No hand-waving. Here's exactly how Datafense protects your data.
Do you store my emails?+
No. When your AI asks to check email or search your inbox, we fetch from Gmail, apply your permission filters, return the result to the AI, and discard it. The data exists in memory for the duration of one request, then it's gone — it never touches our database. The one exception is drafts: when your AI wants to SEND an email or create a calendar event, we hold the draft in a 'pending' table just long enough for you to click Approve or Deny. After that, it's done. Your audit log records that an action happened (e.g. 'returned 5 messages') but never the actual subjects, bodies, or contents.
How are my credentials stored?+
Your OAuth tokens are encrypted using AES encryption in Databunker, a dedicated credential vault. Our application database only stores UUID tokens that reference the encrypted records. Even if someone breached our database, they'd find only UUIDs and encrypted blobs — no usable credentials.
Can my AI agent see my passwords or OAuth tokens?+
No. Your agent never sees your credentials at any point. When your agent makes a request, Datafense retrieves the credentials from the vault, makes the API call to Gmail on your behalf, filters the response according to your rules, and returns only the filtered result. The credentials exist in memory for the duration of the API call, then they're discarded.
What happens if I don't grant a permission?+
The request is blocked. Datafense uses a default-deny model — if you haven't explicitly allowed an action, it's automatically rejected. There's no fallback, no "ask me later," no way for the agent to escalate. Denied requests are logged in your audit trail.
How do content filters work?+
Content filtering happens server-side, before the agent sees anything. When you block a keyword like "bank" or a sender like "chase.com," matching emails are silently removed from the results. The agent receives a clean response with no indication that filtered emails exist — no count, no metadata, nothing. As far as the agent knows, those emails don't exist.
How are agent API keys protected?+
Agent API keys are hashed with SHA-256 before storage. We never store the raw key — only the hash. When your agent authenticates, we hash the provided key and compare it to the stored hash. If our database were leaked, attackers would have unusable hashes, not working keys.
Can I see what my agent has accessed?+
Every request is logged in the audit trail — both granted and denied. You can see exactly what your agent asked for, what was returned, and what was blocked. This isn't just a feature; it's how you verify that Datafense is doing what it claims.
What prevents brute force attacks?+
Rate limiting is enforced at the MCP server level. Unauthenticated requests are limited to 10 per minute per IP. Authenticated requests are limited to 60 per minute per agent key. Exceeding these limits returns a 429 status with no additional information.
Is the vault accessible from the internet?+
No. The credential vault (Databunker) and the database (PostgreSQL) run on a private network with no public internet access. Only the MCP server — the single entry point — can reach them. There is no public URL, no open port, no way to query them directly.
Can I verify this myself?+
Yes. The MCP server and permission engine are open source. You can read exactly how credentials are retrieved, how permissions are checked, how filtering works, and how audit logs are written. We don't ask you to trust a black box.
What certifications and audits does Datafense have?+
We are early-stage and have not yet completed third-party security certifications. Specifically: we are working through Google's OAuth verification (you may see an "unverified app" Google warning when first connecting Gmail), we have not yet commissioned a third-party penetration test, we are not SOC 2 Type II compliant, and we do not yet carry cyber liability insurance. We plan to address all of these before exiting beta. We disclose this proactively because we'd rather lose a sign-up than mislead you about our compliance posture.