Guru's Security Overview: How We Keep Your Data Safe

Last verified May 21, 2021

Guru empowers revenue teams by delivering the knowledge they need to do their jobs when they need it. The more knowledge that lives in Guru – from sales and marketing materials to HR and security policies – the more effective the network is at empowering users. When thinking about migrating a knowledge base into Guru, a common question that arises is: “Where exactly will that data be stored?”

We at Guru understand the concern for data security, and, accordingly, offer options to limit the data Guru ingests, keeping your sensitive information on premise and out of Guru’s workflow altogether. Here is how Guru actively works to protect data and deliver peace of mind to security-conscious teams.


First off, your data is safe… Period

With Guru, you can rest assured that any and all data stored in our cloud is secure. We take data security very seriously and have a dedicated team in place to govern our security policy. We not only leverage tools to encrypt data at rest and in transit, but we tightly restrict production access, and ensure that only those with need-to-know status exercise the proper read/write permissions in Guru. Read more about Guru’s security features here.

Data security is also a key consideration in all product development at Guru, and the lens through which we view potential new features. Our security program goes beyond simply achieving certifications like SOC 2; we embed security discussions into every stage of our product development process.

Even so, we understand client concerns when it comes to migrating sensitive knowledge into Guru, especially for those providers who support big brand customers with strict compliance requirements.

That syncing feeling

Among the first decisions you’ll make in restricting your sensitive data is choosing which knowledge you sync into the Guru cloud. Guru’s Sync feature enables teams to extract knowledge from external sources like Zendesk and Confluence and populate that knowledge into a Read-Only Collection within Guru. That way, Guru users can search both internal and external-facing knowledge from one place.

Sync allows you to make wholesale exports of your own knowledge into synced Guru cards – like your entire Help Center. Guru does the legwork by automatically pulling in all the knowledge that lives in a separate location and making it accessible through Guru. This functionality can give customer-facing Guru users real-time access to technical knowledge that non-customer-facing teams create in other locations without disrupting either team’s workflow.

For certain data stores, like Confluence, Guru gives users more freedom to choose which pieces of knowledge to sync and which to keep in its current cloud. This makes it possible to parse knowledge and sync only those Confluence workspaces deemed “safe” for export. By giving you control over which knowledge is synced into Guru, you can be sure that the right information lives in the proper location.

Masking and managing what Guru stores

Beyond syncing and storing knowledge, one of Guru’s key products is AI Suggest, a machine learning-powered feature that automatically provides contextually-relevant knowledge suggestions based on the contents of a given web page. AI Suggest continuously works behind the scenes of email, chat, and ticketing environments, analyzes user patterns, and serves up appropriate knowledge. Rather than reps having to go search for the answer to a customer question, AI Suggest intelligently proposes pieces of knowledge it thinks will help reps provide an answer. This functionality represents a powerful marriage of AI and knowledge management, but if done wrong, it could run the risk of pulling in sensitive data such as credit card or social security numbers.

Data masking in Guru allows you to keep this sensitive information out of Guru’s databases altogether by automatically obfuscating any numeral string over four digits or stripping email addresses. You can also modify this data masking feature to work for different values, tailoring it to recurring data formats within your particular environment. All of this obfuscation happens at the browser level before Guru even sees the data. This ensures that sensitive information never leaves the safety of your own networks and that Guru is only given the relevant information to activate AI Suggest.

By the end of 2018, Guru users will be able to control how long AI Suggest data is retained, so that after a certain period of time the data is gone entirely. Although this creates a machine learning tradeoff (AI engines need lots of data to be effective), it does allow you to achieve the right balance between user experience and security, making adjustments as you go. In the meantime, Guru can help you manually roll off old data based on your specifications. At the end of the day, it’s not our goal to access data any longer than needed, so we work with you to keep your data where it belongs.

Too much information? Not anymore

It’s often the case that more is better when it comes to knowledge, but Guru understands the fundamental concerns in sharing data. Serving your sensitive information to a third party like Guru – even if it’s only to provide easier access to your own employees – may invite questions from corporate boards, internal audit teams, or compliance personnel. Thanks to initiatives like modified Sync and data masking, we at Guru are putting the control in your hands, letting you capitalize on all that’s good about Guru without the worry of sensitive data sharing.

For more information about keeping knowledge safe in Guru, visit our Security FAQs or contact us at