Inkeep applies role-based access control (RBAC) with fine-grained permissions, so administrators can precisely define user access to logs and platform-management actions.
Enterprise-Grade Security To Safely Build Trust
SOC 2 Type II certified platform with comprehensive data governance, PII protection, and granular access controls. Your data never trains AI models.
Security and compliance
SOC 2
No training
SLAs
PII Protection
PII auto-detection and removal, plus custom retention policies (including zero-retention)
Permissions & Auth
User-level permissions and Credential Management to keep Agents scoped to what they need
Data Controls
GDPR compliant, data de-identification, delete anytime, and guaranteed no training on your data
Infrastructure
99.9% uptime SLA, Choose your LLM provider, Private cloud deployment available
End-to-End Encryption
Encryption at rest and in transit, with regular security audits and penetration testing
Access Controls
Single Sign-On (SSO) with any provider and Role-based permissions (RBAC)
Frequently Asked Questions
SSO integrations are offered for Google, Microsoft, and custom solutions, including SAML-based providers.
Yes. Inkeep supports multi-project organization with separate environments and dedicated team-management capabilities.
Administrators can create custom retention policies, including no-retention, tailored to their compliance or privacy requirements.
We're fortunate to have the backing of reputable investors, including Y Combinator, Khosla Ventures, and GreatPoint Ventures.
The service includes a 99.9 %+ uptime SLA, scales to hundreds of thousands of questions per month, runs on geo-distributed low-latency infrastructure, performs automatic content syncing every 24 hours (with on-demand updates via webhooks or API), and uses continuous API and UX monitoring.
Inkeep is SOC 2 Type II certified and GDPR compliant, demonstrating our commitment to enterprise-grade security controls, data protection, and operational excellence through annual third-party audits.
Data is encrypted at rest and in transit, with regular security audits and penetration testing. No customer data is used to train AI models. PII removal and data-de-identification are available, and customers can choose their LLM provider (Azure OpenAI, OpenAI, or Anthropic, or supply their own keys) and deploy privately, even with their own vector-database provider.