OppBox reads your email and your CRM · we don't get to be casual about that. This page describes the controls that actually exist, in the same plain language we use internally. No theatre, no aspirational tense.
Your email bodies are never persisted. We store signals, your actions, and lookup indices · the rest is queried live from the source.
Tenant separation is enforced by Postgres itself, not just application code · forced row-level security on every tenant table.
Salesforce access is read-only by design. OppBox cannot advance a stage, edit a record or log an activity in your CRM.
AI runs only on request, output always lands in front of you, and nothing ever sends without a person pressing send.
Every tenant table in Postgres carries a row-level security policy keyed to your workspace, with FORCE ROW LEVEL SECURITY applied · the policy binds even privileged application roles. Queries that arrive without a workspace context return zero rows rather than someone else's data.
Isolation is layered: application-level workspace scoping on every request, RLS as the database backstop, and an automated cross-tenant isolation check we run against production configuration.
OAuth tokens for your connected accounts (Gmail, Salesforce, Gong, Granola) are envelope-encrypted with AES-256-GCM · a fresh random data key per credential, wrapped by a versioned key-encryption key held outside the database.
Each ciphertext is cryptographically bound to its workspace, provider and user via GCM authenticated data. A ciphertext copied between tenant rows fails authentication and refuses to decrypt · so even a database-write bug cannot move credentials across tenants.
OppBox persists exactly three categories of data: computed signal values, your own actions (snoozes, dismissals, settings), and lightweight lookup indices for performance. Message bodies, attachments and CRM records stay in the source systems and are queried live when you view them.
Less stored data means less to breach, less to subpoena, and less to argue about in a security review.
Authentication is handled by WorkOS AuthKit · the same identity layer used by hundreds of B2B SaaS products. OppBox never sees or stores a password. Sessions are HMAC-signed, scoped to your workspace and user, and expire automatically.
Enterprise SSO (SAML / OIDC) ships with the Enterprise plan, on the same WorkOS rails.
Email access flows through Nylas, an email infrastructure provider that has passed Google's restricted-scope security verification (including its independent security assessment) for Gmail data. You grant consent through your provider's own OAuth screen and can revoke it there at any time.
Each user connects Salesforce through the standard OAuth web-server flow · no shared service accounts, no password storage. OppBox only reads: opportunities, accounts, contacts and field history. It never writes to your CRM.
Briefs and drafts are generated by Anthropic's Claude via API. Under the API terms we operate on, your data is not used to train models. AI runs only when you explicitly ask, reads only your workspace's data, and its output is always presented for your review · OppBox has no autonomous send path.
The OppBox MCP server authenticates agents with OAuth 2.1 and PKCE through the same WorkOS sign-in as the app. Access tokens are workspace-scoped and short-lived (one hour) with rotating refresh tokens. Tokens carry no provider credentials. Writes are deliberately narrow: drafts (which never send) and scheduled sends whose recipients are restricted to people already on the thread or in the deal's contacts, cancellable until release. Every write is audit-logged. An agent can never instant-send email or modify your CRM.
Every mutating action in a workspace is written to an append-only audit log · who, what, when. Workspace owners can export their data, including the audit trail, from Settings. Export for SIEM ingestion arrives with Enterprise.
All traffic is TLS. Webhooks from providers are verified with HMAC signatures before processing. API routes are rate-limited, with strict limits on authentication endpoints. Production secrets live in the hosting platform's managed environment store · never in code or version control.
Workspace owners can export workspace data and delete the workspace from Settings · deletion cascades through every tenant table. Disconnecting an integration revokes our access immediately; you can also revoke from the provider's side (Google account permissions, Salesforce connected apps) and the effect is the same.
We'd rather tell you the truth than wave a badge. Here's the honest state of our compliance work.
A SOC 2 readiness programme is underway · controls are being implemented and evidenced against the Trust Services Criteria ahead of a Type I, then Type II, audit. Ask us for the current control matrix.
EU-friendly by architecture: data minimisation, self-serve export and deletion, and provider-side revocation. A DPA is available for customers who need one · email us.
Evaluating OppBox for your org? We'll complete your security questionnaire and walk your team through the architecture · founder included. That's what Enterprise is for.
Good-faith security research is welcome. Report privately and we'll respond within two business days.