CoreEmailTriage, draft, archiveCalendarConflicts & focus timeTasksAuto-extracted from emailSMSText your assistant
WorkspaceKanbanVisual project boardsNotesCapture and organize
PlatformIntegrationsGmail, Outlook & moreHow It WorksSee the full picture
Built forFoundersReclaim your timeExecutivesStay ahead of the dayConsultantsProtect billable hoursAgency OwnersRun ops on autopilot
CompareSee All Comparisonsalfred_ vs the rest
LearnGuidesDeep dives & tutorialsHelp CenterFAQs & supportSecurityHow we protect your data
ToolsROI CalculatorSee your time savingsAboutOur story
PricingBlog

Leverage for people who bill for their time

Security

Your Data, Protected

alfred_ handles your most sensitive professional data: email, calendar, and tasks. Here's exactly how we keep it safe.

Data Encryption

At rest

All stored data encrypted with AES-256, the same standard used by banks and governments.

In transit

All connections secured with TLS 1.3. Data is encrypted between your browser, our servers, and third-party APIs.

Database

PostgreSQL with encrypted storage volumes. Automatic daily backups, also encrypted.

Authentication

OAuth 2.0

alfred_ connects to Gmail, Outlook, and Google Calendar via OAuth 2.0. We never see, store, or ask for your email password.

Scoped permissions

We request only the minimum permissions needed: read/write email and calendar access. Nothing more.

Token security

OAuth tokens are encrypted at rest and refreshed automatically. You can revoke access at any time from your provider's settings.

Data Privacy

What we access

Email metadata (sender, subject, date), email body content for AI processing, and calendar events for scheduling intelligence.

What we don't

We don't access your contacts list, files, drives, or any data outside of email and calendar.

No training on your data

Your emails, tasks, and calendar data are never used to train AI models. Your data is yours.

Infrastructure

Supabase + PostgreSQL

Production database hosted on Supabase with enterprise-grade PostgreSQL infrastructure.

Row Level Security (RLS)

Database-level access control ensures every query is scoped to the authenticated user. No cross-user data leaks.

Automatic backups

Daily automated backups with point-in-time recovery capabilities.

AI Processing

Processing-focused

AI processes your emails to categorize, summarize, and draft replies. Processing happens in real-time. We don't store raw AI conversation logs.

No data sharing

Your email content is not shared with third parties for advertising, analytics, or any purpose beyond providing alfred_ functionality.

Model providers

AI processing uses Anthropic (Claude) APIs with enterprise data protection agreements in place.

Access Control

User-level isolation

Every user's data is isolated at the database level. There is no shared data pool between accounts.

Session management

Secure session tokens with automatic expiry. Sessions are invalidated on password change or account actions.

Admin access

Internal access to production data is strictly limited, logged, and requires multi-factor authentication.

Compliance & Practices

GDPR-friendly

Data deletion on request, data export capabilities, and transparent data processing practices aligned with GDPR principles.

Data deletion

Delete your account and all associated data at any time from Account Settings. Deletion is permanent and irreversible.

Payment security

Payments processed by Stripe (PCI DSS Level 1). alfred_ never sees or stores your credit card number.

Questions About Security?

We're transparent about how we handle your data. If you have questions not covered here, reach out directly.

Reclaim Your TimePrivacy Policy

Frequently Asked Questions

Does alfred_ store my email password?

No. alfred_ uses OAuth 2.0 to connect to your email provider. We never see, ask for, or store your email password. You authorize access through Google or Microsoft's secure login flow.

Can alfred_ send emails without my permission?

No. alfred_ drafts replies for your review, but you must explicitly approve and send every message. AI assists. You decide.

Is my email data used to train AI models?

No. Your emails, calendar data, and tasks are never used to train AI models. Your data is processed only to provide alfred_ functionality and is not shared with any third party for training purposes.

How do I delete my data?

Go to Account Settings and select "Delete Account." This permanently removes all your data from our systems, including emails, tasks, calendar data, and account information. Deletion is irreversible.

What happens if alfred_ is breached?

All data at rest is encrypted with AES-256, so even in a breach scenario, data is not readable without encryption keys. We maintain security monitoring, and we would notify affected users promptly per our privacy policy.

Can I revoke alfred_'s access to my email?

Yes, at any time. You can revoke OAuth access from your Google or Microsoft account settings. You can also disconnect integrations from within alfred_'s Account Settings.

Where is my data stored?

Data is stored on Supabase-hosted PostgreSQL databases with encrypted storage volumes. Infrastructure is hosted in secure, SOC 2 compliant data centers.