Enterprise-Grade Security

Your Data Security is Our Priority

We built RetrieveIT.AI with security at the core. Your knowledge stays private, encrypted, and under your control.

Security Built In, Not Bolted On

Every layer of RetrieveIT.AI is designed with security in mind.

Encryption Everywhere

AES-256 encryption at rest for all data. TLS 1.2+ encryption in transit. Your data is protected at every stage.

No AI Training on Your Data

Amazon Bedrock guarantees your data is never used to train AI models. Your knowledge stays yours.

Role-Based Access Control

Organization admins control who can access what. Workspace-level permissions keep teams focused on relevant content.

Tenant Isolation

Your data is logically isolated from other customers. All queries enforce organization-level boundaries.

AWS Infrastructure

Built on AWS with SOC 2 and ISO 27001 certified infrastructure. US-based data centers.

Secure Integrations

OAuth-only integrations with minimal scopes. No passwords stored. Tokens encrypted with AWS KMS.

AI That Respects Your Privacy

Unlike consumer AI tools, RetrieveIT.AI is built for business data. Your documents and conversations are never used to train AI models.

  • Zero Data Retention by AI

    Amazon Bedrock processes queries without storing your data

  • No Model Training

    Your content is never used to improve or train AI models

  • Private Vector Storage

    All content is stored in isolated, encrypted storage unique to your organization. Each workspace's vectors and documents are cryptographically separated.

  • AWS Bedrock Security

    Enterprise-grade AI infrastructure with SOC 2 compliance

Data Flow

1

Your query is sent to our servers

2

We search your private vector index

3

AI processes with zero data retention

4

Response returned, nothing stored by AI

Compliance & Certifications

Meeting the standards your business requires.

Ready

GDPR Ready

Data processing agreements available. EU data subject rights supported.

Compliant

CCPA Compliant

California privacy rights honored. No sale of personal information.

Via Stripe

PCI DSS

Payment processing handled by PCI-compliant Stripe. Card data never touches our servers.

Security FAQ

All data is stored in AWS US-based regions. We use Amazon S3 for document storage and DynamoDB for metadata, both with encryption at rest enabled by default.

No. We use Amazon Bedrock for AI processing, which explicitly does not use customer data for model training. Your documents and conversations remain private and are never used to improve AI models.

We use passwordless magic link authentication. No passwords are stored on our servers. OAuth tokens for integrations (GitHub, Slack, etc.) are encrypted and stored securely in AWS.

No. All data is logically isolated by organization. Database queries enforce tenant isolation at the application level, and vector searches are scoped to your organization's data only.

When you delete documents or conversations, they are removed from our systems. After account cancellation, all data is retained for 30 days (for reactivation), then permanently deleted.

We use Stripe for all payment processing. Credit card numbers never touch our servers. We only store your Stripe customer ID and subscription status.

We are currently working toward SOC 2 Type II certification. In the meantime, we leverage AWS's SOC 2 certified infrastructure and follow security best practices aligned with SOC 2 controls.

Integrations use OAuth with minimal required scopes. For example, GitHub integration only requests read access to repositories you explicitly select. We never store integration passwords.

Yes. You can download your uploaded documents at any time through your account dashboard. Contact support for a full data export request.

Please email security@retrieveit.ai with details of any security concerns. We take all reports seriously and will respond within 24 hours.

We log metadata for security and compliance: user actions (workspace access, query counts), IP addresses and session information, integration connection events, and usage metrics for billing. We do NOT log your actual query text or AI responses, document content, or workspace-specific data. All logs are encrypted and retained for 365 days for security investigation purposes.

Security incidents are handled directly by our founding team with immediate priority. All alerts trigger real-time notifications. We commit to investigating any security concern within 24 hours and notifying affected customers immediately if data is compromised.

Active data is retained as long as your subscription is active. Deleted data is permanently removed within 30 days. Audit logs are kept for 365 days for security and compliance. Backups follow a 30-day rolling retention. When you delete a workspace or cancel your subscription, all data is permanently and irreversibly deleted within 30 days.

Have Security Questions?

Our team is happy to discuss your security requirements and answer any questions.

Contact Ussecurity@retrieveit.ai