How we protect your knowledge base and questionnaire data.
At KBPilot, security is not an afterthought—it's foundational to everything we build. We understand that your Knowledge Base contains sensitive business information, competitive intelligence, and proprietary processes. Your data's protection is our highest priority, and we've implemented industry-leading security practices across our entire platform.
All data in KBPilot is protected using military-grade encryption standards:
Every file, document, and record stored in KBPilot is encrypted at the application layer using the Advanced Encryption Standard (AES) with 256-bit keys. This means even if someone gained physical access to our servers, they could not read your data without the encryption key.
When data travels between your browser and our servers, or between our infrastructure components, it is encrypted using TLS 1.3. This prevents eavesdropping or interception of your information over the network.
Each customer account has its own unique encryption keys. This means even our infrastructure providers cannot access the content of your Knowledge Base or questionnaires without these keys. Complete cryptographic isolation ensures your data remains yours alone.
KBPilot is hosted on Amazon Web Services (AWS), one of the world's most trusted cloud providers. Our infrastructure benefits from AWS's comprehensive security posture:
The underlying AWS infrastructure is independently audited and SOC 2 Type II certified. This means a third-party firm has verified that AWS maintains controls around security, availability, processing integrity, confidentiality, and privacy.
Your data is stored in US-based AWS regions only. Data never leaves US infrastructure, ensuring compliance with data residency requirements and reducing latency for North American users.
Your Knowledge Base is the crown jewel of KBPilot. We've implemented multiple layers of isolation to protect it:
Each Knowledge Base is stored in isolated, access-controlled storage. Only you and team members you explicitly grant access to can view the contents. We use role-based access control (RBAC) to ensure the principle of least privilege—each team member has only the permissions they need.
You can optionally protect your Knowledge Base with an additional password layer. This means even if a team member has account access, they cannot view the raw content of your KB without entering the KB-specific password. This protects against accidental disclosure and provides an additional barrier against compromised accounts.
All access to Knowledge Base content is logged. You can view who accessed your KB, when, and what they did. This transparency helps you detect unauthorized access and maintain compliance with internal policies.
When you use KBPilot's AI-powered questionnaire features, your data is processed securely:
Questionnaire content is sent to OpenAI's API for processing. We have executed a Data Processing Agreement with OpenAI that explicitly prohibits using your data to train or fine-tune their models.
Your Knowledge Base content is never used to train AI models. Inference processing is temporary and not retained for model improvement.
OpenAI does not store your questionnaire content or Knowledge Base excerpts at the model layer. Data used for inference is processed and then discarded according to OpenAI's data retention policy (30 days for non-abuse cases).
All communication with OpenAI's API is encrypted in transit using TLS 1.3. Your data is never transmitted in plain text.
We protect your account with strong authentication mechanisms:
Passwords are hashed using bcrypt with salt, making them resistant to brute-force attacks. We enforce reasonable password complexity requirements to ensure account security.
Multi-factor authentication (MFA) is coming soon to KBPilot. MFA will require you to verify your identity using a second factor (time-based one-time password, authenticator app, or email) in addition to your password, significantly reducing the risk of account takeover.
We take security vulnerabilities seriously and have established a responsible disclosure program:
If you discover a security vulnerability in KBPilot, please report it responsibly to security@kbpilot.ai. Do not disclose vulnerabilities publicly until we have had time to patch them.
We commit to acknowledging vulnerability reports within 24 hours and providing a timeline for patching within 2 business days. Critical vulnerabilities that enable unauthorized access or data exposure are patched within 24 hours when possible.
Your data is yours, and you have full control over it:
You can delete your account at any time through your account settings. Upon deletion, all associated data including user profiles, questionnaires, Knowledge Base documents, and session records are securely purged within 30 days.
Our deletion process complies with GDPR's right to erasure (Article 17), CCPA/CPRA, and other privacy regulations. We document all deletion requests and maintain deletion logs for compliance verification.
We invite security researchers to help us keep KBPilot secure. If you find a vulnerability:
Email us at security@kbpilot.ai with details about the vulnerability. Include:
Help us maintain KBPilot's security and earn our appreciation. Thank you for caring about security.
If you have questions about KBPilot's security practices, please contact us at security@kbpilot.ai. We're happy to discuss our security measures, provide additional documentation, or answer any concerns you may have about data protection.