Skip to main content
This page summarizes the product controls users can see and use in Doe. For legal, compliance, or procurement review, contact security@doe.so.

Data Handling

Doe processes your data to answer questions and complete requests. Different data types have different storage behavior.
Data TypeWhat Happens
Connected appsQueried through the connected account and granted scopes
Uploaded filesStored so you can reuse, preview, search, share, and delete them
Generated filesStored when Doe saves artifacts such as spreadsheets, charts, PDFs, DOCX files, or CSVs
Chat historyStored until deleted through the product controls
Code sandbox filesTemporary inside the sandbox unless saved back as artifacts

Encryption

LayerProtection
In transitHTTPS/TLS
CredentialsEncrypted before storage with integrity verification
Database credentialsEncrypted before storage and not shown in plain text after connection

Authentication

  • Login: Google OAuth or email/password with email verification
  • Roles: Admin (full access) and Member (standard access), plus custom roles with granular permissions on enterprise plans
  • Sessions: Active sessions can be reviewed and revoked from Settings -> Security; deactivating a user logs them out of every session immediately
  • Organization isolation: Access is scoped by organization membership and permissions
  • Usage privacy: Session titles are visible only to the session owner, even in admin usage views
  • Owner authority: While a task runs, only the session owner can change its objective. Messages from external participants, such as an email CC or a Slack thread, are treated as context only and cannot redirect the work or grant permissions

File and Integration Access

File search and file access respect sharing and organization permissions. Shared files and folders can grant access to teammates or the organization, and owners control deletion. Integration access depends on:
  • The connected account
  • Granted OAuth scopes or API key permissions
  • Org-wide access settings
  • The user’s organization membership and role
  • Permissions in the connected service
Admins can disconnect integrations from Settings -> Connections. API-key and database credentials are deleted for the connection when removed.

Organization Controls

Enterprise plans add organization-level access controls: custom roles with granular permissions, guardrails that bind agent behavior for members, roles, or the whole organization, and an audit log of member, role, and guardrail changes. See Team.

Code Sandboxes

Code sandboxes are isolated and session-scoped. Agents use them for data analysis, chart creation, spreadsheet validation, and generated artifacts. Files created in a sandbox are temporary unless Doe saves them back to the conversation or Library.

Data Controls

DataRetention
Chat historyUntil deleted or account closed
Uploaded filesUntil deleted or account closed
Generated filesUntil deleted or account closed
Export assistant data or delete chats in Settings -> Data & Privacy.

AI Training

Doe does not use your workspace data to train AI models.

FAQ

Chats are private by default. Share only the conversations or files you want others to access.
Yes. Disconnect any integration in Settings -> Connections. You can also revoke OAuth access from the connected service’s own settings.
Yes. Go to Settings -> Security to log out a specific session or all other sessions.
Doe Labs maintains SOC 2 Type II certification. A copy of the current report is available to enterprise customers under NDA. Contact security@doe.so for the security packet and procurement materials.

Contact