KnowBotGet started free

Privacy Policy

Last updated: February 2026

Overview

KnowBot is a Retrieval-Augmented Generation (RAG) platform that lets businesses upload documents and deploy an AI chatbot grounded in their own content. This policy explains what data we collect, how it is processed, and the third-party services involved.

What we store

  • Account dataYour email address and hashed password, managed by Supabase Auth.
  • Uploaded documentsOriginal files are stored in a private, access-controlled Supabase Storage bucket. Only you can access your files — each tenant's data is isolated by organization ID at both the database and storage layer.
  • Document chunksText extracted from your documents is split into chunks and stored alongside vector embeddings in a private Supabase Postgres database protected by Row Level Security.
  • Query logsEvery question asked through your chatbot and the AI's response are stored in your private query log, including which document chunks were used to answer. This is visible only to you and used for your own analytics and export.

Third-party AI providers

KnowBot uses two AI services to process your content. Your document text and chat queries are transmitted to these providers over encrypted connections.

OpenAI — Embeddings

Model: text-embedding-3-small

Document text and search queries are sent to OpenAI to generate vector embeddings. OpenAI's API data usage policy states that data submitted via the API is not used to train their models by default. Data may be retained by OpenAI for up to 30 days for abuse monitoring, then deleted.

OpenAI API data usage policy →

Anthropic — Chat responses

Model: claude-haiku-4-5

Retrieved document chunks and user questions are sent to Anthropic to generate chat responses. Anthropic's API policy states that API inputs and outputs are not used to train their models by default. A similar 30-day retention window applies for trust and safety purposes.

Anthropic API data privacy policy →

If your use case requires contractual data protection guarantees (e.g. HIPAA, SOC 2), please contact us — both OpenAI and Anthropic offer enterprise Data Processing Agreements (DPAs) for eligible customers.

Infrastructure

  • Supabase — database, authentication, and file storage (hosted on AWS). Data is encrypted at rest and in transit.
  • Vercel — application hosting and serverless functions (hosted on AWS/Cloudflare edge).
  • Stripe — payment processing. We never store card numbers; all billing data is handled directly by Stripe.

Data deletion

You can delete any document from your dashboard at any time. This removes the original file from storage, all extracted text chunks, and their embeddings immediately and permanently. To delete your entire account and all associated data, contact us and we will process the request within 7 days.

Contact

Questions about this policy or your data? support@kilgoreai.com