Your privacy is our priority
We built Autopen with security at its core. Your emails are sensitive, and we treat them with the utmost care and respect.
AES-256 Encryption
All stored tokens and sensitive data are encrypted using AES-256, the same encryption standard used by governments and financial institutions worldwide. Data is encrypted at rest and in transit.
No AI Training on Your Data
Your email content is never used to train AI models. Period. We process your emails in real-time to generate drafts and classifications, then the content is discarded from our processing pipeline immediately.
GDPR Compliant
Full GDPR compliance with data export capabilities, right to deletion, and transparent data processing policies. You own your data and can request a complete export or deletion at any time.
SOC 2 Type II
We are currently undergoing SOC 2 Type II certification to formally validate our security controls, availability, processing integrity, confidentiality, and privacy practices.
OAuth 2.0 Authentication
We use OAuth 2.0 for all email provider connections. This means we never see or store your email password. Authentication is handled directly by Google or Microsoft, and you can revoke access at any time.
Data Isolation Per User
Each user's data is logically isolated in our infrastructure. Your emails, preferences, and AI-learned patterns are completely separated from other users with strict access controls.
Compliance & certifications
Industry-standard security practices you can trust.
AES-256
Encryption
GDPR
Compliant
OAuth 2.0
Authentication
SOC 2
In Progress
EU Hosted
Infrastructure
DPA
Available
How we handle your data
Transparency is fundamental to trust. Here is exactly what happens with your data at every step.
Authentication
You connect your Gmail or Outlook account via OAuth 2.0. We receive a secure access token - never your password. This token is encrypted with AES-256 before storage.
Email Processing
When you request an AI draft, we fetch the relevant email thread using your token. The email content is processed in memory and passed to our AI model for draft generation.
AI Generation
The AI generates a contextual draft based on the email content and your learned preferences. The original email content is discarded from our processing pipeline immediately after.
Draft Delivery
The generated draft is returned to your browser. You can review, edit, and send it with one click. We store minimal metadata for analytics but never the full email content.
Continuous Protection
All data transmissions use TLS 1.3 encryption. Access logs are monitored 24/7. Regular security audits and penetration testing ensure our defenses stay current.
Our security commitments
These are not just policies - they are promises we make to every user.
We will never sell your data to third parties.
We will never use your email content to train AI models.
We will always encrypt your data at rest and in transit.
We will always give you the ability to export or delete your data.
We will always be transparent about our data practices.
We will notify you promptly in the event of any security incident.
Questions about security?
We are happy to discuss our security practices in detail. Reach out to our team or start your free trial with confidence.