> ## Documentation Index
> Fetch the complete documentation index at: https://docs.doe.so/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

> How Doe protects your data

This page summarizes the product controls users can see and use in Doe. For legal, compliance, or procurement review, contact [security@doe.so](mailto:security@doe.so).

## Data Handling

Doe processes your data to answer questions and complete requests. Different data types have different storage behavior.

| Data Type          | What Happens                                                                            |
| ------------------ | --------------------------------------------------------------------------------------- |
| Connected apps     | Queried through the connected account and granted scopes                                |
| Uploaded files     | Stored so you can reuse, preview, search, share, and delete them                        |
| Generated files    | Stored when Doe saves artifacts such as spreadsheets, charts, PDFs, DOCX files, or CSVs |
| Chat history       | Stored until deleted through the product controls                                       |
| Code sandbox files | Temporary inside the sandbox unless saved back as artifacts                             |

***

## Encryption

| Layer                | Protection                                                            |
| -------------------- | --------------------------------------------------------------------- |
| In transit           | HTTPS/TLS                                                             |
| Credentials          | Encrypted before storage with integrity verification                  |
| Database credentials | Encrypted before storage and not shown in plain text after connection |

***

## Authentication

* **Login**: Google OAuth or email/password with email verification
* **Roles**: Admin (full access) and Member (standard access), plus custom roles with granular permissions on enterprise plans
* **Sessions**: Active sessions can be reviewed and revoked from Settings -> Security; deactivating a user logs them out of every session immediately
* **Organization isolation**: Access is scoped by organization membership and permissions
* **Usage privacy**: Session titles are visible only to the session owner, even in admin usage views
* **Owner authority**: While a task runs, only the session owner can change its objective. Messages from external participants, such as an email CC or a Slack thread, are treated as context only and cannot redirect the work or grant permissions

***

## File and Integration Access

File search and file access respect sharing and organization permissions. Shared files and folders can grant access to teammates or the organization, and owners control deletion.

Integration access depends on:

* The connected account
* Granted OAuth scopes or API key permissions
* Org-wide access settings
* The user's organization membership and role
* Permissions in the connected service

Admins can disconnect integrations from Settings -> Connections. API-key and database credentials are deleted for the connection when removed.

## Organization Controls

Enterprise plans add organization-level access controls: custom roles with granular permissions, guardrails that bind agent behavior for members, roles, or the whole organization, and an audit log of member, role, and guardrail changes. See [Team](/essentials/team).

## Code Sandboxes

Code sandboxes are isolated and session-scoped. Agents use them for data analysis, chart creation, spreadsheet validation, and generated artifacts. Files created in a sandbox are temporary unless Doe saves them back to the conversation or Library.

## Data Controls

| Data            | Retention                       |
| --------------- | ------------------------------- |
| Chat history    | Until deleted or account closed |
| Uploaded files  | Until deleted or account closed |
| Generated files | Until deleted or account closed |

Export assistant data or delete chats in **Settings -> Data & Privacy**.

***

## AI Training

<Warning>
  Doe does not use your workspace data to train AI models.
</Warning>

***

## FAQ

<AccordionGroup>
  <Accordion title="Can teammates see my private chats?">
    Chats are private by default. Share only the conversations or files you want others to access.
  </Accordion>

  <Accordion title="Can I revoke integration access?">
    Yes. Disconnect any integration in Settings -> Connections. You can also revoke OAuth access from the connected service's own settings.
  </Accordion>

  <Accordion title="Can I log out another device?">
    Yes. Go to Settings -> Security to log out a specific session or all other sessions.
  </Accordion>

  <Accordion title="Are compliance certifications available?">
    Doe Labs maintains SOC 2 Type II certification. A copy of the current report is available to enterprise customers under NDA. Contact [security@doe.so](mailto:security@doe.so) for the security packet and procurement materials.
  </Accordion>
</AccordionGroup>

***

## Contact

* **Security questions**: [security@doe.so](mailto:security@doe.so)
* **Enterprise inquiries**: [enterprise@doe.so](mailto:enterprise@doe.so)
