Data Privacy

Overview

Our approach to data privacy.

At Needle, we believe that your data should remain yours. Our data privacy framework is built on these core principles:

• No Data Training: Your data is never used to train our models.
• Complete Isolation: Each customer's data is logically isolated.
• Your Infrastructure: Data stays in your control.
• Your Keys: Use your own API keys for all operations.

Data Isolation

How we ensure complete separation of customer data.

We implement strict data isolation at multiple levels:

Storage Isolation

• Separate storage buckets for each customer.
• Isolated vector database indices.
• No cross-customer data access.

Processing Isolation

• Dedicated processing queues.
• Isolated embedding processes.
• Separate caching layers.

API Isolation

• Unique API endpoints per customer.
• Isolated rate limiting.
• Separate authentication contexts.

Storage & Processing

Where and how your data is stored and processed.

Your Infrastructure

• Use your own S3-compatible storage.
• Your choice of vector database.
• Data never leaves your infrastructure.

Processing Location

• All processing happens in your infrastructure.
• No data stored in our systems.
• Only metadata stored in EU data centers.

Data Retention

• Zero data retention by us.
• You control all retention policies.
• Immediate data deletion on request.

Access Controls

How we manage and control access to your data.

Authentication

• Secure token-based authentication.
• Optional SSO integration.
• Multi-factor authentication support.

Authorization

• Role-based access control (RBAC).
• Granular permission settings.
• Custom access policies.

Audit Logging

• Comprehensive access logs.
• Activity monitoring.
• Configurable retention periods.