Security & privacy
Private by default — in plain English
Here is how AnswerKeep protects what you keep, and — just as importantly — what it does not claim to do.
What we do
- Encrypted records. Finalized records (Keep and Council) are encrypted at rest.
- Owner-scoped access. You can only ever read your own records; access is enforced server-side.
- Encrypted Council sessions. In-progress Council questions, answers, selections, and synthesis are encrypted too.
- Private search. Search runs over your own records in a bounded way — there is no plaintext index of your content.
- Temporary staging is redacted. Short-lived processing data is redacted on a documented lifecycle.
- Export & deletion. You can export your records and permanently delete any of them at any time.
- Safe operations. Logs, metrics, and diagnostics use safe metadata — never your private questions, answers, or decisions.
What we don't claim
- This is not zero-knowledge architecture. The authorized application server can decrypt your records in order to provide the service.
- We do not claim end-to-end encryption, an unhackable system, or military-grade security.
- When real AI providers are deliberately enabled, selected content may be sent to those providers — and their retention terms must be reviewed before that happens. In the current private beta, the Council uses built-in deterministic test models and contacts no third party.
- Production backup, disaster recovery, and managed-key architecture remain gated pending a dedicated security review.
- No system is risk-free.
AI provider disclosure
In the current private beta, the Council uses built-in deterministic test models — no third-party provider is contacted. Real providers are disabled by default. If and when they are enabled, the question, context, and the material you selected may be transmitted to the selected provider to generate or synthesize an answer. Avoid submitting content you are not authorized to share.
Reporting a security concern
If you believe you’ve found a security problem, tell us through the support form and choose “Security concern”. Please describe what you observed and how to reproduce it, and don’t include other people’s data or working exploit code in the message. Security reports are reviewed; a formal disclosure policy has not yet been published.
Read the Privacy draftMore questions? See the FAQContact support