Data Security
Knock AI implements technical and organizational measures designed to protect customer data, agent information, and platform infrastructure.
1. Encryption in Transit
All data transmitted between clients, mobile applications, and Knock AI servers is encrypted using TLS 1.2+. API endpoints and web dashboards require HTTPS. Internal service communication uses encrypted channels where supported.
2. Encryption at Rest
Production databases and object storage encrypt data at rest using industry-standard algorithms (e.g., AES-256). Encryption keys are managed through our cloud provider's key management service with restricted access controls.
3. Access Controls
Production access is limited to authorized personnel on a least-privilege basis. Multi-factor authentication is required for administrative systems. Access is logged and reviewed periodically.
4. SOC 2 Compliance
Knock AI is pursuing SOC 2 Type II certification. Controls cover security, availability, and confidentiality. A formal report will be available to enterprise customers upon completion of the audit process.
5. Incident Response
We maintain an incident response plan covering detection, containment, investigation, notification, and remediation. If a data breach affecting personal information is confirmed, we will notify affected parties and regulators as required by applicable law.
6. Vendor Security
Third-party subprocessors (payment, background checks, cloud infrastructure) are evaluated for security practices and bound by data processing agreements. See our Privacy Policy for a list of key providers.
7. No Sale of PII
Knock AI does not sell personally identifiable information to third parties. Customer campaign data is processed solely to deliver the Service.
8. Contact
Security inquiries: legal@knockai.co