dominKnow | ONE AI Translator: Security Overview

Document Type: Customer Security Reference

Product: dominKnow | ONE AI Translator

Audience: IT, Security, and Compliance Teams

‍

Purpose

This document describes the security architecture of the dominKnow | ONE AI Translator. It is intended to help IT, security, and compliance teams understand how content ishandled, transmitted, and protected throughout the translation workflow.

‍

Service Overview

The dominKnow | ONE AI Translator is an opt-in feature that must be explicitly enabled before it can be used. Once enabled, translation is always initiated by a dominKnow | ONE user. The process is never triggered automatically.

The solution enables translation of learning content using industry-standard technologies and external translation services. Content is exported from dominKnow | ONE, translated, and returned to the originating instance with strong controls applied throughout to minimize dataexposure.

The solution is built on a foundation of established, interoperable technologies. XLIFF 2.1 is anindustry-standard format for localization data exchange that ensures only structured, explicitly defined content is included in any transfer. The PENS protocol handles secure file deliverybetween systems. Convey acts as the communication layer between dominKnow | ONE and DeepL. DeepL provides the AI-based machine translation engine, and Amazon S3 is used fortemporary file storage during processing.

‍

How the Translation Workflow Operates

When a user initiates a translation, dominKnow | ONE exports the relevant project text into anXLIFF 2.1 file. This file contains only the content required for translation. It is then transmitted securely to Convey using the PENS protocol over an encrypted HTTPS/TLS connection.

Convey passes the content to DeepL, which performs the machine translation. If the customer has configured terminology files, these are stored and processed within dominKnow | ONE and used to generate DeepL glossaries. Those glossaries are applied during translation to ensure that specific terms or phrases are rendered consistently according to the customer's requirements.

After translation is complete, the translated XLIFF file is returned from Convey to the originating dominKnow | ONE instance and imported back into the project. This return request is secured using encryption and machine-to-machine authentication. At no point does the workflow require access to anything beyond the text content submitted for translation.

‍

What Data Leaves the Platform

The translation workflow is designed around the principle of data minimization. Only the textual learning content required for translation is exported. This typically includes course text, interface labels, assessment questions, captions, and transcripts. User data, authentication credentials, system configuration, analytics, and customer infrastructure information are never included in the export.

Customers may optionally configure terminology files to control how specific terms or phrases are translated. These files are stored and processed entirely within dominKnow | ONE. They contain only word and phrase mappings and do not include course content or user data.

‍

Security Controls

Security is built into each stage of the workflow. Transport between dominKnow | ONE, Convey, and DeepL is protected using HTTPS/TLS encryption. The use of XLIFF 2.1 as the data exchange format enforces structure and predictability, ensuring only explicitly defined translation segments are ever included in a transfer.

Processing is handled through controlled, API-based integrations. Convey manages communication with DeepL, and DeepL performs translation through a dedicated API connection. Translation files are stored temporarily in Amazon S3 only for the duration of processing and are not retained beyond the needs of the workflow.

‍

DeepL Security Posture

DeepL maintains a strong enterprise security posture relevant to organizations with strict compliance requirements. Content submitted for translation is not stored or used to train DeepL's models. DeepL holds the following certifications and compliance standards:

ISO 27001 for information security management

SOC 2 Type II for security, availability, and confidentiality

GDPR compliance for EU data protection requirements

HIPAA compliance for organizations operating in regulated healthcare environments

DeepL's security practices are validated through continuous penetration testing conducted by both internal and external security experts.

‍

On-Premise and Air-Gapped Deployments

For customers operating in on-premise or air-gapped environments, the AI Translator integration is not installed as part of the dominKnow | ONE deployment. The components that connect to Convey and DeepL do not exist in these environments. This means the platform is architecturally incapable of transmitting content to external translation services, and all customer data remains entirely within the customer's controlled environment.

‍

Summary

The dominKnow | ONE AI Translator is designed so that organizations can automate translation workflows without compromising on data control. The feature is opt-in and user-initiated. Content is exported in a structured, standards-based format, transmitted over encrypted connections, processed through controlled external services, and returned to the originating platform with no user data, credentials, or system information ever leaving the environment. DeepL, as the translation engine, maintains industry-leading certifications and does not store or use submitted content for model training. For on-premise and air-gapped deployments, the integration is absent entirely, ensuring customer data never reaches external services.

‍

References

The following DeepL resources provide additional detail on their security practices and compliance posture:

DeepL Trust Center

DeepL Data Protection Strategy

DeepL SOC 2 Type II Report Overview

DeepL Security Features for Enterprise

DeepL Privacy Policy

‍

‍