Legal
Security & Trust
How SortMeOut.Ai protects connected data, enforces draft-only execution, and maintains reliable operations.
On this page
1. Draft-only guarantee
SortMeOut.Ai never sends emails automatically. We only create drafts in your provider's Drafts folder for you to review and send.
2. What we write vs read
- Read: email content and metadata (for categorization, retrieval, and answers), calendar events (read-only), and uploaded docs.
- Write: mailbox organization actions (labels/folders, archive/move per your settings) and provider-native drafts.
3. Encryption and access controls
- OAuth tokens are encrypted at rest.
- All access is authenticated and scoped to the signed-in user.
- Admin and operational surfaces are restricted and avoid exposing secrets.
4. Auditability
We keep audit logs for security- and revenue-relevant actions, including:
- plan changes and billing reconciliation
- webhook processing failures and retries
- data source disconnects
- background job dead-lettering
- follow-up automation actions
5. Operational safeguards
- Idempotent job processing (safe retries)
- Dead-letter visibility for failed jobs
- Reconciliation jobs to repair Stripe and plan drift
- Retention policies for cleaning up old operational payloads
6. Google Workspace policy alignment
If you connect Gmail, the app requests only the permissions required for user-facing features and follows Google's API Services User Data Policy, including Limited Use and secure handling expectations for restricted scopes.
7. Data deletion and disconnect
- Disconnecting an integration stops syncing and invalidates stored tokens.
- Uploaded files can be deleted from the Files page.
- Account deletion requests can be sent to support@sortmeout.ai.