Overview
Our approach to data privacy
At Needle, we believe that your data should remain yours. Our data privacy framework is built on these core principles:
- • No Data Training: Your data is never used to train our models
- • Complete Isolation: Each customer's data is logically isolated
- • Your Infrastructure: Data stays in your control
- • Your Keys: Use your own API keys for all operations
Data Isolation
How we ensure complete separation of customer data
We implement strict data isolation at multiple levels:
Storage Isolation
- • Separate storage buckets for each customer
- • Isolated vector database indices
- • No cross-customer data access
Processing Isolation
- • Dedicated processing queues
- • Isolated embedding processes
- • Separate caching layers
API Isolation
- • Unique API endpoints per customer
- • Isolated rate limiting
- • Separate authentication contexts
Storage & Processing
Where and how your data is stored and processed
Your Infrastructure
- • Use your own S3-compatible storage
- • Your choice of vector database
- • Data never leaves your infrastructure
Processing Location
- • All processing happens in your infrastructure
- • No data stored in our systems
- • Only metadata stored in EU data centers
Data Retention
- • Zero data retention by us
- • You control all retention policies
- • Immediate data deletion on request
Access Controls
How we manage and control access to your data
Authentication
- • Secure token-based authentication
- • Optional SSO integration
- • Multi-factor authentication support
Authorization
- • Role-based access control (RBAC)
- • Granular permission settings
- • Custom access policies
Audit Logging
- • Comprehensive access logs
- • Activity monitoring
- • Configurable retention periods