Locusive utilizes enterprise-grade security protections for your business data including access controls, encryption, data isolation, and compliance with regulations like CASA Tier 2. Only specific authorized datasets are synced with Locusive. Client data is separated logically. All data is transferred over SSL, and we implement a policy of least privilege.
We’ve also taken the following steps to work on ensuring data privacy and security:
Data storage:
- We don’t store the entire contents of a document anywhere. Rather, we break it up into chunks and store those chunks in a vector database. That vector database does not provide an index of what documents are available, and that information is stored in a separate database. This helps ensure that even if one database was compromised, it would be difficult to get access to any data.
- We limit access to all data stores to the top personnel at Locusive who need to be able to work with data systems
- All data is partitioned by customer so that there is no intermingling of documents between customers
Data transmission
- Data is transmitted securely with SSL
Data access
- Locusive users make their documents available to the users in their Slack channel, and only those users have access to query documents that have been explicitly added by their org’s admins
- For uploaded documents, we generate a one-time, signed URL that expires after a few minutes. This URL is only generated at the time that an authorized user explicitly wants to view a document they have uploaded.