# Frequently Asked Questions

# How is my data secured when using Ketryx AI features?

Adrian Samsel

- Updated 7 months ago

Ketryx upholds enterprise-grade security standards, validated through SOC 2 Type II. The description below provides a technical overview of our data handling and security, focusing on how customer data interacts with our optional AI and Large Language Model (LLM) features.

#### **1\. Data Flow for AI/LLM Processing**

The use of AI features in the Ketryx platform is **entirely optional**. When enabled for tasks like document analysis or semantic search (RAG), your data follows a secure, zero-trust path:

1. **Secure API Call:** The specific data snippet is transmitted securely through HTTPS to the API endpoint.
2. **Zero-Retention Processing:** The call is directed exclusively to zero-data-retention endpoints at our LLM providers. This contractually guarantees **your data is never stored by the LLM provider or used for model training.** It is used only for the immediate API transaction.
3. **Secure Return:** The result (e.g., a summary or vector embedding) is returned to Ketryx and **stored entirely within your secure environment.** The original data snippet does not persist outside Ketryx.

This process ensures your data remains protected from long-term storage or training use by any third-party model provider.

#### **2\. Audit, Monitoring, and Logging**

As validated by our SOC 2 Type II report, Ketryx employs comprehensive controls for platform security and integrity:

- **Monitoring & Alerting:** We monitor infrastructure for suspicious activity (CC7.1) and use automated alerts to ensure timely investigation by our personnel.
- **Incident Response:** A formal, annually-tested Incident Response Policy (CC7.4) ensures an effective and orderly response to any security incidents.

These controls provide continuous oversight and active protection for your data.
