knowmindknowmind
DokumentationQuickstartAnbindungReferenzFehlerbehebung
DEEN
knowmindknowmind
DocumentationQuickstartIntegrationsReferenceTroubleshooting
DEEN

Security

Data flow

This page shows, for the typical usage paths, which component processes which data. Required by ISO 82079 before production use, especially for IT procurement and data protection impact assessments.

Components and their data flows

Overview of every data flow between knowmind and its subprocessors. Solid arrows: regular. Dashed arrows: only when actively used (BYOK, Stripe, webhooks).

Path A: Sign in with a magic link

text
Your browser ─► knowmind.de (HTTPS, TLS 1.3)
                  └─► mail generation
                       └─► Brevo (EU) ─► your inbox
                                          └─► you click the link
                                               └─► knowmind.de establishes a session

Content: your email address, the link token, standard headers. Brevo sees only the recipient address and the mail body ("Your sign-in link"). Brevo does not store workspace content.

Path B: Create a memory via the dashboard

text
Your browser ─► knowmind.de (HTTPS)
                  └─► Control plane (Next.js)
                       ├─► PostgreSQL (tenant column, Hetzner)
                       ├─► embedding service ─► pgvector
                       └─► Knowledge Graph (Neo4j, Hetzner)

Content stays inside the knowmind infrastructure in Germany. If a BYOK provider is configured for enrichment, path D runs in addition.

Path C: Recall via an MCP client (Claude Code, ChatGPT, Claude.ai)

text
AI client ─► knowmind.de/api/mcp/v1 (HTTPS, bearer token)
                └─► control plane
                     ├─► PostgreSQL (BM25, vector)
                     ├─► Knowledge Graph (graph hops)
                     └─► response (JSON-RPC) ─► AI client
                                              └─► model answer to you

The language model itself runs at the AI provider (Anthropic for Claude, OpenAI for ChatGPT). knowmind sees neither your prompt content nor the model's answer — only the recall request and the hits returned.

Path D: BYOK enrichment

text
Control plane ─► provider adapter (clear-text key in RAM)
                  └─► provider (Anthropic / OpenAI / Mistral / …)
                       └─► response ─► control plane ─► database

Content only reaches the provider when you have enabled BYOK. Your key sits encrypted (AES-256-GCM) in the database, is decrypted at call time and lives in the adapter's RAM for the duration of one call. No logs, no tracing fields, no stack traces carry the clear text.

Path E: Webhook outbound

text
Event (memory, edge, plan) ─► webhook queue
                                      └─► webhook worker
                                           └─► HTTP POST to your URL
                                                (HMAC-SHA256 signed)

knowmind only sends to webhook targets registered in the dashboard. The body is minimised (IDs, timestamps, event type). Full memory content is not sent — your endpoint can pull it via the API when needed.

Subprocessor list (as of 23 May 2026)

SubprocessorPurposeLocation
Hetzner Online GmbHServer hostingGermany (Nuremberg / Nürnberg)
BrevoTransactional mail deliveryFrance
Stripe Payments Europe Ltd.Payment processingIreland
Let's EncryptTLS certificatesUSA (CA only, no content)

The complete list with purpose and contractual basis is part of the DPA. Request by email at info@schuebeler-consulting.de.

Related