free demo

Discover how our product can simplify your workflow. Schedule a free, no-obligation demo today.

    Social Media:

    Privacy Your Data, Your Rights

    Privacy Policy

    Table of Contents

    This Privacy Policy describes how Knowella AI Inc., dba Knowella, a Delaware corporation (“Knowella,” “we,” “us,” or “our”), collects, uses, discloses, and protects Personal Information when individuals (“you”) interact with:

    • Our websites, including https://www.knowella.com (the “Sites”); and
    • Our cloud-based platform, mobile apps, browser extensions, agentic‑AI tools, integrations, and related services (the “Services”).

    By using our Sites or Services, you acknowledge this Privacy Policy.

    Definitions

    • Personal Information: Information that identifies or can reasonably be linked to an identifiable individual.
    • Customer Data / Your Content: Prompts, files, documents, media, and other data you submit to the Services.
    • Outputs: AI-generated responses produced by the Services.
    • Service Telemetry: Non-content usage and diagnostic metadata (e.g., performance metrics, timestamps, error logs).
    • De‑identified Data: Data that cannot reasonably be used to identify an individual and that we commit not to re-identify.
    • Aggregated Data: Statistical data derived from Personal Information that cannot identify an individual.

    Information We Collect

    Information you provide

    • Account details: name, business email, phone number, company, role/title, password.
    • Communications: support tickets, emails, call notes, survey responses.
    • Your Content: prompts, files, documents, or other materials you upload or connect to the Services.
    • Billing: payment details handled by our payment processor (we do not store full card numbers).

    Information collected automatically

    • IP address, device and browser type/version, operating system, referring URLs, pages viewed, session duration, and similar analytics signals.
    • Cookies, pixels, tags, SDKs, and local storage for authentication, security, performance, and analytics (see §4).

    Information from integrations

    • IDs and access tokens needed to connect third‑party services you authorize.
    • Diagnostic data from service providers used to support and secure the platform.

    We do not intentionally collect protected health information (PHI), GLBA “customer information”, biometric identifiers, or consumer health data. If such data is uploaded inadvertently, contact us for removal.

    How We Use Information

    We use Personal Information to:

    • Provide, operate, and support the Services;
    • Authenticate users, secure accounts, and prevent fraud/abuse;
    • Deliver AI‑powered features including agentic workflows and RAG retrieval;
    • Communicate onboarding, service alerts, and product updates;
    • Monitor performance, debug issues, and improve reliability and quality;
    • Comply with applicable laws and enforce our Terms of Service.

    AI, LLM, and RAG Disclosures

    • We do NOT use Your Content to train or fine‑tune foundation models.
    • We may use De‑identified/Aggregated Data and Service Telemetry to operate, evaluate, secure, and improve platform performance and safety.
    • If we use third‑party model providers, they are bound by contracts that prohibit retaining or using Customer Data for their own model training.
    • AI Outputs may contain inaccuracies or be incomplete; you are responsible for reviewing Outputs before relying on them for consequential decisions.

    Cookies, Pixels, Analytics

    We use cookies and similar technologies to:

    • Enable secure sign‑in and core functionality;
    • Measure and enhance Site performance;
    • Improve user experience.

    Video Content & VPPA Considerations

    Where our Sites include embedded/streamed video, we configure analytics to avoid transmitting identifiable video‑viewing data to third parties. If a scenario requires identifiable video‑tracking, we will seek explicit consent first.

    You may manage cookies via your browser settings. Where required by law, we honor Global Privacy Control (GPC) signals.

    How We Share Information

    • Service providers/subprocessors: cloud hosting, analytics, communications, security, and payments—bound by confidentiality and data‑protection terms; no secondary use.
    • Integrations you enable: third‑party tools you explicitly connect to the Services.
    • Professional advisors: auditors, legal counsel, and similar advisors under confidentiality.
    • Legal and safety: to comply with law or lawful process, and to protect rights, property, and safety.
    • Corporate transactions: in connection with mergers, acquisitions, financings, or asset transfers, subject to continued protections.

    We do not sell Personal Information and we do not share Personal Information for cross‑context behavioral advertising.

    Data Retention

    By default, we retain Personal Information for up to three (3) years to support product functionality, security, audit, and continuity. We may retain data longer where required by law, contract, dispute resolution, or to enforce our rights. When retention is no longer necessary, we delete or de‑identify the data.

    Security

    We maintain a comprehensive information security program with administrative, technical, and physical safeguards appropriate to the nature of the data:

    Administrative Controls

    • Role‑based access control (RBAC) with least‑privilege;
    • Staff confidentiality obligations and background checks, as applicable;
    • Mandatory privacy and security training;
    • Multi‑factor authentication for privileged and production access.

    Technical Controls

    • Encryption in transit (TLS 1.2+) and at rest (AES‑256);
    • Network segmentation and firewalling;
    • Secure secrets management and regular rotation;
    • Continuous vulnerability scanning and patch cycles;
    • Centralized logging, audit trails, and integrity monitoring;
    • DDoS and intrusion protections.

    Cloud Architecture & SDLC

    • Environment isolation across GCP, AWS, and Azure (U.S. regions);
    • Hardened images/containers, automated scaling, zero‑trust access principles;
    • Secure development lifecycle with 2‑week sprints, peer code reviews, regression and load testing, and release notes for production deployments.

    Auditing & Monitoring

    • Logs across front‑end, back‑end, databases, and microservices;
    • Automated alerting for anomalies and infrastructure bottlenecks.

    Backups & Disaster Recovery

    • Daily full backups, differential backups every 4 hours, and hourly log backups;
    • Disaster‑recovery environment in a distinct geographic region;
    • Periodic restoration tests.

    Incident Response

    If an incident materially impacts Personal Information, we will investigate, contain, and notify affected customers within 72 hours of confirmation (or sooner if required), and support remediation.

    Cloud providers we utilize may hold their own independent certifications (e.g., SOC 2). Such certifications relate to those providers and do not imply certification for Knowella.

    International Transfers & Cloud Hosting

    We operate a multi‑cloud architecture for resiliency and availability:

    • Google Cloud Platform (GCP) — U.S. regions
    • Amazon Web Services (AWS) — U.S. regions (and Canada if contractually required)
    • Microsoft Azure — U.S. regions

    Default residency. Customer data is stored in the United States by default. Where a customer contract requires it, we may provision dedicated workloads or DR replicas in Canada. Regardless of provider or region, we apply the same security and privacy controls described in this Policy.

    If Personal Information is transferred across borders, we implement appropriate safeguards (e.g., contractual commitments, access controls, encryption, and least‑privilege).

    Third‑Party Tools, Integrations, and Marketplace Apps

    If you connect third‑party tools (e.g., Slack, Teams, Jira, Google Workspace, Microsoft 365):

    • We exchange only the data necessary to enable the integration;
    • The third party’s privacy policy governs their handling of data;
    • You may disconnect integrations at any time;
    • We are not responsible for third‑party privacy/security practices.

    Review third‑party policies before enabling integrations.

    Your Privacy Rights (United States)

    Depending on your U.S. state, you may have rights to access, delete, correct, and obtain information about our processing of your Personal Information. To submit a request, contact us at support@knowella.com. We may request information to verify your identity.

    We will not discriminate against you for exercising any privacy rights available under applicable law.

    California Privacy Rights (CCPA/CPRA)

    If you are a California resident, you have the right to:

    • Know/Access: the categories and specific pieces of Personal Information collected, the sources, purposes, and categories of disclosures;
    • Delete: request deletion of Personal Information, subject to lawful exceptions;
    • Correct: request correction of inaccurate Personal Information;
    • Opt‑out of Sale/Sharing: we do not sell or share Personal Information for cross‑context behavioral advertising;
    • Non‑discrimination: we will not deny goods/services, charge different prices, or provide a different level/quality of services for exercising your rights.

    How to exercise California rights: email support@knowella.com with the subject “California Privacy Request.” We will verify requests as required by law and respond within the statutory timeframe.