At Andsend we prioritize security and privacy for our platform, which handles sensitive communication- & contact data. Key aspects of our security approach include:
Data Isolation: Each user's connected accounts (Gmail, LinkedIn, CRM systems) are kept separate, meaning the system only accesses an individual's inbox and private LinkedIn data, not an entire company's email.
User Control over Data Syncing: Users are in control of what data from their CRM system is synced to the platform by assigning contacts to specific "playbooks."
Secure Infrastructure: All data is tightly bundled within a private Virtual Private Cloud (VPC) and data is encrypted both in transit and at rest.
Google Partnership and Validation: We’ve partnered up with Google to offer an official Gmail-integration, which requires a thorough security assessment with annual review. This included verification of our entire technical stack and security assessments conducted by a consulting firm jointly with Google. This process is referred to as a Cloud Application Security Assessment (CASA), built on the OWASP framework, and serves as an official certificate of the state of our security.
Future Certifications: While we currently prove our security posture through the Google integration, we do have SOC 2 and ISO 27001 certifications on our roadmap in the coming year, as these are necessary to secure larger clients with more stringent requirements.
Ethical AI and EU AI Act Alignment: Andsend does not automate message sending; users must always review and send messages. This aligns with ethical practices and the EU AI Act, which prohibits automated decision-making.
Limited Data Storage: While we process conversations and store labels, we generally do not store the actual message content, or we cache it for some users. For our enterprise plan customers we’re open to more granular customization to meet specific privacy requirements.
Data Minimization for AI: Modern LLM models require less data and less specific prompting to generate good results, which is simplifying privacy by allowing data to be anonymized until the very end of the process (e.g., for sending an email).
FAQ
Q: How is my data protected?
A: Please read our summary above.
Q: Will the AI read all my emails in order to get to know my style?
A: Yes Andsend reads emails for contacts and email addresses available in Andsend.
Q: How does your AI learn my communication style?
A: As you use Andsend by eg. message prompting, creating/modifying playbooks or sending messages, Andsend labels conversations and contacts with metadata about your interaction with the app, and stores short memories about the feedback and changes you make in-app.
Q: Where is my data stored?
A: Generally all data is stored in EU (with the exception of some subprocessors such as model providers). Although depending on your privacy- and cookie preferences, there will be different suprocessors processing your data. Please refer to our terms of service, privacy policy and the associated DPA for details regarding data processing and the location of your data.
Q: Are you sending it to a third party, in order to provide the AI feature?
A: Yes. We use Google, Anthropic and OpenAI to run our AI workloads.