Security and Data Handling

Security posture

Ankaavi Technologies Private Limited operates KnownSense Intelligence with a security-first posture for business call data, QA outputs, and customer workspaces. This page gives a public overview and is not a substitute for a signed security addendum or diligence pack.

• KnownSense is designed for business call quality workflows where customer recordings, transcripts, and QA outputs may contain personal data or confidential business information.
• Security commitments for a proof of concept or production deployment should be captured in the NDA, data protection schedule, POC agreement, or customer contract before live recordings are shared.
• We avoid publishing non-public technical implementation details on the public website.

Access control and tenant separation

• Product access is account-based and role-aware, with workspace views intended to separate organisation administrators, QA managers, team leads, agents, and internal platform operations.
• Customer data access should be scoped to authorised users and operational support personnel who need access for service delivery, support, security, or contractual obligations.
• Administrative access should be limited, reviewed, and used for support, security, debugging, billing, or customer-requested operations.
• Customer workspaces are designed around tenant-aware data handling so one organisation's call data is not intentionally exposed to another organisation.

Data handling and retention

• Public demo audio is intended to be deleted after processing or expiry. Demo results are temporary and used only to show the requested evaluation and protect the demo service.
• For customer workspaces, normal recordings are intended to be deleted after analysis unless a flagged-review window, customer agreement, legal requirement, or troubleshooting need requires retention.
• Transcripts, analyses, flags, reports, coaching records, billing records, audit logs, and support records may have separate retention periods depending on the agreement and operational need.
• Customer data return, deletion, export, and destruction procedures should be agreed before a POC using live customer recordings begins.

Transport, storage, and processing

• KnownSense should be accessed over secure HTTPS connections in production.
• Uploaded audio and generated outputs should be stored and processed only for authorised product, support, security, billing, or legal purposes.
• Customer-specific hosting location, deployment model, subprocessor list, and data-flow diagrams should be handled under NDA or customer agreement, not exposed as public architecture.
• Public website text does not grant permission to upload live regulated recordings into a demo or workspace without a signed data handling arrangement.

AI processing controls

• KnownSense AI outputs are designed to assist QA managers and operations teams, not replace final human judgment.
• Unless expressly agreed in writing, customer recordings, transcripts, and derived outputs are not used to train, fine-tune, or improve models for other customers.
• Customer agreements should define whether any external AI service or other subprocessor is used, where processing occurs, what data is sent, and what retention controls apply.
• Sensitive flags, compliance outcomes, coaching actions, and employment-related decisions should be reviewed by authorised human personnel.

Monitoring and incident response

• We use operational logs, diagnostics, rate limits, abuse-prevention checks, and support workflows to detect reliability or security issues.
• Security events are triaged based on severity, affected data, customer impact, legal obligations, and contractual commitments.
• Where applicable, incident handling may need to account for Indian cyber incident reporting requirements, customer notification duties, and personal data breach obligations.
• Security reports can be sent to admin@knownsense.ai. For customer engagements, a named escalation channel can be added in the contract.

Subprocessors and vendors

• KnownSense may rely on vendors for hosting, storage, security, analytics, email, support, communications, and AI processing.
• The public website does not list every production or POC subprocessor because those choices may vary by deployment, customer requirements, and signed contract.
• Before live customer recordings are shared, customers may request a subprocessor disclosure and data-flow summary under NDA or a data protection schedule.
• Subprocessors should be limited to agreed purposes and subject to confidentiality, security, access, and retention obligations appropriate to their role.

Current certification status

KnownSense is operated by a young company. Unless a current certificate or audit report is expressly published or provided in writing, Ankaavi does not represent that it holds ISO 27001, SOC 2, or equivalent certification.

• For enterprise diligence, we can provide a security questionnaire response, architecture-level data-flow summary, retention description, and POC-specific controls under NDA.
• Independent audits, penetration tests, cyber liability cover, technology errors and omissions cover, and certification commitments should be handled as contract items.
• No statement on this page expands any warranty, indemnity, service level, or liability position beyond a signed agreement.

Responsible disclosure

• Report suspected vulnerabilities, unauthorised access, exposed data, or security concerns to admin@knownsense.ai.
• Please include a clear description, affected URL or workflow, reproduction steps, impact, and your contact details.
• Do not access, copy, alter, delete, disclose, or exfiltrate data that is not yours while investigating a suspected issue.
• We may request reasonable time to validate, remediate, and coordinate disclosure for genuine security reports.