Data Handling
Doe processes your data to answer questions and complete requests. Different data types have different storage behavior.| Data Type | What Happens |
|---|---|
| Connected apps | Queried through the connected account and granted scopes |
| Uploaded files | Stored so you can reuse, preview, search, share, and delete them |
| Generated files | Stored when Doe saves artifacts such as spreadsheets, charts, PDFs, DOCX files, or CSVs |
| Chat history | Stored until deleted through the product controls |
| Code sandbox files | Temporary inside the sandbox unless saved back as artifacts |
Encryption
| Layer | Protection |
|---|---|
| In transit | HTTPS/TLS |
| Credentials | Encrypted before storage with integrity verification |
| Database credentials | Encrypted before storage and not shown in plain text after connection |
Authentication
- Login: Google OAuth or email/password with email verification
- Roles: Admin (full access) and Member (standard access), plus custom roles with granular permissions on enterprise plans
- Sessions: Active sessions can be reviewed and revoked from Settings -> Security; deactivating a user logs them out of every session immediately
- Organization isolation: Access is scoped by organization membership and permissions
- Usage privacy: Session titles are visible only to the session owner, even in admin usage views
- Owner authority: While a task runs, only the session owner can change its objective. Messages from external participants, such as an email CC or a Slack thread, are treated as context only and cannot redirect the work or grant permissions
File and Integration Access
File search and file access respect sharing and organization permissions. Shared files and folders can grant access to teammates or the organization, and owners control deletion. Integration access depends on:- The connected account
- Granted OAuth scopes or API key permissions
- Org-wide access settings
- The user’s organization membership and role
- Permissions in the connected service
Organization Controls
Enterprise plans add organization-level access controls: custom roles with granular permissions, guardrails that bind agent behavior for members, roles, or the whole organization, and an audit log of member, role, and guardrail changes. See Team.Code Sandboxes
Code sandboxes are isolated and session-scoped. Agents use them for data analysis, chart creation, spreadsheet validation, and generated artifacts. Files created in a sandbox are temporary unless Doe saves them back to the conversation or Library.Data Controls
| Data | Retention |
|---|---|
| Chat history | Until deleted or account closed |
| Uploaded files | Until deleted or account closed |
| Generated files | Until deleted or account closed |
AI Training
FAQ
Can teammates see my private chats?
Can teammates see my private chats?
Chats are private by default. Share only the conversations or files you want others to access.
Can I revoke integration access?
Can I revoke integration access?
Yes. Disconnect any integration in Settings -> Connections. You can also revoke OAuth access from the connected service’s own settings.
Can I log out another device?
Can I log out another device?
Yes. Go to Settings -> Security to log out a specific session or all other sessions.
Are compliance certifications available?
Are compliance certifications available?
Doe Labs maintains SOC 2 Type II certification. A copy of the current report is available to enterprise customers under NDA. Contact security@doe.so for the security packet and procurement materials.
Contact
- Security questions: security@doe.so
- Enterprise inquiries: enterprise@doe.so