Security-first by design
Your knowledge base and customer data are your most valuable assets. We protect them with strong security practices built into every layer of the platform.
Encryption
All data is encrypted at rest using AWS-managed encryption and in transit via TLS.
Audit Logging
Verification requests, access events, and configuration changes are logged for review.
Access Control
Role-based access control and API key authentication for secure integrations.
Privacy by Design
Your data is never used for model training. Strict data isolation between tenants.
Data Isolation
Each organization's data is logically isolated. No cross-tenant data access is possible.
AWS Infrastructure
GroundTruth runs on AWS infrastructure with built-in security controls and monitoring.
How we handle your data
Transparency is a core value. Here is exactly how your data flows through GroundTruth.
Knowledge Base Storage
Your uploaded documents are chunked, embedded, and stored in encrypted databases. Each tenant's data is fully isolated. Documents can be deleted at any time.
Verification Processing
When you send a draft for verification, the text is processed in memory. Claims are extracted, evidence is retrieved from your knowledge base, and results are returned. Draft text is not persisted beyond the request lifecycle unless you opt into logging.
Infrastructure
GroundTruth runs on AWS infrastructure. All inter-service communication is encrypted via TLS. We use VPC isolation and security groups to limit access.
No Model Training
Your knowledge base content, customer interactions, and verification results are never used to train, fine-tune, or improve any machine learning models. Your data stays yours.
Encryption at every layer
All data is encrypted both at rest and in transit using industry-standard methods provided by AWS.
At Rest
AWS-managed encryption for all stored data in DynamoDB and S3. Encryption keys are managed by AWS KMS.
In Transit
TLS encryption for all API communications. HTTPS enforced on all endpoints.
Secure access management
GroundTruth provides multiple layers of access control to keep your data secure.
- Role-based access control (Owner, Admin, Member)
- API key authentication for programmatic access
- Session-based authentication for the dashboard
- OAuth and magic link sign-in options
- Team invite management with role assignment
Sample Audit Log Entry
{
"timestamp": "2025-01-15T14:32:01Z",
"event": "verification.completed",
"actor": "api_key:hg_sk_...a1b2",
"resource": "kb_abc123",
"details": {
"claims_extracted": 3,
"risk_score": 0.72,
"verdict": "high_risk",
"action_taken": "safe_rewrite"
},
"request_id": "req_xyz789"
}Have security questions?
Our team is happy to answer your questions or discuss your specific security requirements.