It touches your clients. So we built it to be trusted.
It sits in your meetings, your inbox, and your calendar, so we hold it to the standard those deserve: SOC 2 Type II, AES-256 encryption at rest, TLS 1.2 or higher in transit, every request scoped to your firm, and a human approval on anything that leaves the building.
An AI employee for small relationship-driven firms that keeps you in control: meetings, inbox, follow-ups, approvals, and memory in one place.
SOC 2 Type IIEncrypted in transit & at restIsolated per customerHIPAA compliant
Security & trust
It touches your clients. So we built it to be trusted.
SOC 2 Type II. AES-256 at rest, TLS 1.2 or higher in transit, scoped to your firm, and a human approval on anything sensitive.
An AI employee for small relationship-driven firms that keeps you in control: meetings, inbox, follow-ups, approvals, and memory in one place.
SOC 2 Type IIIsolated per customerHIPAA compliant
SOC 2 Type II, audited
Independently audited against the SOC 2 Trust Services Criteria for security, availability, and confidentiality. It's a continuous program, not a one-time check. We share the report under NDA.
HIPAA compliant
Our data handling meets HIPAA's privacy and security safeguards, and we sign a Business Associate Agreement (BAA) for firms that handle protected health information. Ask us for the BAA when you start.
Encrypted in transit and at rest
TLS 1.2 or higher on every connection and AES-256 encryption at rest on the database that holds your data. Certificates are monitored and auto-renewed.
Isolated to your firm
Every request runs through an ownership check before it touches a record, so one firm's data is never reachable from another. Your memory is yours, never pooled, never shared.
Human approval, full audit log
Anything client-facing stops for your one-tap approve or reject. Every proposal and every decision is written to a log you can review, line by line.
Hardened by design
Parameterized queries leave no room for injection, every webhook is signature-verified, and a web application firewall with rate limiting sits in front of the app. Secrets live in a managed vault, never in code.
Never trains shared models
Your client data is not used to train models that serve anyone else. It works for your firm only, and you can export or delete it whenever you want.
SOC 2 Type II, audited
Against the Trust Services Criteria. Report shared under NDA.
Encrypted in transit and at rest
TLS 1.2 or higher on the wire, AES-256 on the database.
Isolated to your firm
An ownership check on every request. Your memory is never pooled.
Human approval, full audit log
Sensitive actions wait for your tap. Every decision is logged.
Never trains shared models
Your client data works for your firm only.
Your controls, in one place
You decide what it can touch.
Approvals, access, and data settings live in the dashboard. Flip on a rule like require approval for client emails and it holds for every AI employee on your team.
It asks before it acts, and shows you exactly what it'll do.
On anything sensitive it proposes the action, names the exact tools it will use, and waits for you. It answers from your data, with sources, so it won't guess, and every decision is logged.
Control isn't a setting you turn on. It's how the product works.
Approval queue
Send renewal reminder to 3 clients
via Gmail · drafts personalised reminders, schedules send for 9am
Approve✓Reject
✓ Drafted reply to Dana · approved 2:14pm ✓ Filed ticket #2208 · approved 11:02am
You're always in charge
It asks before it acts.
It proposes the action, names the tools, and waits for you. It answers from your data, with sources, and logs every decision.
Send renewal reminder to 3 clients
via Gmail · schedules send for 9am
ApproveReject
Data & privacy
The details, in plain language.
Your data is yours
You own everything it captures and creates. Export it or ask us to delete it, and it's gone.
Least-privilege access
A per-request ownership guard checks that the caller owns the record before anything is read or written. The AI only reaches the tools and data you connect and permit.
Encryption everywhere
TLS 1.2 or higher in transit, AES-256 at rest, and a web application firewall with rate limiting at the edge. Secrets sit in a managed vault and are kept out of logs.
Sub-processors, listed
We publish the vendors that help run the service, and update the list when it changes. See sub-processors →
You connect a tool, you can disconnect it. It reaches nothing you have not switched on.
Need a DPA, security questionnaire, or custom data-retention terms? Talk to us →
Data & privacy
The details, in plain language.
Your data is yours
Export it or ask us to delete it, and it's gone.
Least-privilege access
Scoped and logged. Only the tools you connect.
Sub-processors, listed
We publish the vendors that run the service. See list →
We say what's live and what isn't. Zoom today; Microsoft Teams and Google Meet are coming. Honesty is part of our security story.
Security questions
The ones every firm asks.
Is my client data used to train AI models?+
No. Your data isn't used to train models that touch other customers. Your memory is isolated to your firm and works for you only.
Who can see my data?+
Only the people you give access to, scoped by role. Access is least-privilege and logged, and the AI only reaches the tools you connect and approve.
Can it send things to my clients on its own?+
Not without you. Anything sensitive or client-facing waits in an approval queue for your one-tap approve or reject, and every decision is logged.
Can I export or delete everything?+
Yes. You own what it captures and creates. Export it any time, or ask us to delete it and it's removed. Need custom retention terms? We'll set them up.
Security questions
The ones every firm asks.
Is my data used to train models?+
No. It's isolated to your firm and never trains models that touch other customers.
Who can see my data?+
Only people you give access to, scoped by role. Least-privilege and logged.
Can it message clients on its own?+
Not without you. Sensitive actions wait for your one-tap approval, and every one is logged.
Can I delete everything?+
Yes. Export any time, or ask us to delete it and it's removed.
Trusted by growing firms in agencies, advisory, staffing and more
Already putting an AI employee to work
8 hours a week backFollow-ups handled for DDReps
40+ calls written upNotes and next steps for Bear Maple
Replies already writtenDrafted in his voice for D.C. Ranieri
"It gives me back about 8 hours a week. The follow-ups go out without me, and I only step in when something needs a person."
BP
Brian Podnos President, DDReps
Trust, then hire
See how it keeps you in control.
Book a walkthrough and we'll show you the approval flow, the audit trail, and exactly where your data lives.