Data Ownership

Your knowledge belongs to you.

Capture it here. Take it with you.

DebriefCore helps teams capture expert knowledge before it disappears — but the knowledge itself belongs to the organization that created it. We build for human review and portability, not lock-in.

You own your approved knowledge
01Ownership principles

Ownership, by design.

What this means in practice — described plainly, matching how the product works today.

For a detailed look at how approved knowledge is governed through its full lifecycle — criticality levels, review schedules, and lifecycle states — see our guide on AI Knowledge Governance for Operational Teams.

Built around ownership

Your approved knowledge records, their review history, and your organizational context belong to your organization — not to DebriefCore.

AI drafts are not final records

AI-assisted content stays a draft until a qualified human reviews and approves it. Your team always controls what becomes official knowledge.

Approved knowledge is the source of truth

Once reviewed and approved, a record joins your knowledge base — ready to power context packs, training, handoffs, and operations.

Take it with you

Owners and admins can export approved knowledge to JSON or CSV anytime from the in-app Data Export page. Portability by design, no vendor lock-in.

02Access & accountability

Who can reach your knowledge.

Access is scoped to your organization and your roles, and important actions are recorded.

Organization data separation

Each workspace can reach only its own captures, drafts, approved knowledge, and Context Packs. Isolation is enforced at the database layer with Row Level Security.

Roles: owner, admin, member

Organizations use three roles today — owner, admin, and member. Owner and admin controls govern organization access, review workflows, billing, the activity log, and data export.

Activity log

Key actions are recorded in an append-only activity log, so owners and admins can see who captured, generated, approved, uploaded, or exported — and when.

Private reference files

Reference photos are stored privately and viewed only through short-lived signed links. They are never sent to any AI model and are never included in data exports.

03Export, deletion & retention

Getting your data out.

Honest status for each capability — available today, on request, or planned.

See our Security & Trust record
  • Approved-knowledge export (JSON / CSV)

    Owners and admins can export the organization's approved knowledge records, for the current organization only. Excludes unapproved drafts and private reference files.

    Available
  • Data deletion

    Handled on request today, in line with our Terms and Privacy Policy. Self-serve deletion is on the roadmap.

    On request
  • Retention controls

    Org-level controls for what to keep, archive, and delete are planned, not yet available.

    Planned

DebriefCore is built with security and compliance readiness principles in mind. We do not claim SOC 2, HIPAA, ISO, or FAA certification, and will not until any such audit or legal review is actually completed.

04The promise

DebriefCore exists to preserve human expertise — not to trap it.

Your approved knowledge stays yours: reviewed by your people, owned by your organization, and exportable on your terms. For data-ownership or privacy questions, contact hello@debriefcore.com.

Contact us