// Trust & Security Report

    Slite, Inc. logo

    Slite, Inc.

    AI knowledge base (Slite), AI Agent, AI/Enterprise Search (Super), and Slite MCP server

    Certifications held

    4

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Slite maintains a SOC 2 Type II certification, demonstrating that our security controls are designed and operating effectively in accordance with the AICPA Trust Services Criteria. Our audit is performed annually by an independent, accredited third-party auditor.

    Verify on slite.slite.page
    HIPAA (Enterprise tier, with BAA)
    HELD

    Slite complies with the Health Insurance Portability and Accountability Act (HIPAA) and supports customers in meeting their regulatory obligations when processing Protected Health Information (PHI). ... Slite provides HIPAA support, including execution of a Business Associate Agreement (BAA), for enterprise-tier customers.

    Verify on slite.slite.page
    GDPR (compliance posture, not a certification)
    HELD

    Slite complies with the General Data Protection Regulation (GDPR) and implements the technical and organizational measures required to protect the personal data of individuals in the European Union. ... a comprehensive Data Processing Agreement (DPA) ... Standard Contractual Clauses (SCCs) for international data transfers ... a vetted and transparent list of sub-processors

    Verify on slite.slite.page
    ISO 27001
    HELD

    No ISO 27001 claim found on Slite's security page or trust center. The page lists SOC 2 Type II, HIPAA, and GDPR only.

    Verify on slite.slite.page
    > Show 1 unconfirmed / not-held certifications
    PCI-DSS (handled by payment processor, not Slite itself)
    NOT CONFIRMED

    Slite uses Stripe, a leading PCI-DSS-certified payment processor, to handle all billing and payment information. Slite does not store, process, or have access to your full payment card details at any point.

    source: slite.slite.page

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Production data hosted in the EU (Google Cloud Platform, St. Ghislain, Belgium). Note: the Privacy Policy states personal information is provided to Slite, Inc. in the United States and may be transferred to US and other jurisdictions under SCCs/adequacy decisions, so corporate/account-level personal data may touch the US even though customer document content is EU-hosted.

    Slite states explicitly that customer data is not used to train AI models. Security page: 'Customer data used for AI-powered features is processed securely within our infrastructure and is not used to train external models.' Homepage Data Handling section: 'Your data is never used to train AI models.' Semantic vector embeddings for the Ask and Super enterprise-search features are computed internally on Slite's own GPU resources, not via external model training. Note the privacy policy reserves the right to create and use aggregated/de-identified/anonymized data for research and development and service improvement.

    // Security controls

    Penetration testing

    Annual penetration tests and code audits performed by independent security firms

    slite.slite.page

    Bug bounty / vulnerability disclosure

    Vulnerability disclosure program (responsible reporting encouraged). No named public bug-bounty platform (no HackerOne or Bugcrowd mentioned).

    slite.slite.page

    Encryption in transit

    TLS, A+ rating on SSL Labs

    slite.slite.page

    Encryption at rest

    All customer data encrypted at rest using Google Cloud built-in encryption; keys managed within GCP. No end-to-end encryption offered.

    slite.slite.page

    Authentication / access

    SSO (Google, Slack, Apple), enforced SSO and external IdPs via OAuth 2.0/OIDC (Okta, Azure AD, OneLogin, Auth0) on Knowledge Suite/Enterprise; SCIM; granular role-based permissions; reader-only seats

    slite.slite.page

    Auditability

    Full audit logs, version history, draft states, every write attributed; logs centrally collected, tamper-protected, monitored via Datadog

    slite.slite.page

    Continuous monitoring / trust center

    Vanta-powered continuous control monitoring; dedicated Vanta-hosted Trust Center where SOC 2 Type II report and security docs are available on access request

    slite.slite.page

    Secure development

    Mandatory peer code review; OWASP Top 10 developer training; automated unit/integration/e2e tests pre-deploy; Google Cloud Container Scanning and GitHub Dependabot; vuln SLAs aligned to Google Project Zero timelines

    slite.slite.page

    Backups & DR

    Daily/6-hourly snapshot backups across multiple EU GCP data centers with monthly restoration tests; documented Incident Response, BCP and DR plans reviewed annually

    slite.slite.page

    // Products & data scope

    Slite (AI knowledge base)Team knowledge base / documentation

    data: Document content, structure, user/account metadata. Stored in EU (GCP Belgium); document content in MongoDB, structural data in relational DB, search index in Elasticsearch.

    Core product. Basic ($10/user/mo) and Pro ($20/user/mo) tiers; Enterprise custom.

    Slite AgentAI agent / knowledge drift detection

    data: Reads connected tools (Slack, Linear, GitHub, codebase) to detect knowledge drift and draft doc updates with human in the loop.

    Pro and Enterprise. Permission-aware; data not used to train external models.

    Slite AI Search / Super enterprise searchEnterprise AI search

    data: Semantic vector embeddings computed internally on Slite GPU resources; permission-aware queries inherit user permissions; cited answers.

    Super has its own status page (status.super.work), indicating a related/sibling product surface.

    Slite MCP serverMCP / agent integration

    data: Exposes verified knowledge to external agents (Claude, ChatGPT, Cursor) via MCP; queries inherit user permissions.

    Same retrieval engine as the Agent, exposed via Model Context Protocol.

    // What to watch

    • Privacy Policy last updated Jun 6, 2023, while the Security page was updated Dec 2, 2025 — the privacy policy is somewhat dated relative to the current AI/agent product and does not mention AI training stance (that claim lives on the security page and homepage).
    • No end-to-end encryption (stated plainly).
    • Vulnerability disclosure program only; no public HackerOne/Bugcrowd bug-bounty platform.
    • Data residency is split: document/customer content EU-hosted, but corporate/account personal data may be processed in the US under SCCs.
    • ISO 27001 not held/not claimed.
    • SOC 2 report and detailed security docs are gated behind a Vanta Trust Center access request (normal, but not publicly downloadable).

    // At a glance

    Pricing model

    Per-user subscription: Basic $10/user/mo, Pro $20/user/mo (billed yearly), Enterprise custom

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Slite, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    slite.slite.page

    > Browse all vendor trust reports