Security & privacy

Enterprise-grade security for your inbox

Support teams trust InboxPilot with their most sensitive conversations. We make the security and privacy of your inbox our top priority.

Start freeTalk to our team
  • SOC 2 Type II
  • GDPR compliant
  • AES-256 encrypted
  • Scoped OAuth access

Trusted by teams at

Privacy by design

InboxPilot is designed to keep your data safe

Three commitments shape how InboxPilot handles your inbox: control, ownership, and least-privilege access.

You control every email that's sent

InboxPilot drafts replies for you to review and send. It never sends on your behalf unless you turn on auto-send for rules you define yourself.

Your data never trains AI models

Your email is used only to do your work. It is never used to train shared or third-party AI models. What's yours stays yours.

Scoped, least-privilege access

InboxPilot connects through OAuth with granular, revocable permissions and only ever accesses the data it needs to do its job.

Our principles

The principles behind our security program

Compliance by default

SOC 2 Type II certified and GDPR compliant, with encryption in transit and at rest covering everything from data handling to business continuity.

Continuous monitoring

Our systems are monitored around the clock, with audit logging and regular third-party penetration testing to stay ahead of threats.

Principle of least privilege

Access is granted strictly on a need-to-know basis. Engineers get temporary, scoped access only when it's required to support you.

How we protect your data

Security built into every layer

Encryption everywhere

Data is encrypted with AES-256 at rest and TLS 1.2+ in transit, end to end.

Scoped OAuth

Connect Gmail or Outlook with granular permissions you can revoke at any time.

Access controls

Role-based access and SSO keep your team's inbox locked down to the right people.

Data isolation

Your inbox data is logically separated and only ever accessible to your account.

Sub-processor transparency

A documented, vetted list of sub-processors, available on request.

Delete on demand

Disconnect any time and request full deletion of your data whenever you choose.

Compliance

Certified and compliant

SOC 2 Type II certified

SOC 2 Type II

Independently audited against the SOC 2 Trust Services Criteria for security, availability, and confidentiality.

GDPR compliant

GDPR compliant

Built to meet GDPR requirements for data protection, processing transparency, and your right to deletion.

Take a closer look at our security

Need our SOC 2 report, sub-processor list, or a security review for procurement? Our team will walk you through everything.

Request security documentation

Security: frequently asked questions

Yes. InboxPilot is SOC 2 Type II certified and GDPR compliant, encrypts data in transit and at rest, connects to your inbox via scoped OAuth permissions, and is monitored around the clock with regular third-party penetration testing.

Don't dread tomorrow's inbox. Put it on autopilot with InboxPilot.

Connect Gmail or Outlook and InboxPilot starts triaging and drafting in minutes.

Get started free

No credit card required

© 2026 InboxPilot. All rights reserved.

¡nboxpilot