Security
KnowledgeBricks is built on infrastructure that enterprise teams rely on. This page explains the controls in place so your security team can make an informed decision.
Infrastructure
Section titled “Infrastructure”All application workloads run on Vercel (Enterprise network), which maintains SOC 2 Type II certification and ISO 27001 compliance. Traffic is served over TLS 1.2+ with HSTS enforced. Vercel edge infrastructure provides DDoS mitigation and regional request routing.
Authentication
Section titled “Authentication”User identity and session management are handled by Clerk, which holds SOC 2 Type II certification. Clerk issues short-lived JWTs; session tokens are never stored in our database. Multi-factor authentication is available on all accounts. Single sign-on (SSO/SAML) is available for enterprise plans — contact us to configure it for your organisation.
Data storage
Section titled “Data storage”Knowledge-base content and subscription metadata are stored in Supabase, which provides Postgres databases with encryption at rest (AES-256) and in transit (TLS). Supabase infrastructure is hosted on AWS and holds SOC 2 Type II certification. Row-level security policies restrict data access to the authenticated user’s own records.
AI queries
Section titled “AI queries”Ask-a-SME queries are processed by the Anthropic API (Claude). Queries are not retained by Anthropic beyond the immediate response and are never used to train models under the current Business API terms. We do not store the full text of your queries after the session ends; only aggregate usage counts are retained for billing and rate-limiting.
Data isolation
Section titled “Data isolation”Each user’s subscription tier and usage data is isolated at the database level. There is no shared query history between accounts. Content access is enforced server-side on every request — client-side tier checks are supplementary only.
Payment security
Section titled “Payment security”Payments are processed by Stripe, which holds PCI DSS Level 1 certification. KnowledgeBricks never receives or stores raw card data. Stripe processes and tokenises all payment information before any data reaches our systems.
Vulnerability disclosure
Section titled “Vulnerability disclosure”If you discover a security vulnerability, please email security@knowledgebricks.com with a description of the issue and reproduction steps. We aim to acknowledge reports within 2 business days and resolve confirmed vulnerabilities within 30 days. We ask that you give us reasonable time to address the issue before public disclosure.
Data deletion
Section titled “Data deletion”To request deletion of your account and associated data, email support@knowledgebricks.com with the subject line “Data deletion request”. We will confirm deletion within 10 business days. Subscription records required for tax or legal compliance are retained for the applicable statutory period before deletion.
Questions
Section titled “Questions”For security-related questions not covered here, contact security@knowledgebricks.com. For general support, use support@knowledgebricks.com.