// Trust & Security Report
Slite, Inc.
AI knowledge base (Slite), AI Agent, AI/Enterprise Search (Super), and Slite MCP server
Certifications held
4
Maturity
Growth
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on slite.slite.page“Slite maintains a SOC 2 Type II certification, demonstrating that our security controls are designed and operating effectively in accordance with the AICPA Trust Services Criteria. Our audit is performed annually by an independent, accredited third-party auditor.”
Verify on slite.slite.page“Slite complies with the Health Insurance Portability and Accountability Act (HIPAA) and supports customers in meeting their regulatory obligations when processing Protected Health Information (PHI). ... Slite provides HIPAA support, including execution of a Business Associate Agreement (BAA), for enterprise-tier customers.”
Verify on slite.slite.page“Slite complies with the General Data Protection Regulation (GDPR) and implements the technical and organizational measures required to protect the personal data of individuals in the European Union. ... a comprehensive Data Processing Agreement (DPA) ... Standard Contractual Clauses (SCCs) for international data transfers ... a vetted and transparent list of sub-processors”
Verify on slite.slite.page“No ISO 27001 claim found on Slite's security page or trust center. The page lists SOC 2 Type II, HIPAA, and GDPR only.”
> Show 1 unconfirmed / not-held certifications
source: slite.slite.pageSlite uses Stripe, a leading PCI-DSS-certified payment processor, to handle all billing and payment information. Slite does not store, process, or have access to your full payment card details at any point.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Production data hosted in the EU (Google Cloud Platform, St. Ghislain, Belgium). Note: the Privacy Policy states personal information is provided to Slite, Inc. in the United States and may be transferred to US and other jurisdictions under SCCs/adequacy decisions, so corporate/account-level personal data may touch the US even though customer document content is EU-hosted.
Slite states explicitly that customer data is not used to train AI models. Security page: 'Customer data used for AI-powered features is processed securely within our infrastructure and is not used to train external models.' Homepage Data Handling section: 'Your data is never used to train AI models.' Semantic vector embeddings for the Ask and Super enterprise-search features are computed internally on Slite's own GPU resources, not via external model training. Note the privacy policy reserves the right to create and use aggregated/de-identified/anonymized data for research and development and service improvement.
// Security controls
Penetration testing
Annual penetration tests and code audits performed by independent security firms
slite.slite.pageBug bounty / vulnerability disclosure
Vulnerability disclosure program (responsible reporting encouraged). No named public bug-bounty platform (no HackerOne or Bugcrowd mentioned).
slite.slite.pageEncryption at rest
All customer data encrypted at rest using Google Cloud built-in encryption; keys managed within GCP. No end-to-end encryption offered.
slite.slite.pageAuthentication / access
SSO (Google, Slack, Apple), enforced SSO and external IdPs via OAuth 2.0/OIDC (Okta, Azure AD, OneLogin, Auth0) on Knowledge Suite/Enterprise; SCIM; granular role-based permissions; reader-only seats
slite.slite.pageAuditability
Full audit logs, version history, draft states, every write attributed; logs centrally collected, tamper-protected, monitored via Datadog
slite.slite.pageContinuous monitoring / trust center
Vanta-powered continuous control monitoring; dedicated Vanta-hosted Trust Center where SOC 2 Type II report and security docs are available on access request
slite.slite.pageSecure development
Mandatory peer code review; OWASP Top 10 developer training; automated unit/integration/e2e tests pre-deploy; Google Cloud Container Scanning and GitHub Dependabot; vuln SLAs aligned to Google Project Zero timelines
slite.slite.pageBackups & DR
Daily/6-hourly snapshot backups across multiple EU GCP data centers with monthly restoration tests; documented Incident Response, BCP and DR plans reviewed annually
slite.slite.page// Products & data scope
data: Document content, structure, user/account metadata. Stored in EU (GCP Belgium); document content in MongoDB, structural data in relational DB, search index in Elasticsearch.
Core product. Basic ($10/user/mo) and Pro ($20/user/mo) tiers; Enterprise custom.
data: Reads connected tools (Slack, Linear, GitHub, codebase) to detect knowledge drift and draft doc updates with human in the loop.
Pro and Enterprise. Permission-aware; data not used to train external models.
data: Semantic vector embeddings computed internally on Slite GPU resources; permission-aware queries inherit user permissions; cited answers.
Super has its own status page (status.super.work), indicating a related/sibling product surface.
data: Exposes verified knowledge to external agents (Claude, ChatGPT, Cursor) via MCP; queries inherit user permissions.
Same retrieval engine as the Agent, exposed via Model Context Protocol.
// What to watch
- Privacy Policy last updated Jun 6, 2023, while the Security page was updated Dec 2, 2025 — the privacy policy is somewhat dated relative to the current AI/agent product and does not mention AI training stance (that claim lives on the security page and homepage).
- No end-to-end encryption (stated plainly).
- Vulnerability disclosure program only; no public HackerOne/Bugcrowd bug-bounty platform.
- Data residency is split: document/customer content EU-hosted, but corporate/account personal data may be processed in the US under SCCs.
- ISO 27001 not held/not claimed.
- SOC 2 report and detailed security docs are gated behind a Vanta Trust Center access request (normal, but not publicly downloadable).
// At a glance
Pricing model
Per-user subscription: Basic $10/user/mo, Pro $20/user/mo (billed yearly), Enterprise custom
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Slite, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
slite.slite.page