Privacy Policy

1. Introduction

Private AI Knowledge ("we," "our," or "us") operates the Private AI Knowledge platform — a RAG-powered enterprise AI assistant that lets teams ask questions about their own private documents. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

By creating an account or using our service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you register, we collect your name, email address, and a hashed password. We never store passwords in plain text.

2.2 Documents You Upload

Documents you upload (PDFs, DOCX, TXT, CSV) are stored in Amazon S3 in your AWS region. We process document text to create vector embeddings that power semantic search. Raw document text is stored securely and is only accessible to members of your workspace.

2.3 Chat and Query Data

Questions you ask and AI responses are stored so you can review your conversation history. This data is scoped to your workspace and is not shared with other customers or used to train AI models.

2.4 Subscription and Billing

Billing is handled entirely by AWS Marketplace. We do not collect or store payment card numbers. We receive a customer identifier from AWS that links your AWS account to your subscription.

2.5 Usage Logs

We collect standard server logs including IP addresses, browser type, pages visited, and timestamps for security monitoring and service improvement.

3. How We Use Your Information

• To provide, operate, and improve the Private AI Knowledge service
• To process your documents and return AI-powered answers
• To authenticate your account and enforce workspace access controls
• To manage your subscription via AWS Marketplace
• To send transactional emails (account verification, password reset)
• To detect and prevent fraud, abuse, or security incidents
• To comply with legal obligations

We do not sell your data to third parties. We do notuse your documents or queries to train external AI models.

4. Data Storage and Security

All data is hosted on Amazon Web Services (AWS) infrastructure in the United States (us-east-1 region by default). Data at rest is encrypted using AES-256. Data in transit is encrypted using TLS 1.2 or higher.

Your documents and workspace data are strictly isolated — no data from one customer workspace is accessible to another customer (multi-tenant isolation enforced at the database and API layer).

Access to production systems is restricted to authorised personnel only, and all access is logged and audited.

5. Third-Party Services

We use the following third-party services to operate the platform:

• Amazon Web Services (AWS) — hosting, storage (S3), database (RDS), AI inference (Bedrock)
• AWS Marketplace — subscription billing and payment processing
• Google Gemini / OpenAI (optional, configurable) — AI language model inference; only the query text and document excerpts are sent, not raw uploaded files

Each third party has its own privacy policy and data processing agreement.

6. Data Retention

We retain your account data and workspace content for as long as your account is active. If you cancel your subscription and request account deletion, we will delete your data within 30 days, except where retention is required by law.

Server access logs are retained for 90 days for security purposes.

7. Your Rights

Depending on your location, you may have the following rights:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your personal data
• Portability — request your data in a machine-readable format
• Objection — object to processing of your data in certain circumstances

To exercise any of these rights, email us at privacy@privateaiknowledge.io. We will respond within 30 days.

8. Cookies

We use only essential session cookies required to maintain your logged-in state. We do not use advertising cookies or cross-site tracking.

9. Children's Privacy

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions, requests, or complaints, please contact us at: