LoreGraph product docs
Security, Privacy, and Data
Summary
LoreGraph is designed around controlled workspace access, review before publishing, and careful handling of uploaded business documents.
Who this is for
- Workspace admins
- Security reviewers
- Legal reviewers
- IT administrators
Before you start
- Know which workspace owns the data.
- Review the source documents for sensitivity before upload.
- Use the legal security page and subprocessors page for formal review details.
Concepts
Uploaded documents are private to the workspace.
Learners do not automatically see source documents.
Courses are not public unless published that way.
AI helps generate drafts from uploaded materials. Admins review content before publishing.
Do not claim customer data is never used for training unless that is contractually true for the specific AI provider setup.
Access control depends on admin, creator, learner, and workspace boundaries.
Steps
- Upload documents only into the correct workspace.
- Keep courses in draft until review is complete.
- Choose private or invite-only access for internal training.
- Review AI-generated content before publishing.
- Delete source documents, courses, learners, or workspaces according to the product controls available.
- Review subprocessors and compliance status before enterprise rollout.
Settings reference
| Setting | What it does | Recommended default |
|---|---|---|
| Workspace privacy | Keeps uploaded materials scoped to the workspace. | Use one workspace per business in the MVP. |
| Learner access | Controls what learners can see. | Learners should see assigned courses, not raw source files by default. |
| Publishing mode | Controls public or private course access. | Use private for internal documents. |
| Deletion | Removes documents, courses, learners, or workspace data where supported. | Confirm downstream effects before deletion. |
Example
A company uploads an internal security policy, keeps the generated course in draft, reviews the AI output, publishes it privately, and assigns it only to employees who need the training.
Common mistakes
- Uploading sensitive content into a personal or wrong workspace.
- Publishing internal training publicly.
- Making unsupported claims about AI provider data training.
- Deleting source files without understanding whether generated courses remain available.
Compliance roadmap
| Item | Status guidance |
|---|---|
| SOC 2 | Do not describe LoreGraph as SOC 2 certified unless a current certification is in place. Treat as planned or under review until confirmed. |
| HIPAA | Do not use LoreGraph for HIPAA-regulated workflows unless a supported agreement and product configuration explicitly allow it. |
| DPA | Use the contract or sales process to confirm whether a DPA is available for the customer. |
| Enterprise security review | Available only when included in the enterprise sales or procurement process. |
Related Help Center articles
Last updated: May 30, 2026