Skip to main content
All CollectionsData Security & Privacy
How does Keymate handle my data privacy?
How does Keymate handle my data privacy?

How we store your information, how we use and delete PDFs, our storage and security protocols and how we respond to any security issues.

Philip Delvecchio avatar
Written by Philip Delvecchio
Updated over a week ago

Data privacy measures at Keymate.AI

At Keymate, we take privacy and security very seriously. It has been our principle vision from the start to make this our primary priority.

So what does this mean for you when using Keymate? I will explain through a series of questions.

Are you using my data for training?

We do not use any of your information, chats, prompts, or PKB for training. However, if you are using Keymate as a plugin then ChatGPT still has the ability to train with your data. You can choose to disable this within ChatGPT.

If you are using the Keymate Ultimate WebApp, your data is not being used for training.

Where and how is my information stored?

We store your data as embeddings encrypted with the OAuth protocol using enterprise level Pinecone.io db on Azure and AWS. We utilize the most secure tier of Pinecone and their data safeguards are SOC2 Type II certified. You can learn more about Pinecone's security protocols here.

In addition, both Pinecone and AWS are HIPAA compliant.

โ€‹

Our cloud service provider Amazon Web Services (AWS) regularly undergoes independent verification of security, privacy, and compliance controls against the following standards: ISO/IEC 27001, ISO/IEC 27017, SOC 1, SOC 2, SOC 3, PCI DSS, HIPAA, CSA Star, FedRAMP and many others. You can learn more about AWS's security protocols here.

How is the data is encrypted, stored, and transmitted within your platform?

  • All data is encrypted in transit with at minimum TLS1.2.

  • As data is stored within a hosted platform serviced by Amazon (AWS), encryption is built in by default for all data at rest. We use Amazon EBS encryption for all resources associated with our EC2 instances. AWS KMS keys are used when creating encrypted volumes and snapshots, and only we have access to the KMS.

Do you comply with any data protection regulations like GDPR, CCPA, or HIPAA? If so, could you provide documentation to support this?

We are compliant based on the way we store and process information, however the service is not intended to manage large stores of sensitive data. Any personal data that is stored and processed is subject to all the normal controls that are also used by OpenAI. We manage the data in such a way that we could achieve certification against a number of different standards, but at this stage in our development we have not certified against them formally.

Have you undergone any third-party security audits? If yes, are you able to share the results?

At this stage of our growth, we have not yet formally delivered an external security audit. We do have a security and audit expert who is working with us currently to ensure we build and manage the platform in such a way as to be able to pass any rigorous audits as needed.

What measures do you have in place to handle potential data breaches?

  • Our service is hosted within AWS and we leverage the extensive security functionality provided for this purpose. Any detection of malicious activity is immediately investigated by one of our team members, including a security expert with over 20 years experience in incident management. Any indication of data loss would trigger our incident response process which includes communication to any impacted parties within 24 hours.

  • We use: Amazon Cogito to identify brute force authentications and sham login attempts; CloudTrail to monitor and records API requests; CloudFront as DDoS attack protector; Amazon Inspector to assesses the security of our apps.

What do you do with my PDFs when I upload them?

We delete your PDFs 2 days (max) after you upload them. They are uploaded so they can be read into your Keymate Memory and then deleted. You can delete your Keymate Memory at any time. More info on how to train your Keymate memory with PDFs here.

What if I want you to delete all of my information?

You can at any time request that we delete all of your information. Simply email [email protected] with the request and we will do so promptly.

If you simply want to delete your personal knowledge base, you can prompt at any time to "delete my PKB" or "delete my personal knowledge base" and your knowledge base will be completely deleted.

IMPORTANT: once you delete your PKB, it is NOT retrievable so please use caution when deleting.

Important notes:

  • Date retention is dependent on the type of data. Any data in the knowledgebase is kept until either you delete it manually, or if your account expires and there is no activity it will be deleted by default within 30 days.

  • Some of the data relating to the service, such as logs useful for diagnosis or forensic investigation, may be kept for up to 12 months. However, these logs do not contain customer data, only access logs, relevant status and error messages, and service telemetry.

  • Backups are automated as part of the service provided within AWS, however backups are constantly cycled and the default retention is 7 days. If you removed your knowledgebase, there would be no live database with that data and any previous backups would be deleted after 7 days.

Related Articles
Does Keymate.AI use my data to train AI?
Where and how is my data stored?
How is my data encrypted, stored, and transmitted by Keymate.AI?
Do you comply with data protection regulations (GDPR, CCPA, HIPAA, etc)?
What measures do you have against potential data breaches?
Did this answer your question?