New

InboxPilot now reads attachments & custom prompts

new-IP-logo
Inboxpilot logo

What security measures does InboxPilot have in place?

November 20th, 2024 • 8 min read

By InboxPilot Team

Categories: Security & Privacy, Compliance

What security measures does InboxPilot have in place?

InboxPilot follows industry-leading security practices and maintains key compliance certifications to keep your data safe. We work with organizations across heavily regulated sectors—including healthcare, legal, and financial services—who've carried out thorough due diligence before adopting our platform.

InboxPilot is built for privacy, security, and trust. We meet the highest industry standards and maintain ongoing security audits to ensure your data is always protected.

Security Measures

Access and Authentication

InboxPilot implements multiple layers of security to protect your data:

  • OAuth2.0 Encryption: Access to your email and calendar is encrypted using OAuth2.0, ensuring no chance of data being mixed between accounts
  • Data Encryption: All data is encrypted both in transit and at rest using enterprise-grade encryption standards
  • Infrastructure: We use Google Cloud Platform (GCP) infrastructure, which includes automatic encryption and built-in threat detection
  • Access Controls: Only authorized systems can access your data. All access is monitored and logged for security auditing
  • No Data Training: Your data is never used to train third-party AI models or shared externally
  • Single Sign-On (SSO): Supported for Enterprise users, adding another layer of secure authentication

Compliance Certifications

InboxPilot maintains the highest industry standards for security and compliance. These certifications reflect our commitment to secure data handling, ongoing audits, and best-in-class operational practices.

Certifications and Standards

InboxPilot is:

  • SOC 2 Type II certified — All operational processes meet advanced security, availability, and confidentiality standards
  • ISO/IEC 27001 certified — Internationally recognized certification ensuring systematic information security management practices
  • Fully GDPR compliant for all users
  • HIPAA compliant for eligible enterprise customers

Privacy and Data Control

Your data stays private, secure, and under your control at all times. We never access more than what's needed to deliver the features you've enabled—and never share or use your data for training external models.

Infrastructure

InboxPilot uses Google Cloud Platform (GCP) for hosting, which adheres to globally recognized security and privacy frameworks, including:

  • ISO/IEC 27001 – Information Security Management Systems (ISMS)
  • ISO/IEC 27017 – Cloud-specific security controls
  • ISO/IEC 27018 – Protection of personal data in the cloud
  • SOC 1, SOC 2, SOC 3 – Service Organization Controls reports (focused on controls over financial reporting and general security, availability, processing integrity, confidentiality, and privacy)
  • PCI DSS – Payment card data security
  • FedRAMP – U.S. government cloud security
  • HIPAA – U.S. healthcare data compliance
  • GDPR – European data privacy compliance
  • ENS High – Spain's National Security Framework
  • TISAX – Automotive industry security compliance

GCP data centres are built to Tier III or higher specifications, offering robust redundancy and uptime resilience.

Data Ownership

InboxPilot accesses your email and meeting data to provide services like drafting replies and tracking tasks or follow-ups. However, you remain the sole owner of your data at all times.

Important: InboxPilot does not send emails on your behalf—only you can review and send drafts.

Data Storage and Usage

To provide an intelligent, context-aware service, InboxPilot builds a private knowledge base from your connected inbox and meeting history. This helps us:

  • Improve draft accuracy
  • Proactively support your tasks across emails and meetings
  • Maintain context for better AI responses

All data is stored securely using encrypted infrastructure, with strict access controls and client-level segregation.

For more information, visit our Security Page for a detailed overview of security and privacy measures.

Data Deletion on Cancellation

When you uninstall or cancel your InboxPilot account, your data is automatically and securely deleted from our systems. This includes:

  • Inbox data
  • Meeting history
  • Internal knowledge records
  • Backups where applicable

Once your account is cancelled or deleted, all associated data is purged from our systems.

Access to Documentation

Security and compliance documentation is available upon request:

  • Security and compliance reports (SOC 2 Type II, ISO 27001)
  • Data Processing Addendum (DPA)
  • Additional security documentation

Contact InboxPilot's support team to request these documents.

For more technical detail, visit our Security page.