Why KnowStack? The Complete Workflow How Features Connect Use Case Examples Getting the Most Value
Creating Your Account First Login & Dashboard The General Flow: From Data to Knowledge Understanding Navigation
Website Crawling Email Integration Document Upload Meeting Transcripts Telegram Integration Slack Integration
Generating a Knowledge Base Iterative Generation
Viewing & Navigating AI Search Editing Content Version Management Exporting Access Control
Inviting Team Members Roles & Permissions
Profile Settings Company Settings Notifications
Plans & Pricing AI Usage & Billing
Data Protection Account Security Secure Integrations
Integration Overview Managing Integrations
Tracking Activity
Getting Help Common Issues
Common Questions

Data Protection

KnowStack takes data security seriously. Your business data is sensitive, and the platform is built with multiple layers of protection to keep it safe.

Encryption

  • Data in transit is encrypted using TLS (HTTPS) for all connections
  • Sensitive credentials (email passwords, API tokens, Telegram sessions) are encrypted at rest using AES-256 encryption
  • Database connections use SSL encryption
  • File uploads (documents, meeting notes) are stored in encrypted cloud storage (Amazon S3)

Data Isolation

All data is scoped to your company workspace. Company A cannot access Company B's data, even at the database level. Every API request validates company ownership before returning data.

Data Retention and Deletion

  • You control your data -- delete individual items, entire data sources, or Knowledge Bases at any time
  • Account deletion removes all associated data after a grace period
  • Activity stream data is retained for 120 days
  • Support ticket data is preserved with snapshot information to survive user deletion

CASA Certification

KnowStack is CASA Verified — meaning it has passed Google's Cloud Application Security Assessment (CASA), an independent security review conducted by an authorized App Defense Alliance lab. CASA is the security assessment program that Google requires for applications accessing Google user data through OAuth.

What CASA Certification Means

  • Independent review — The assessment was performed by TAC Security, an authorized App Defense Alliance (ADA) lab, not by KnowStack internally
  • OWASP ASVS standards — KnowStack was evaluated against the OWASP Application Security Verification Standard, the industry-recognized benchmark for application security
  • Comprehensive scope — The assessment covered authentication, session management, access control, input validation, cryptography, error handling, data protection, API security, and secure configuration
  • Remediated findings — All findings identified during the assessment were fully remediated and verified, including protection against path traversal, removal of external CDN dependencies, elimination of server fingerprinting, and hardening of error responses

What Was Assessed

  • Source code security — Protection against path traversal, injection, and information disclosure
  • Subresource integrity — All assets are self-hosted (no external CDN dependencies that could be compromised)
  • Error handling — No internal error details, SQL fragments, or stack traces are ever exposed to users
  • Server hardening — Server fingerprinting headers removed, unsafe HTTP methods blocked
  • Input validation — All user input validated and sanitized to prevent XSS and injection attacks
  • Session security — HttpOnly cookies, CSRF protection, secure session management
  • Credential handling — OAuth tokens and passwords encrypted at rest with AES-256

CASA certification gives you confidence that KnowStack meets the same security standards required by Google for applications that handle user data. The assessment is performed by a third-party lab independent of KnowStack.