← Return to OKAtlas

Privacy Policy

Last Updated: March 30, 2026

1. Zero-Knowledge Architecture & Core Philosophy

OKAtlas.ai ("OKAtlas", "we", "our", or "us") operates on the fundamental principle that your institutional knowledge is a sovereign asset. We provide the cognitive infrastructure, the memory and reasoning engine, but we do not claim ownership, access, or training rights over the data that flows through it.

Our models are strictly isolated. Your organizational context never trains our foundational models, nor is it shared across different tenant environments. We operate a strict zero-retention policy for inferences unless explicitly configured otherwise by your organization's administrators.

2. Data Ingestion and Indexing Pipeline

When OKAtlas integrates with your enterprise stack (e.g., Slack, Google Drive, Microsoft Teams), we act purely as a data processor.

  • Vectorization at Rest: Text, documents, and communication streams are securely vectorized and stored using AES-256 encryption.
  • Transit Security: All API communication and ingestion data flows over TLS 1.3 encrypted channels.
  • Compliance Boundaries: Node storage can be localized to specific geographic regions to satisfy regional data residency requirements (GDPR, CCPA, etc.).

3. What Information We Collect

Outside of your encrypted enterprise data, we collect standard metadata to maintain the operational health of the OKAtlas platform:

  • Account Information: Name, corporate email address, and authentication credentials necessary to provision dashboard access.
  • Telemetry Data: Anonymized query latency metrics, integration uptime statuses, and error logs required to maintain infrastructure stability. This telemetry never contains the content of the queries themselves.
  • Website Usage: Standard analytics (cookies, IP addresses, browser types) collected when you interact with our public marketing websites, used solely to improve our web presence.

4. Private Cloud Deployments (VPC)

For organizations deploying OKAtlas within their own Virtual Private Cloud (VPC), our visibility is restricted to infrastructure orchestration metrics (CPU load, memory pressure, billing pulses). In these deployment architectures, OKAtlas engineers cannot access your vector databases or query logs under any circumstances unless a temporary, securely audited diagnostic token is issued by your administrative team.

5. Third-Party Integrations

Our platform's core utility relies on unifying your fragmented apps. When you authorize a connection (e.g., via OAuth) to a third-party service, you grant OKAtlas the necessary read-permissions to index that specific silo. You can revoke these permissions instantly from your OKAtlas command center, which will trigger a cascade deletion of all associated vectorized data within 72 hours.

6. Contact the Security Team

If you have questions regarding this Privacy Policy, our data ingestion architecture, or require our localized compliance documentation, please contact our deployment engineering team at security@okatlas.ai.