IF YOU REGISTER FOR A FREE TRIAL OF THE SERVICE, THE APPLICABLE PROVISIONS OF THIS AGREEMENT ALSO GOVERN YOUR USE OF THOSE SERVICES

Terms of Service

These Terms of Service ("Terms") are between you ("you" or "Customer") and Knowi, Inc. ("Knowi," "we," "us," or "our"). Please read them carefully. They form a contract between you and Knowi that governs your access to and use of the Knowi Services. You may use the Services only if you have the power to form a contract with Knowi and are not barred under any applicable laws from doing so. Your use of or registration for any of the Services will constitute your agreement to be bound by these Terms. If you do not agree to be bound by these Terms, you must not use the Services. If you are using the Services on behalf of an organization, unless that organization has a separate paid contract in effect with us, you are agreeing to these Terms for that organization, and representing to Knowi that you have the authority to bind that organization to these Terms (in which event, "you" and "you" will refer to the organization). If you are using the Services on behalf of an organization that has a separate paid contract in effect with us, the terms of that contract will govern your use of the Services.

These Terms may be modified from time to time. The date of the most recent revisions will appear on this page, so please check back often. Your use of or continued access to the Services after any changes constitutes your acceptance of those changes, whether or not you have reviewed them. If you do not agree to changes to the Terms, you must stop using the Services and cancel your user account.

For ease of reference, these Terms are broken into the following sections:

Definitions
Availability of the Services
Your Responsibilities relating to Use of the Services
Fees and Payment
Cancellation of Services
Confidentiality
Ownership
No Warranty
Indemnification
Limitation of Liability
Suspension and Termination of your Use of the Services
General Provisions

Definitions

"Account"

means an online account created by you or on your behalf within the Services.

"Administrator"

means a User you identify as having administrative rights including, without limitation, the permission to add licenses, cancel licenses and define the scope of the Services.

"Affiliate"

means, with respect to a party, any entity which directly or indirectly controls, is controlled by, or is under common control with such party (where "control" means ownership or control, directly or indirectly, of more than 50% of the voting interests of the subject entity).

"Content"

means data, text, audio, video, images or other content.

"Documentation"

means written or online user documentation that describe the functionality, operation, and use of the Services, and that Knowi provides or makes generally available to customers of the Services.

"Services"

refers, collectively, to the hosted storage solution we provide for online storage, sharing and processing of Content, the Software, the Website, and Documentation.

"Software"

means the software used, provided or made available by Knowi for use in connection with the Services. Software includes the Knowi Data Connector Software which is that portion of the Software that is installed on Customer's local server, desktop, mobile or other device (for example, mobile apps, desktop apps, and group apps) and enables a User to submit data to Knowi.

"User"

means an individual who accesses the Services and Software.

"Website"

means any websites owned or operated by Knowi, including those located at and www.knowi.com.
Availability of the Services
- Services.
  
  We will make the Services available for your use on a non-exclusive basis and in strict compliance with these Terms and all applicable laws. Your use includes allowing Users to transmit, store, share, retrieve, and process Content through the Services solely through an Account registered to you and in accordance with the orders you place with Knowi. In the event that your Users exceed the quantity or User type for which you paid, you agree to pay for your additional Users at Knowi's then-current pricing.
- Software Provided for Use with the Services.
  
  Subject to your continued compliance with these Terms, we grant you the nonexclusive, nontransferable, worldwide, personal license to install and use the Knowi Data Connector for the sole purpose of submitting data into Knowi Service.
- Support for the Services.
  
  Knowi will provide the level of support you select in your order from those we make available.
- Updates to the Services.
  
  We reserve the right, in our sole discretion, to change, update, and enhance the Services at any time including to add functionality or features to, or remove them from, the Services. We may also suspend the Services or stop providing the Services all together.
- Free Trials.
  
  If you register on our website or via a Service Order for a Free Trial, we will make the Service available to you under the Free Trial until the earlier of (a) the end of the Free Trial period for which you registered to use the Service, or (b) the start date of any Full Knowi Service subscription ordered by you for such Service, or (c) termination by us in our sole discretion. Additional Free Trial terms and conditions may appear on the Free Trial registration web page. Any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding. We reserve the right, in our absolute discretion, to determine your eligibility for a Free Trial, and, subject to applicable laws, to withdraw or to modify a Free Trial at any time without prior notice and with no liability, to the greatest extent permitted under law. ANY DATA YOU ENTER INTO THE SERVICE, AND ANY CONFIGURATION CHANGES MADE TO THE SERVICE BY OR FOR YOU, DURING YOUR FREE TRIAL WILL BE PERMANENTLY LOST UNLESS YOU PURCHASE A SUBSCRIPTION TO THE SAME SERVICE AS THOSE COVERED BY THE FREE TRIAL OR EXPORT SUCH DATA, BEFORE THE END OF THE FREE TRIAL PERIOD. IF YOUR SUBSCRIPTION DOES NOT INCLUDE FEATURES AVAILABLE IN THE FREE TRIAL, YOU MUST EXPORT YOUR DATA BEFORE THE END OF THE TRIAL PERIOD OR YOUR DATA WILL BE PERMANENTLY LOST. Please review the applicable Documentation for the Service during the Free Trial period so that you become familiar with the functionality and features of the Service before you make your purchase.
Your Responsibilities relating to Use of the Services.
- Passwords and Account.
  
  To obtain access to certain Services, you will be required to obtain an Account with Knowi by completing a registration form and designating a user ID and password. Until you apply for and are approved for an Account, your access to the Services will be limited to those areas of the Services, if any, that Knowi makes available to the general public. You agree and represent that all registration information you provide is accurate, complete, and current, and that you will update it promptly when that information changes. Knowi may withdraw Account approval at any time in its sole discretion, with or without cause. You are responsible for safeguarding the confidentiality of your User ID and passwords, and for all activities that take place with your Account. Knowi will not be liable for any loss or damage arising from any unauthorized use of your Account.
- Notices from Knowi.
  
  You acknowledge that once you have registered with us, we may send you communications or data regarding the Services using electronic means. These may include, but are not limited to (i) notices about your use of the Services, including any notices concerning violations of use, (ii) updates to the Services, (iii) promotional information and materials regarding Knowi's products and services, and information the law requires us to provide. We give you the opportunity to opt-out of receiving certain of these communications from us by following the opt-out instructions provided in the message. However, even if you opt-out, you understand that we may continue to provide you with required information by e-mail at the address you specified when you signed up for the Services or via access to a website that we identify. Notices we e-mail to you will be deemed given and received when the e-mail is sent. If you don't agree to receive required notices via e-mail, you must stop using the Services. If you provide Knowi with legal notices, you must transmit it to us via email to [email protected]. Any such notice, in either case, must specifically reference that it is a notice given under these Terms.
- Notices from You regarding Unauthorized Use.
  
  You agree to notify us promptly in writing when you become aware of any unauthorized use of an Account, the Content or the Services, including if you suspect there has been any loss, theft or other security breach of your password or user ID. If there is an unauthorized use by a third party which obtained access to the Services through you or your Users, whether directly or indirectly, you agree to take all steps necessary to terminate the unauthorized use. You also agree to provide Knowi with any cooperation and assistance related to that unauthorized use which we reasonably request.
- Content.
  
  Knowi does not monitor any data transmitted or processed hrough, or stored in, the Services. You agree that you:
  - are responsible for the accuracy and quality of all Content that is transmitted or processed through, or stored in, your Account;
  - will ensure that the Content (including its storage and transmission) complies with these Terms, and applicable laws and regulations;
  - will promptly handle and resolve any notices and claims from a third party claiming that any Content violates that party's rights, including regarding take-down notices pursuant to the Digital Millennium Copyright Act;
  - will maintain appropriate security, protection and backup copies of the Content, which may include (A) the use of encryption technology to protect the Content from unauthorized access and (B) routine archiving of the Content. Knowi will have no liability of any kind as a result of any deletion, loss, correction, or destruction of Content or damage to or failure to store or encrypt any Content.
- Use Restrictions.
  
  You are responsible for Users' compliance with these Terms and for the quality, accuracy and legality of the Content. You will not, and will ensure that your Users do not
  - use the Services in any manner or for any purpose other than as expressly permitted by these Terms including, without limitation, allowing Power Users to use the logins of your Business Partner Users;
  - sell, rent, resell, lease, or sublicense the Services to any third party;
  - modify, tamper with or otherwise create derivative works of the Services;
  - reverse engineer, disassemble or decompile the Services, or attempt to derive source code from the Services;
  - remove, obscure or alter any proprietary right notice related to the Services;
  - use the Services to send unsolicited or unauthorized junk mail, spam, chain letters, pyramid schemes or any other form of duplicative or unsolicited messages;
  - store or transmit Content: (A) containing unlawful, defamatory, threatening, pornographic, abusive, or libelous material, (B) containing any material that encourages conduct that could constitute a criminal offense, or (C) that violates the intellectual property rights or rights to the publicity or privacy of others;
  - use the Services to store or transmit viruses, worms, time bombs, Trojan horses or other harmful or malicious code, files, scripts, agents or programs;
  - interfere with or disrupt servers or networks connected to the Services or the access by other Knowi client to the servers or networks, or violate the regulations, policies or procedures of those networks;
  - access or attempt to access Knowi's other accounts, computer systems or networks not covered by these Terms, through password mining or any other means; or
  - access or use the Services in a way intended to avoid incurring fees, exceeding usage limits and the like.
- Third Party Services and Content.
  
  All transactions using the Services are between the transacting parties only. The Services may contain features and functionalities linking or providing you with certain functionality and access to third party content, including Web sites, directories, servers, networks, systems, information and databases, applications, software, programs, products or services, and the Internet as a whole. You acknowledge that Knowi is not responsible for such content or services. We may also provide some content to you as part of the Services. However, Knowi is neither an agent of any transacting party nor a direct party in any such transaction. Any of those activities, and any terms associated with those activities, are solely between you and the applicable third-party. Similarly, we are not responsible for any third party content you access with the Services, and you irrevocably waive any claim against Knowi with respect to such sites and third-party content. Knowi has no liability, obligation or responsibility for any such correspondence, purchase or promotion between Customer and any such third-party. You are solely responsible for making whatever investigation you feel is necessary or appropriate before proceeding with any transaction with any of these third parties and your dealings with any third party related to the Services, whether online or offline, including the delivery of and payment for goods and services. In the event you have any problems resulting from your use of a third party service, or suffer data loss or other losses as a result of problems with any of your other service providers or any third-party services, we are not responsible unless the problem was the direct result of our breaches.
Fees and Payment
- Fees.
  
  You agree to pay, using a valid credit card (or other form of payment which we may accept from time to time), the charges and fees (such as recurring monthly or annual fees) set forth in Schedule A, Taxes (as defined below), and other charges and fees incurred in order to access the Services. You will pay Fees in the currency we quoted for your account (and we reserve the right to change the quoted currency at any time). We will automatically charge your credit card or other account at the start of the billing period and at the start of each renewal period. Except as specifically set forth in this section, all Services are prepaid for the period selected (monthly, annually or otherwise) and are non-refundable. This includes accounts that are renewed.
- Fees for Upgrade.
  
  If you upgrade or expand consumption of the Services , additional fees may be due at Knowi's then-current pricing. If additional fees are due, those fees will be immediately charged to your credit card or other account and will apply for the entire month in which the Services Upgrade occurred. If you have paid for an annual period, Services Upgrades will be coterminous with the affected Services period.
- Fee Increases.
  
  We will notify you in advance, either through a posting on this Website or by email to the address you have most recently provided to us, if we increase Fees or institute new charges or fees. Any increase in Fees will take effect at the beginning of the next renewal subscription term for the Services. For example, if you pay monthly, your use of the Services will be charged at the new price when Services are renewed in the month that follows the notice. If you don't agree to these changes, you must cancel and stop using the Services.
- Invoicing and Payment Terms.
  
  You agree to keep all information in your billing account current. You may change your payment method or modify your billing account information at any time by using the means provided on the Website. Your notice to us will not affect charges we submit to your billing account before we reasonably could act on your request. In the event that we invoice you, then all fees will be due and payable upon receipt. We reserve the right to charge, and you agree to pay, a late fee on past due amounts. The late fee will be equal to the lesser of 1.5% of the unpaid amount each month or the maximum amount allowed by applicable law. We may use a third party to collect past due amounts. You must pay for all reasonable costs we incur to collect any past due amounts, including reasonable attorneys' fees and other legal fees and costs. In addition, we may suspend your access to the Services, or cancel the Services, if your account is past due.
- Taxes.
  
  Fees are exclusive of Taxes and you will pay or reimburse Knowi for all Taxes arising out of these Terms, whether assessed at the time of your purchase or are thereafter determined to have been due. For purposes of these Terms, "Taxes" means any sales, use and other taxes (other than taxes on Knowi's income), export and import fees, customs duties and similar charges applicable to the transactions contemplated by these Terms that are imposed by any government or other authority. You agree to promptly provide Knowi with legally sufficient tax exemption certificates for each taxing jurisdiction for which you claim exemption.
Cancellation of Services

To cancel the Services, you must provide us with at least 30 days' notice and follow the process we specify on the Website. If you cancel, the Services will end at the end of your current Services period following the 30 days' notice. If you fail to cancel as required, we will automatically renew the Service for the same term and will charge your payment information on file with us commencing on the first day of the renewal term.
Confidentiality
- Description of Confidential Information.
  
  In connection with each party's rights and obligations under these Terms, each party (as the "disclosing party") may disclose to the other party (as the "recipient") certain of its confidential or proprietary information ("Confidential Information"). In the case of Knowi, the Services, these Terms and any other proprietary or confidential information we provide to you constitute Knowi Confidential Information. In the case of Customer, Content provided to Knowi by Customer constitutes Customer Confidential Information.
- Protection of Confidential Information.
  
  Each party as recipient agrees: (i) to exercise at least the same degree of care to safeguard Confidential Information of the disclosing party as the recipient exercises to safeguard the confidentiality of its own confidential information, but not less than reasonable care; (ii) to use the disclosing party's Confidential Information only in connection with exercising its rights and performing its obligations under these Terms; and (iii) to not disclose or disseminate the disclosing party's Confidential Information to any third party and that the only employees and contractors who will have access to the disclosing party's Confidential Information will be those with a need to know who have agreed to abide by the obligations set forth in this Section pursuant to a written confidentiality agreement.
- Protection of Content.
  
  We agree to maintain appropriate administrative, physical, and technical safeguards to protect the security, confidentiality, and integrity of the Content. The third party data center providers utilized by Knowi in the provision of the Services will maintain at a minimum SSAE 16 audit certification or its equivalent. Except as requested by you in connection with customer support, we will not (i) modify Content, (ii) disclose Content except pursuant to the requirements of a governmental agency, by operation of law, to investigate occurrences that may involve violations of system or network security, or as you expressly permit in writing, or (iii) access Content except to provide the Services or to address other service or technical problems.
- >Exceptions to Confidentiality.
  
  Information will not be deemed Confidential Information of either of us under these Terms if such information: (i) is or becomes rightfully known to the recipient without any obligation of confidentiality or breach of these Terms; (ii) becomes publicly known or otherwise ceases to be secret or confidential, except through a breach of these Terms by the recipient of such Confidential Information; or (iii) is independently developed by the recipient of such Confidential Information without breach of these Terms. Confidential Information will remain the property of the disclosing party.
Ownership
- Ownership by Customer.
  
  As between Customer and Knowi, Customer or its licensors own all right, title and interest in and to the Content. Customer hereby grants Knowi the right to transmit, use, modify, adapt, reproduce, display or disclose the Content solely (i) to provide the Services to Customer or any User, (ii) to comply with any request of a governmental or regulatory body (including subpoenas or court orders) or as otherwise required by law, (iii) for statistical use (provided that such data is not personally identifiable), and (iii) as necessary to monitor and improve the Services. Customer represents and warrants that Customer has all rights in the Content necessary to grant these rights and use the Services, and that the transmission, storage, retrieval, and processing of the Content do not violate any law or these Terms.
- Ownership by Knowi.
  
  As between Knowi and Customer, Knowi or its licensors own and reserve all right, title and interest in and to the Services and all hardware, software and other items used to provide the Services. No title to or ownership of any proprietary rights related to the Services is transferred to Customer or any User pursuant to these Terms or any transaction contemplated by these Terms. Knowi reserves all rights not explicitly granted to Customer. Knowi is free to use any comments, suggestions, recommendations, and other feedback you provide with respect to the Services for any purpose, without obligation.
No Warranty

KNOWI PROVIDES THE SERVICES "AS IS," "WITH ALL FAULTS," AND "AS AVAILABLE." TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, KNOWI MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE. KNOWI SPECIFICALLY DISCLAIMS, WITHOUT LIMITATION, ANY WARRANTY THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE OR FREE OF HARMFUL COMPONENTS, THAT THE CONTENT WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED, OR ANY IMPLIED WARRANTY OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, AND ANY WARRANTY ARISING OUT OF ANY COURSE OF PERFORMANCE, COURSE OF DEALING OR USAGE OF TRADE. SOME JURISDICTIONS DO NOT ALLOW THE FOREGOING EXCLUSIONS. IN SUCH AN EVENT SUCH EXCLUSION WILL NOT APPLY SOLELY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.
Indemnification

To the maximum extent permitted by applicable law, you agree to defend, indemnify, and hold harmless Knowi, its officers, directors, employees, and agents, against any cost, loss, damage, or other liability arising from any third party demand or claim that any Content provided by you, or your use of the Services, in breach of these Terms: (a) infringes a registered patent, registered trademark, or copyright of a third party, or misappropriates a trade secret (to the extent that such misappropriation is not the result of Knowi's actions) or (b) violates applicable law or these Terms. Knowi will provide you with notification of any such claim or demand that is subject to your indemnification obligation.
Limitation of Liability

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT (a) WILL THE LIABILITY OF KNOWI, ITS AFFILIATES, OFFICERS, EMPLOYEES, OR AGENTS FOR ANY AND ALL CLAIMS RELATING TO THE SERVICES EXCEED THE GREATER OF $100.00 OR THE TOTAL AMOUNT OF FEES THAT YOU PAID US DURING THE PREVIOUS THREE MONTH PERIOD AND (b) WILL KNOWI, ITS AFFILIATES, OFFICERS, EMPLOYEES, OR AGENTS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, COVER OR CONSEQUENTIAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOST PROFITS, REVENUE, GOODWILL, USE OR CONTENT) HOWEVER CAUSED, UNDER ANY THEORY OF LIABILITY, INCLUDING, WITHOUT LIMITATION, CONTRACT, TORT, WARRANTY, NEGLIGENCE OR OTHERWISE, EVEN IF KNOWI HAS BEEN ADVISED AS TO THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE EXCLUSIONS OR LIMITATIONS MAY NOT APPLY TO YOU. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY FROM STATE TO STATE.
Suspension and Termination of your Use of the Services
- General.
  
  Knowi reserves the right to temporarily suspend or terminate your access to the Services at any time in Knowi's sole discretion, with or without cause, and with or without notice, without incurring liability of any kind. For example, we may suspend or terminate your access to or use of the Services for: (i) the actual or suspected violation of these Terms; (ii) the use of the Services in a manner that may cause Knowi to have legal liability or disrupt others' use of the Services; (iii) the suspicion or detection of any malicious code, virus or other harmful code in your Account; (iv) downtime, whether scheduled or recurring; (e) your use of excessive storage capacity or bandwidth; or (v) unplanned technical problems and outages. If, in our determination, the suspension might be indefinite or we have elected to terminate your access to the Services, we will use commercially reasonable efforts to notify you through the Services. You acknowledge that if your access to the Services is suspended or terminated, you may no longer have access to the Content that is stored with the Services.
- Termination for Lack of Activity.
  
  In addition to our other rights of termination, if your Account is not currently subject to a paid subscription plan with us, we may terminate your Account if: (i) you do not engage in any activity in the Account within 30 days after registering for the Services, or (ii) you do not engage in any activity in an Account for 120 consecutive days. In the event of such termination, any of your Content may be lost.
- Post-Termination Obligations.
  
  Upon termination of these Terms for any reason, all of your rights to use or access the Services will cease. You agree, within five days of such termination, to destroy all copies of the Software, the Documentation, and any Confidential Information of Knowi, including any Documentation in written or electronic form and any Software stored on your servers or other systems. In addition, if requested by Knowi, you will promptly provide to Knowi a written certification signed by an authorized representative certifying that all copies of the Software and any written or electronic documentation and Confidential Information of Knowi have been destroyed. For 30 days following the expiration of the Termination of these Terms or the applicable subscription term for which you have paid, and subject to your prior written request, we will grant you with limited access to the Services solely for purposes of your retrieval of the Content. After that 30-day period, Knowi has no further obligation to maintain the Content and will delete the Content unless legally prohibited.
- Survival.
  
  The terms of any sections that by their nature are intended to extend beyond termination will survive termination of these Terms for any reason.
General Provisions
- Governing Law.
  
  These Terms will be construed and enforced in all respects in accordance with the laws of the State of California, without reference to its choice of law rules. Any dispute between the parties will be brought in a court in Alameda County and each party irrevocably waives any claim that such court does not have personal jurisdiction over the party. All use of the Services is expressly governed by any applicable export and import laws, and Customer must comply with all such laws. Claims arising out or related to these terms must be filed within one year of the date on which the claim arose unless local law requires a longer time to file claims. If a claim is not filed accordingly, then it is permanently barred.
- Government Users.
  
  If you are a U.S. government entity, you acknowledge that any Software and Documentation are provided as "Commercial Items" as defined at 48 C.F.R. 2.101, and are being licensed to U.S. government end users as commercial computer software subject to the restricted rights described in 48 C.F.R. 2.101 and 12.212.
- Independent Contractors; Third Party Beneficiaries.
  
  You and we are independent contractors, and nothing in these Terms creates a partnership, employment relationship or agency. There are no third-party beneficiaries of these Terms. Knowi may subcontract portions of the Services provided that Knowi shall remain responsible for all such obligations under these Terms.
- Waiver.
  
  Our failure to enforce any of these Terms will not be considered a waiver of the right to enforce them. Our rights under these Terms will survive any termination.
- Assignment.
  
  You may not assign these Terms or your rights and obligations under them, in whole or in part, to any third party without our prior written consent, and any attempt by you to do so will be invalid.
- Severability.
  
  Should any part of these Terms be held invalid or unenforceable, that portion will be construed consistent with applicable law and the remaining portions will remain in full force and effect.
- Force Majeure.
  
  Neither party will be liable to the other for any delay or failure to perform its obligations under these Terms (excluding payment obligations) if the delay or failure arises from any cause or causes beyond that party's reasonable control.
- Public Announcement.
  
  Knowi reserves the right to release a press announcement regarding the parties' relationship, and to include Customer's name on Knowi's customer lists on Knowi's web site and in any other marketing materials.
- Entire Agreement and Changes.
  
  These Terms, including fees for Services on the Website, constitutes the entire agreement, and supersedes any and all prior agreements, between the parties with regard to the subject matter hereof. Knowi reserves the right to modify or replace these Terms at any time in its sole discretion. Knowi will indicate at the top of these Terms the date these Terms were last updated. Any changes will be effective upon posting the revised version of these Terms on the Services (or such later effective date as may be indicated at the top of the revised Terms). Customer's continued access or use of any portion of the Services constitutes Customer's acceptance of such changes. If Customer doesn't agree to any of the changes, Customer must cancel and stop using the Services.
- Privacy.
  
  In order to operate and provide the Services, Knowi collect certain information about Customer. As part of the Services, Knowi may also automatically upload information about Customer's computer or other device, Customer's use of the Services, and the Services performance. Knowi will use and protect that information as described in the privacy policy located on the Website ("Privacy Policy"). Customer further acknowledges and agrees that Knowi may access or disclose information about Customer, including the content of Customer communications, in order to: (i) comply with the law or respond to lawful requests or legal process; (ii) protect the rights or property of Knowi or Knowi's customers, including the enforcement of Knowi's agreements or policies governing Customer's use of the Services; or (iii) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Knowi employees, customers, or the public.
- DMCA.
  
  We respect the intellectual property of others, and reserve the right to delete or disable Content that appears to violate these terms or applicable law. The Digital Millennium Copyright Act of 1998 (the "DMCA") provides recourse for copyright owners who believe that material appearing on the Internet infringes their rights under U.S. copyright law. If you believe in good faith that Content infringes your copyright, you (or your agent) may send us a notice requesting that the Content be removed or access to it blocked. Federal law requires that your notification include the following information: (i) a physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed; (ii) identification of the copyrighted work claimed to have been infringed or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site; (iii) identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled and information reasonably sufficient to permit us to locate the material; (iv) information reasonably sufficient to permit us to contact you, such as an address, telephone number, and, if available, an electronic mail; (v) a statement that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law; and (vi) a statement that the information in the notification is accurate, and under penalty of perjury, that you are authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

The notification must be sent to [email protected]

We provide the above contact information for purposes of the DMCA only and reserve the right to respond only to correspondence that is relevant to this purpose.

What information do we collect?

We collect information from you when you register on our site, products and services, place an order, subscribe to our newsletter or fill out a form. When ordering or registering on our site, as appropriate, you may be asked to enter your name, e-mail address or credit card information. You may, however, visit our site anonymously.

What do we use your information for?

Any of the information we collect from you may be used to personalize your experience, to improve our service offerings or to improve customer service, or to process transactions or to send periodic emails if indicated as such or transactional emails pertaining your order.

Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.

How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information. We offer the use of a secure server. All supplied data and sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential.

After a transaction, your credit card information will not be stored on our servers.

Do we use cookies?

Yes (Cookies are small files that a site or its service provider transfers to your computers hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information

We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

Do we disclose any information to outside parties?

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

California Online Privacy Protection Act Compliance

Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent.

Childrens Online Privacy Protection Act Compliance

We are in compliance with the requirements of COPPA (Childrens Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.

Online Privacy Policy Only

This online privacy policy applies only to information collected through our website, products and services and not to information collected offline.

Terms and Conditions

Please also visit our Terms and Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our website, products and services.

Your Consent

By using our site, products and services you consent to our privacy policy.

Changes to our Privacy Policy

If we decide to change our privacy policy, we will post those changes on this page.

Contacting Us

If there are any questions regarding this privacy policy you may contact us by emailing us at [email protected]

MCP Server

Knowi exposes a Model Context Protocol (MCP) server that lets external AI tools ? Claude, Cursor, Copilot, or any MCP-compatible client ? operate Knowi programmatically. Instead of navigating the UI, your AI assistant creates dashboards, queries data, exports results, and manages reports through natural language.

The MCP server runs within Knowi's application server. No additional services to deploy.

For connecting Claude Code or Claude Desktop, see Claude Code Setup.

Authentication

The MCP server supports two authentication methods: MCP tokens (recommended for MCP clients) and standard bearer tokens (for programmatic use).

Option 1: MCP Token (Recommended)

Generate a long-lived MCP token from the Knowi UI. This is the recommended method for Claude Code, Claude Desktop, and other MCP clients.

Log into Knowi.
Navigate to Settings > AI Settings.
Under MCP Token, select an expiry period and click Generate Token.
Copy the token ? it is shown only once.

Use the token as a Bearer token in all MCP requests:

Authorization: Bearer YOUR_MCP_TOKEN

Security: The MCP token is a separate, revocable credential scoped to MCP endpoints only ? it cannot access the broader Management API. Generating a new token automatically revokes any previous one. Revoke at any time from AI Settings.

Option 2: Standard Bearer Token

For short-lived programmatic access, use the standard Management API login:

POST /api/2.0/login

curl -X POST https://your-instance.knowi.com/api/2.0/login \
  -H "Content-Type: application/json" \
  -d '{"clientId":"YOUR_CLIENT_ID","clientSecret":"YOUR_CLIENT_SECRET"}'

This returns a bearer token that expires after 1 hour. Request a new token when you receive a 401 response.

Endpoints

All MCP endpoints are at /api/2.0/mcp/.

Method	Endpoint	Description	Auth Required
GET	/api/2.0/mcp/health	Health check	No
POST	/api/2.0/mcp	Streamable HTTP ? all JSON-RPC methods (initialize, tools/list, tools/call)	Yes
DELETE	/api/2.0/mcp	Terminate a Streamable HTTP session	Yes
GET	/api/2.0/mcp/tools	List all available tools (REST)	Yes
GET	/api/2.0/mcp/tools/{toolName}	Get schema for a specific tool (REST)	Yes
POST	/api/2.0/mcp/tools/call	Execute a tool (REST)	Yes

Health Check

curl https://your-instance.knowi.com/api/2.0/mcp/health

Response:

{
  "status": "healthy",
  "toolCount": 31,
  "tools": ["knowi_do", "knowi_ask", "knowi_search", ...],
  "activeSessions": 0
}

List Tools

curl -H "Authorization: Bearer YOUR_TOKEN" \
  https://your-instance.knowi.com/api/2.0/mcp/tools

Returns an array of tool definitions with name, description, and input schema for each tool.

Call a Tool

Request

POST /api/2.0/mcp/tools/call

curl -X POST https://your-instance.knowi.com/api/2.0/mcp/tools/call \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "knowi_list_dashboards",
    "arguments": {}
  }'

Response

{
  "content": [
    {"type": "text", "text": "Found 3 dashboards"}
  ],
  "isError": false,
  "_meta": {
    "executionTimeMs": 245
  }
}

Available Tools

The MCP server exposes 31 tools: 3 AI-powered tools and 28 deterministic tools.

AI-Powered Tools

These tools use the AI orchestrator to interpret natural language and chain multiple operations together.

knowi_do

Execute any Knowi operation using natural language. The orchestrator routes the instruction to the appropriate internal agent(s).

Parameter	Type	Required	Description
instruction	string	Yes	Natural language instruction describing what to do
dashboardId	integer	No	Target dashboard ID for dashboard-level operations
widgetId	integer	No	Target widget ID for widget-level operations

Example:

{
  "name": "knowi_do",
  "arguments": {
    "instruction": "Create a sales dashboard with revenue trends and top products"
  }
}

Note: knowi_do blocks destructive operations (delete, remove, drop). Use knowi_delete for those.

knowi_ask

Ask a data question in natural language. The AI finds the relevant dataset, generates a query, executes it, and returns results.

Parameter	Type	Required	Description
question	string	Yes	Natural language question about your data
datasetIds	array of integers	No	Specific dataset IDs to query. If omitted, the AI searches all accessible datasets.

Example:

{
  "name": "knowi_ask",
  "arguments": {
    "question": "What were total sales last quarter?",
    "datasetIds": [456]
  }
}

Response includes the executed query, result fields, data rows, and the datasets that were searched.

knowi_search

Search across all Knowi assets using keyword or semantic search.

Parameter	Type	Required	Description
query	string	Yes	Search query
assetType	string	No	Filter by type: dashboard, widget, dataset, query, report, alert
limit	integer	No	Maximum number of results to return

Example:

{
  "name": "knowi_search",
  "arguments": {
    "query": "customer retention",
    "assetType": "dashboard"
  }
}

Deterministic Tools

These tools execute specific operations directly without AI interpretation. They are fast and predictable.

knowi_list_dashboards

List all dashboards accessible to the authenticated user. No required parameters.

{
  "name": "knowi_list_dashboards",
  "arguments": {}
}

Returns dashboard IDs, names, and widget counts.

knowi_get_data

Retrieve data from a widget or dataset.

Parameter	Type	Required	Description
widgetId	integer	No*	Widget ID to get data from
datasetId	integer	No*	Dataset ID to get data from
limit	integer	No	Maximum number of rows to return (default 100)

*One of widgetId or datasetId is required.

knowi_get_details

Get full details for any asset.

Parameter	Type	Required	Description
assetType	string	Yes	Type of asset: dashboard, widget, dataset, query, report, alert, datasource
assetId	integer	Yes	ID of the asset

Returns full metadata including schema (for datasets), widget counts (for dashboards), and configuration details.

knowi_find_widget

Find widgets by name, optionally scoped to a dashboard.

Parameter	Type	Required	Description
name	string	Yes	Widget name to search for (substring match)
dashboardId	integer	No	Limit search to a specific dashboard

Returns matching widget IDs, names, chart types, and dataset information.

knowi_push_data

Push data rows to a dataset. Creates the dataset if it does not exist.

Parameter	Type	Required	Description
datasetName	string	Yes	Name of the dataset to push data to
rows	array of objects	Yes	Data rows to push

knowi_import_file

Import file data (CSV, JSON, XML, or Excel) into a Knowi dataset. Pass inline text for CSV/JSON/XML, or base64-encoded content for Excel. Creates or updates a dataset.

Parameter	Type	Required	Description
datasetName	string	Yes	Name for the dataset to create or update
content	string	No*	Inline file content. Raw text for CSV/JSON/XML; base64-encoded binary for Excel.
fileUrl	string	No*	URL to download file from (http/https). Prefer for large files.
fileType	string	No	File format: csv, json, xml, or excel. Auto-detected if omitted.

*One of content or fileUrl is required.

knowi_export_pdf

Export a dashboard or widget as a PDF. Returns base64-encoded PDF content.

Parameter	Type	Required	Description
dashboardId	integer	No*	Dashboard to export
widgetId	integer	No*	Widget to export

*One of dashboardId or widgetId is required.

knowi_export_csv

Export a dashboard or widget as CSV. For dashboards, exports all widgets as separate CSV files. Returns base64-encoded content.

Parameter	Type	Required	Description
dashboardId	integer	No*	Dashboard to export ? each widget becomes a separate CSV
widgetId	integer	No*	Single widget to export as CSV
limit	integer	No	Max rows per widget (default 10000, max 200000)

*One of dashboardId or widgetId is required.

knowi_get_embed_url

Generate an embeddable share URL for a dashboard or widget.

Parameter	Type	Required	Description
dashboardId	integer	No*	Dashboard to share
widgetId	integer	No*	Widget to share

*One of dashboardId or widgetId is required.

knowi_create_widget

Create a visualization on a dataset. Use knowi_get_data with a small limit first to inspect field names ? the widget will show no data if field names are wrong.

Parameter	Type	Required	Description
name	string	Yes	Widget name
datasetId	integer	Yes	Dataset to visualize
chartType	string	No	Chart type: column, line, bar, pie, donut, area, scatter, heatmap, funnel, treemap, gauge, singletext, datagrid2, recommendation. Default: column
xAxis	string	No*	Field name for x-axis (exact field name from dataset). Required for chart types.
yAxis	string	No*	Field name for y-axis/value (exact field name from dataset). Required for chart types.
groupBy	string	No	Field name for grouping/legend (creates multiple series)
series	string	No	Comma-separated metric field names for multiple y-axis series
dashboardId	integer	No	Dashboard to add the widget to. If omitted, widget is created standalone.

knowi_update_widget

Update an existing widget's data transformations (filters, aggregations, sorting) and/or display settings (chart type, name). Changes are saved server-side immediately.

Parameter	Type	Required	Description
widgetId	integer	Yes	ID of the widget to update
filters	array of objects	No	Filters to apply. Each: {field, operator (=, !=, >, <, >=, <=, like, in, between), value}. Replaces existing filters.
c9ql	string	No	Raw C9QL query to set as data transformation. Replaces the entire transformation if provided.
chartType	string	No	New chart type: column, line, bar, pie, donut, area, scatter, heatmap, funnel, treemap, gauge, singletext, datagrid2
widgetName	string	No	New name for the widget
xAxis	string	No	New x-axis field (exact field name from dataset)
yAxis	string	No	New y-axis field (exact field name from dataset)
groupBy	string	No	New group-by/legend field

knowi_layout_dashboard

Set widget positions and sizes on a dashboard. Grid is 24 columns wide.

Parameter	Type	Required	Description
dashboardId	integer	Yes	Dashboard ID
widgets	array of objects	Yes	Widget positions. Each: {widgetId, col (1?24), row (1+), sizeX (1?24), sizeY (1?16)}

knowi_create_datasource

Create a new datasource connection.

Parameter	Type	Required	Description
name	string	Yes	Name for the datasource
datasourceType	string	Yes	Type: mysql, postgresql, mongo, restapi, csv, snowflake, bigquery, redshift, elasticsearch, etc.
host	string	No	Database host
port	integer	No	Database port
dbName	string	No	Database name
dbUser	string	No	Database username
dbPassword	string	No	Database password

knowi_create_query

Create a query against a datasource.

Parameter	Type	Required	Description
name	string	Yes	Name for the query
datasourceId	integer	Yes	Datasource to query against
queryString	string	Yes	The query to execute (SQL, native query, etc.)
runNow	boolean	No	Execute the query immediately (default: true)

knowi_run

Trigger execution of a query or report.

Parameter	Type	Required	Description
queryId	integer	No*	Query to execute
reportId	integer	No*	Report to trigger

*One of queryId or reportId is required.

knowi_create_report

Create a scheduled report that sends a dashboard or widgets via Email, Slack, or Teams.

Parameter	Type	Required	Description
dashboardId	integer	No*	Dashboard to include in the report
widgetIds	array of integers	No*	Widget IDs to include (for widget-level reports)
recipients	string	No	Comma-separated email recipients. At least one delivery channel required.
slackName	string	No	Slack channel or config name (e.g. "#general", "sales-team")
teamsActionIds	array of integers	No	Teams integration IDs configured in Settings > Notifications
frequencyType	string	No	Frequency unit: minutes, hours, days, weeks, months. Default: days
frequency	integer	No	Frequency count (default: 1)
startTime	string	No	Time of day in HH:mm (24-hour). Default: 08:00
timezone	string	No	IANA timezone. Default: user's timezone
dayOfWeek	string	No	Day for weekly reports: MONDAY?SUNDAY. Default: MONDAY
dayOfMonth	integer	No	Day of month for monthly reports (1?28). Default: 1
format	string	No	Report format: pdf or image. Default: pdf
reportName	string	No	Display name for the report
subject	string	No	Email subject line
emailBody	string	No	Email body text
sendNow	boolean	No	If true, send immediately after creating. Default: false
exportCSV	boolean	No	Include CSV data export (widget-level reports only). Default: false
includeRecommendations	boolean	No	Include AI recommendations in the report. Default: false

*One of dashboardId or widgetIds is required.

knowi_update_report

Update an existing scheduled report's configuration. Only specified fields are changed.

Parameter	Type	Required	Description
reportId	integer	Yes	ID of the report to update
frequencyType	string	No	New frequency unit: minutes, hours, days, weeks, months
frequency	integer	No	New frequency count
startTime	string	No	New time of day in HH:mm (24-hour)
timezone	string	No	New timezone (IANA format)
recipients	string	No	New comma-separated email recipients (replaces existing)
subject	string	No	New email subject line
emailBody	string	No	New email body text
reportName	string	No	New report name
sendNow	boolean	No	Send immediately after updating. Default: false

knowi_create_alert

Create an alert on a dataset. Supports conditional alerts (trigger when a C9QL condition matches), data-not-updated alerts, and query error alerts.

Parameter	Type	Required	Description
datasetId	integer	Yes	Dataset to create the alert on
alertName	string	Yes	Name for the alert
alertType	string	Yes	Type of alert: conditional, data_not_updated, query_error
alertCondition	string	No*	Condition that triggers the alert (natural language or C9QL). Required for conditional alerts.
recipients	string	No	Comma-separated email addresses for notifications
subject	string	No	Email subject for alert notification
frequencyType	string	No	Check frequency: minutes, hours, days, months. Default: days
startTime	string	No	Time of day to check in HH:mm. Default: 08:00
timezone	string	No	Schedule timezone. Default: user's timezone
realtime	boolean	No	If true, evaluates every time the dataset updates. Default: false

knowi_list_alerts

List alerts accessible to the current user. Optionally filter by dataset or widget.

Parameter	Type	Required	Description
datasetId	integer	No	Filter alerts for a specific dataset
widgetId	integer	No	Filter alerts for a specific widget

knowi_test_alert

Test an alert by triggering it immediately. Sends notifications if the condition matches. Results are not recorded in the alert's history.

Parameter	Type	Required	Description
alertId	integer	Yes	ID of the alert to test

knowi_update_alert

Update an existing alert. Only specified fields are changed.

Parameter	Type	Required	Description
alertId	integer	Yes	ID of the alert to update
alertName	string	No	New name for the alert
alertCondition	string	No	New condition (natural language or C9QL)
recipients	string	No	New comma-separated email recipients (replaces existing)
subject	string	No	New email subject
frequencyType	string	No	New check frequency: minutes, hours, days, months
startTime	string	No	New time of day in HH:mm
timezone	string	No	New timezone (IANA format)
realtime	boolean	No	Toggle real-time evaluation on/off
paused	boolean	No	true to pause the alert, false to resume

knowi_ingest_document

Ingest a document (PDF, Word, CSV, Excel, images, or text) into Knowi for Q&A and data extraction. Documents are chunked, embedded, and stored for semantic search.

Parameter	Type	Required	Description
fileUrl	string	No*	URL to download the document from (http/https)
content	string	No*	Inline content. Raw text for text/CSV/Markdown; base64-encoded for binary formats (PDF, DOCX, Excel, images).
fileName	string	No	File name with extension (e.g. "report.pdf"). Required when using inline content; auto-detected from URL otherwise.

*One of fileUrl or content is required.

knowi_ask_document

Ask a natural language question against ingested documents. Returns an AI-generated answer with source citations.

Parameter	Type	Required	Description
question	string	Yes	Natural language question to ask
documentIds	array of strings	No	Specific document IDs to search. If omitted, searches all documents. Use knowi_list_documents to find IDs.

knowi_extract_document_data

Extract structured data from documents into a Knowi dataset. Define the fields to extract ? Knowi parses each document and returns structured rows that can be queried and visualized.

Parameter	Type	Required	Description
fields	string	Yes	Comma-separated field names to extract (e.g. "company_name, contract_value, start_date")
extractionPrompt	string	No	Custom prompt guiding extraction (e.g. "Parse dates as YYYY-MM-DD. Contract value should be numeric.")
documentIds	array of strings	No	Specific document IDs to extract from. If omitted, uses all documents.
detailsDepth	integer	No	Extraction thoroughness 1?20. Higher values examine more content but take longer. Default: 5
datasetName	string	No	Name for the resulting dataset. Auto-generated if omitted.

knowi_list_documents

List documents ingested into the document store. Returns document names and IDs for use with ask/extract/delete tools.

Parameter	Type	Required	Description
datasourceId	integer	No	Filter by document datasource ID. If omitted, lists all documents.
query	string	No	Filter documents by name (partial match)

knowi_delete_document

Delete an ingested document from the vector store. Requires confirmation.

Parameter	Type	Required	Description
documentId	string	Yes	Document identifier. Use knowi_list_documents to find IDs.
confirm	boolean	Yes	Must be true to confirm deletion

knowi_get_insights

Generate AI-powered insights and recommendations for a widget or dashboard. Returns observations, trends, anomalies, and actionable recommendations.

Parameter	Type	Required	Description
widgetId	integer	No*	Widget ID to analyze
dashboardId	integer	No*	Dashboard ID to analyze (all widgets)
context	string	No	Optional guidance for analysis, e.g. "focus on revenue trends"

*One of widgetId or dashboardId is required.

knowi_delete

Delete a Knowi asset. This is the only tool that performs destructive operations.

Parameter	Type	Required	Description
assetType	string	Yes	Type of asset: dashboard, widget, dataset, report, alert
assetId	integer	Yes	ID of the asset to delete
confirm	boolean	Yes	Must be true to confirm deletion

All three parameters are required. The confirm parameter must be explicitly set to true.

Streamable HTTP Transport

MCP-compatible clients (Claude Code, Claude Desktop, Cursor, etc.) connect using the Streamable HTTP transport. This uses a single POST endpoint for all operations ? no persistent connection required.

How It Works

Every MCP operation is a standard HTTP request/response. The client sends a JSON-RPC message via POST, and the server returns the result immediately. If the server restarts (e.g., during an update), the client simply retries the next request ? no reconnection needed.

Initialize

curl -X POST https://your-instance.knowi.com/api/2.0/mcp \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc": "2.0", "id": 1, "method": "initialize", "params": {}}'

Response includes a Mcp-Session-Id header. Send this header on subsequent requests.

Mcp-Session-Id: sh-1

{"jsonrpc": "2.0", "id": 1, "result": {
  "protocolVersion": "2024-11-05",
  "capabilities": {"tools": {}},
  "serverInfo": {"name": "knowi-mcp-server", "version": "1.0.0"}
}}

Call a Tool

curl -X POST https://your-instance.knowi.com/api/2.0/mcp \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -H "Mcp-Session-Id: sh-1" \
  -d '{
    "jsonrpc": "2.0",
    "id": 2,
    "method": "tools/call",
    "params": {
      "name": "knowi_list_dashboards",
      "arguments": {}
    }
  }'

JSON-RPC Methods

Method	Description
initialize	Client handshake ? returns server capabilities and protocol version
notifications/initialized	Client confirms initialization (no response, returns 204)
tools/list	List all available tools with schemas
tools/call	Execute a tool

Session Management

The server returns a Mcp-Session-Id header on every response
The client sends this header on subsequent requests for session continuity
Sessions auto-expire after 30 minutes of inactivity
The client can explicitly terminate a session with DELETE /api/2.0/mcp (include the Mcp-Session-Id header)
If the server restarts, old sessions expire ? the client automatically gets a new session on the next request

Security

Authentication Flow

MCP Token (recommended for MCP clients):

The user generates an MCP token from Settings > AI Settings > MCP Token in the Knowi UI.
Knowi revokes any existing MCP token for the user and creates a new long-lived token (configurable: 30 days to 1 year).
The user copies the token into their MCP client configuration (e.g., Claude Code, Claude Desktop) as a Bearer token.
The ManagementInterceptor validates the token, verifies it is scoped to MCP endpoints, loads the associated user (including roles, permissions, and customer context), and establishes a security session for the request.
If the token is compromised, the user revokes it from AI Settings and generates a new one. No other credentials are affected.

Standard Bearer Token (for programmatic use):

The client sends a login request with clientId and clientSecret to POST /api/2.0/login.
Knowi returns a bearer token valid for 1 hour.
When the token expires, the client must obtain a new one.

All tokens are tied to a specific user and inherit that user's full permission set. Tokens grant the same access as the user logging in through the UI.

Authorization

Every tool checks that the authenticated user has access to the requested resource before executing:

Dashboard and widget access: Validated using user.isAllowed(resourceId, assetType, write), the same authorization check used throughout Knowi's UI and API.
Dataset access: Validated by matching the dataset's customer ID against the user's customer ID. A user cannot access datasets belonging to a different organization.
Datasource access: Validated by customer ID ownership. Creating datasources scopes them to the authenticated user's organization.

Access denied errors are logged with user ID and the resource that was requested.

Data Flow and AI Provider Implications

Understanding what data is sent where is critical for security evaluation. When using the MCP server, there are two separate data flows:

Flow 1: Tool responses to the MCP client. Every tool ? deterministic and AI-powered ? returns results to the calling MCP client (e.g., Claude Code, Claude Desktop, Cursor). These results may contain actual data rows, dashboard metadata, field names, and generated insights. The client's LLM sees this data. For example, if you ask Claude Code to get data from a widget, the data rows are returned to Claude, which runs on Anthropic's infrastructure. This is inherent to MCP ? the client must receive the results to act on them.

Flow 2: Knowi's internal AI processing. AI-powered tools (knowi_do, knowi_ask, knowi_search) additionally send data to Knowi's configured AI model for reasoning (SQL generation, chart type selection, etc.). Where this data goes depends on the configured provider:

Knowi Internal: Data stays within Knowi's infrastructure for AI processing.
OpenAI / Anthropic: Data is also sent to the external provider's API.

See AI Model Providers to configure which provider Knowi uses internally.

Deterministic tools (knowi_list_dashboards, knowi_get_data, knowi_push_data, etc.) do not invoke any AI model on Knowi's side ? they execute directly against Knowi's services. However, their results are still returned to the MCP client.

What the AI model on Knowi's side receives (Flow 2 only):

Sent to Knowi's AI Model	NOT Sent to Knowi's AI Model
Dataset schema (field names and types)	Database credentials or connection strings
Sample data rows (truncated to fit context window)	User authentication tokens or passwords
The user's natural language instruction	Data from other organizations
Widget metadata (chart type, settings)	System configuration or server internals

Security implication: Even if Knowi is configured with its internal AI provider, using the MCP server means data flows to the MCP client's infrastructure. Evaluate whether the data accessible through your Management API credentials is appropriate for transmission to the client platform you are using. For maximum data isolation, use Knowi's in-product agents (Dashboard and Widget AI Assistants) instead of MCP.

Input Validation and Prompt Injection

All inputs to AI-powered tools are validated before execution:

Tool name whitelisting: Only the 15 registered tool names are accepted. Any other tool name returns a 404 error.

Instruction length limit: Natural language instructions are capped at 2,000 characters.

Prompt injection detection: Instructions are scanned against patterns known to indicate prompt injection attempts, including:

"ignore previous instructions"
"system prompt"
"you are now" / "act as" / "pretend"
"disregard" / "override" / "forget"
"reveal the/your/system"
"jailbreak" / "DAN"

Matching instructions are rejected with an error before reaching the AI model.

Input sanitization: Control characters (ASCII 0x00-0x08, 0x0B, 0x0C, 0x0E-0x1F, 0x7F) are stripped from all string arguments.

Destructive Operation Safeguards

The knowi_do tool scans instructions for destructive intent (delete, remove, drop, destroy, purge, wipe). If detected, the request is blocked and the user is directed to use the explicit knowi_delete tool instead.

The knowi_delete tool requires three explicit parameters ? assetType, assetId, and confirm: true ? preventing accidental or AI-hallucinated deletions. All three parameters must be provided; omitting any one causes the request to fail.

Session Security

Streamable HTTP sessions are bound to the authenticated user. Each session receives a unique Mcp-Session-Id and validates that subsequent requests come from the same user who created the session. A valid bearer token is required for every request ? session IDs alone do not grant access.

Sessions auto-expire after 30 minutes of inactivity and can be explicitly terminated by the client.

Audit Logging

All agent executions are logged with:

The user's input prompt
Success or failure status
Agent response
Execution time in milliseconds
Associated resource IDs (dashboard, widget, dataset)

MCP tool calls are logged with the tool name, success status, and execution time. Logs are available to account administrators.

Data Exposure Controls

Data returned by tools is truncated by default:

knowi_get_data returns a maximum of 100 rows by default (configurable via the limit parameter).
knowi_ask returns a maximum of 100 rows.
AI-powered recommendations truncate data to fit the AI model's context window, iteratively reducing rows until the prompt fits.

The response includes totalRows and returnedRows counts so the caller knows if data was truncated.

Known Limitations

No per-user rate limiting: The MCP server does not enforce per-user rate limits on tool calls. Rate limiting should be applied at the network layer (e.g., API gateway, reverse proxy) for production deployments.
Token scoping: Bearer tokens inherit the user's full permission set. There is no mechanism to create a token scoped to specific tools or read-only access.
One MCP token per user: Registering a new MCP token revokes the previous one. A user cannot have multiple active MCP tokens simultaneously.

Error Handling

Errors are returned in the MCP response format:

{
  "content": [
    {"type": "text", "text": "Access denied: you do not have permission to access dashboard 12345"}
  ],
  "isError": true
}

Common error scenarios:

Error	Cause	Resolution
401 Unauthorized	Token expired or invalid	Generate a new MCP token from Settings > AI Settings
Access denied	User lacks permission for the requested resource	Check user permissions in Knowi settings
Tool not found	Invalid tool name in request	Use /api/2.0/mcp/tools to list valid tool names
Validation error	Missing required parameters	Check tool schema for required fields
Instruction blocked	Destructive instruction sent to knowi_do	Use knowi_delete for delete operations

Rate Limits

AI-powered tools (knowi_do, knowi_ask, knowi_search) consume agent calls, which are metered based on your plan. Deterministic tools are unlimited.

See your account settings for current usage and limits.