Tightknit Data Security & Privacy
At Tightknit, we take data security and privacy seriously. We implement industry-standard encryption, retention policies, and access controls to ensure customer data remains secure at all times.Data Encryption
Tightknit follows best practices for encrypting data at rest and in transit, ensuring sensitive information is protected against unauthorized access.Encryption at Rest
- All stored data, including backups, is encrypted using AES-256 encryption, the industry standard for secure data storage. See Supabase security.
Encryption in Transit
- Data transmitted between clients and our servers is encrypted using TLS 1.3 to protect against interception.
- SSL certificates are managed through Cloudflare and Vercel.
Data Retention & Deletion
Tightknit provides flexible data retention policies to ensure customers maintain control over their information.Deleting Data
Users with the appropriate permissions can delete content within Tightknit.Deleting Workspaces
Workspace owners can delete their entire workspace, including all associated data. Full deletion, including backups, is completed within 30 days.Subscription Cancellation
Customers have 30 days to export their data after subscription cancellation. After this period, Tightknit is not obligated to retain customer data and may delete all related records.AI Privacy
Tightknit takes a security- and privacy-first approach to integrating AI into our platform. We apply rigorous controls and transparency around how AI models interact with customer data, ensuring all AI usage aligns with our broader privacy and security policies.Model Infrastructure
Tightknit uses a combination of third-party and open-source AI models, which are run exclusively on our own managed infrastructure. This gives us full control over where and how models are used, ensuring customer data never leaves our environment without consent.Third-Party AI Models
We leverage select third-party models under contractual agreements that explicitly prohibit training on customer data. These models are accessed in a way that enforces inference-only behavior, and we work exclusively with providers who offer training-disabled APIs or compute isolation to preserve privacy.Open Source AI Models
For scenarios where open-source models are used, we host and run them locally on Tightknit infrastructure. This ensures full visibility and auditability, and that customer data never leaves Tightknit’s systems during AI inference.No Model Training on Customer Data
Tightknit does not use customer data to train, fine-tune, or adapt AI models—whether proprietary, open source, or third-party. Your data is not used to improve models for other users or for future model development by Tightknit or our partners.Evaluation Logging
To ensure the safety, quality, and reliability of AI-powered features, Tightknit logs evaluation data related to AI model behavior. These logs may include anonymized prompts and outputs and are used strictly for testing, monitoring, and improving the safety of AI features. Logs are stored securely, access-controlled, and subject to strict internal handling policies. We do not link AI evaluation logs to individual users unless it is necessary for debugging with explicit customer involvement. All logging practices are aligned with our data retention and privacy policies.Subprocessors
To ensure seamless service delivery, Tightknit engages select subprocessors for specific functionalities. A complete list of subprocessors is available in our Trust Center, where users can sign up for updates regarding any changes.Data Breach Disclosure
Data breaches are an unfortunate reality that can threaten organizations. As a result, Tightknit is committed to taking all commercially reasonable measures to secure your customer data. This is why we are overwhelmingly transparent and about our security practices to give you the confidence in our infrastructure, processes, tooling, and policies to safeguard your data. Tightknit has not had an identified data breach since commencing operations. In the unlikely event of a data breach, Tightknit is prepared to take steps to limit the effects of any data breach and to assist any customers potentially affected by a data breach with meeting their obligations under law.Data breach definition
Tightknit defines a data breach as any accidental or unlawful destruction, loss, alteration or unauthorized disclosure of access to customer data.Notification Process
Tightknit will notify customers without undue delay after becoming aware of a data breach. Customers will be contacted by email, Slack (when available), and phone (when provided), and followed by multiple periodic updates throughout each day addressing progress and impact.Compliance with Global Privacy Laws
- As a global company, Tightknit complies with relevant privacy laws, including GDPR and CCPA.
- Customers will be informed if a breach impacts compliance obligations.