Compliance

At Knap, your trust is our top priority. We understand that data security and privacy are critical to our users, and we are committed to meeting the highest standards in these areas. The foundation for our work in this area is our privacy policy.

Listening to Our Users

We actively engage with our users to ensure our compliance efforts align with the industry’s most trusted standards. Your feedback plays a vital role in shaping how we prioritize and implement security measures, and we are always ready to listen to your concerns. If you do have concerns, please reach out to us on Discord or by email at hello@knap.ai.

Current Compliance

We are proud to be HIPAA-compliant, ensuring that sensitive health data is protected in accordance with the strictest regulations. This demonstrates our ongoing commitment to safeguarding personal and confidential information.

Our compliance team has 30 years of experience working on security and compliance. This represents an area of ongoing investment for us.

The Knap security program is led by IT and Security Senior Leadership and is responsible for the following areas:

- Application Security
- Infrastructure and Network Security
- Compliance
- Privacy
- Corporate Security
- Physical Security

Our employees are required to attend annual security awareness training and are informed of their security responsibilities.

Ongoing Efforts

In addition to HIPAA, we are actively working towards full compliance with:
‍
SOC 2 Type 1 and 2: To ensure we maintain strong controls over security, availability, and confidentiality. For users who use cloud inference, we use Groq, who are already SOC 2 Type 2 compliant.
‍
CCPA: So we meet the privacy rights and data protection standards expected in California and beyond.
‍
GDPR: Aligning with the rigorous privacy requirements for protecting user data in the European Union

Secure by Design

Since we don’t host your data, our compliance efforts are designed to scale with ease. This architecture allows us to remain focused on compliance without compromising the security of your sensitive information.

We're continually refining our processes to ensure we remain in line with evolving global standards, and we are committed to making compliance straightforward and transparent for our users.