Overview

We know that privacy and security is critical for many organizations. Inkeep is committed to protecting your organization’s and user’s data and privacy.

We use industry-standard security practices, use reputable subprocessors with SOC 2 compliance, and provide the controls needed for organizations to meet their own data protection requirements.

We actively follow security best practices like undergoing regular external security reviews and penetration tests. Inkeep is SOC 2 Type II compliant.

This article is only an overview of Inkeep’s approach to data privacy, not a legal agreement. See our privacy policy here and please reach out to privacy@inkeep.com for any other documentation requests or questions.

Use of LLMs

To provide our search and chat services, we use foundational large language models (LLMs) and artificial intelligence (AI) services from the following providers:

Our providers will never use your data to train AI or LLM models. See the links above for details of each provider’s policies. While Inkeep may train AI or LLM models for use by your organization, for example by fine-tuning an LLM model specific to your product, we’ll never expose your or your user’s data to unauthorized third parties.

Categories of Data Subjects

Information we collect can be in relation to the following types of Users:

  • End Users - Your end users or customers.
  • Employees - Your employees.

Categories of Collected Data

Knowledge Base Documents

Knowledge Base Documents include information provided to Inkeep for use in our search and chat service for your organization. These can include:

  • Technical documentation
  • Website and blogs
  • Sources that include end-user generated content like StackOverflow, GitHub, Discourse, Slack and Discord
  • Support desk tickets and FAQs
  • Internal documents
  • and others

You can control what content is provided to Inkeep for ingestion into your knowledge base. You can view and delete this content at any time.

Prompts and Responses

  • Prompts - The text or input provided by a user to Inkeep’s search or chat service. Prompts may also include context information provided by your organization.
  • Responses - The text or output provided in response to a prompt by Inkeep’s search or chat service.

Prompts and Responses are retained for the purposes of:

  1. Usage Analytics - Providing Employees with topical, sentiment, and other analytics of Prompts and Responses.
  2. End User Functionality - Providing functionality to End Users like thumbs-up and thumbs-down feedback, “Share chat”, and conversation history.
  3. Abuse and Misuse Monitoring
  4. Service Improvements - Monitoring and improving the quality of Inkeep’s search and chat service.

Enterprise Customers can customize the below:

  • Retention period of conversations
  • Enabling or disabling of Usage Analytics or End User Functionality

Prompts and Response pairs are only associated with User Metadata if that is collected. See the next section.

User Metadata

User Metadata can include identifying information like IP address or browser session information of Users. Your applications can choose to provide user IDs, user segmentation, or other data that you’d like to include in Inkeep’s Usage Analytics features.

You can customize and opt out of the collection of User Metadata to align with your own policies and preferences. See here for information on how to configure this in Inkeep’s web widgets. With these settings, you are able to control whether User Metadata is associated with Prompts and Responses or Application Information.

Application Information

We collect Application Information, which includes usage data generated in the process of providing Inkeep’s services, to help troubleshoot, measure, and improve the performance and availability of our services.

Advanced controls

For Enterprise customers with strict data protection requirements, we offer advanced data and privacy controls. These can include:

  • Zero-retention policy for any user prompts and responses.
  • Use of data de-identification services, like Google Cloud Platform’s Sensitive Data Protection, for processing Knowledge Base Documents or Prompts and Responses.
  • Sending of user prompts to specific LLM providers.
  • Using custom cloud infrastructure and vector database providers providers for storage of data.
  • Role-based access control on which employees can view Prompts and Responses or User Metadata.
  • Restricting user access to authenticated users.
  • A HIPAA BAA agreement with certain data processing policies.

In general, we will work with your legal and security teams to work with your requirements. We will review with them our service agreement, data processing agreement, security policies, and other relevant documents.

Contacting us

If you have a data request or questions about our use of data and processing, please reach out to privacy@inkeep.com.

If you are aware of an information security incident, unauthorized access, policy violation, security weakness, or suspicious activity related to Inkeep, please report it by sending an email with any relevant details to incidents@inkeep.com.