Last updated 3 March 2026
Trust and Security at Actor
Actor helps organizations manage email, calendars, tasks, workflows, and business knowledge. Because these systems may contain sensitive business and personal information, security, privacy, and responsible AI processing are built into how Actor is designed and operated. This Trust Center explains how Actor accesses, processes, stores, protects, and shares customer data. with details and links to the documents and controls behind each claim.
01
Trust at a glance
Data ownership
Customers retain ownership and control of their data at all times.AI model training
Customer content is not used to train general-purpose AI models.⏳ Scope clarified at Section 6
Secure account access
Actor connects to Google and Microsoft using OAuth-based authorization — never stored passwords.Encryption
Data is encrypted in transit and protected at rest using industry-standard controls.Data minimization
Actor processes only the information needed to provide the features a customer has configured.Customer control
Customers can revoke connected-account access and request deletion of their Actor data at any time.
02
Services covered by this Trust Center
This page describes the practices that apply across the Actor product surface. Where a practice differs by feature or plan, that is called out directly in the relevant section.
Covered
- Actor web application
- Email management features
- Calendar management
- Tasks and reminders
- Automation Studio workflows
- Actor Library, Knowledge, and Memory
- Browser extensions
- Outlook Add-in
- APIs
- WhatsApp, Slack, Teams, and other enabled communication channels
- Mobile and desktop applications
- Support and feedback systems
Not covered
- Third-party services selected directly by customers
- Customer-managed infrastructure
- External applications connected through HTTP or webhook actions
- Beta features, unless explicitly included
03
Actor’s privacy roles
Actor as a processor
Actor generally acts as a data processor when processing data on a customer’s instructions. The customer or organization normally determines why and how this data is used.
- Email content
- Calendar information
- Contact information
- Tasks
- Customer-uploaded knowledge
- Organization memory
- Workflow inputs and outputs
Actor as a controller
Actor acts as a controller for data it collects and uses for its own business purposes, independent of customer instructions.
- Account registration data
- Website visitors
- Billing and payment records
- Sales and marketing communication
- Security logs
- Customer support contacts
- Legal and compliance records
04
How Actor processes data
1
Connect
Account authorized
2
Retrieve
Authorized data fetched
3
Process
Requested task run
4
Return
Result delivered or executed
5
Retain
Only what’s required
6
Delete
Per documented policyAuthorization
Users connect Google, Microsoft, and other services using approved, OAuth-based authorization mechanisms. No third-party passwords are collected or stored by Actor.Retrieval
Actor retrieves information according to the permissions granted by the user and the specific feature being executed — not broader access than the task requires.Processing
Information may be processed by Actor services and approved subprocessors to classify, summarize, extract, draft, search, or execute actions on the customer’s behalf.Storage
Some information is processed transiently, while other information may be stored to provide workflows, preferences, memory, knowledge, auditability, tasks, support, or account functionality. See the data handling matrix below for what is stored, and for how long, by category.Deletion
Data is deleted according to documented retention schedules, account deletion procedures, and contractual obligations. See Section 12 for retention periods and the deletion process.
Precision note
Actor does not make a blanket claim that it “never stores” email or calendar data. Storage is feature-dependent: some identifiers, interactions, notes, and user-provided content are retained to power workflows, memory, and support. The table below states this precisely, by category.
05
Data handling matrix
What Actor processes, why, whether it’s stored, and where. Some retention periods can be updated according to agreements.
| Data category | Examples | Why it’s processed | Stored? | Typical retention | Where processed |
|---|---|---|---|---|---|
| Account data | Name, business email, organization | Account management | Yes | Account lifetime + defined period | Actor infrastructure |
| OAuth credentials | Access and refresh tokens | Maintain connected accounts | Yes | Until revoked or disconnected | Secure credential storage, encryptef |
| Email content | Subject, body, sender, attachments | Classification, summaries, drafting, workflows | No | N/A | Actor + approved AI providers |
| Email metadata | Message ID, thread ID, labels | Linking actions and workflows | Yes | 30 days | Actor infrastructure |
| Calendar data | Event title, attendees, description | Scheduling and reminders | Temporary Cache / feature-dependent | 1 hour | Actor + approved providers |
| Calendar metadata | Calendar IDs, event IDs | Linking actions and workflows | Yes | 30 days | Actor infrastructure |
| Tasks | Task title, status, deadline | Task management | Temporary cache / feature-dependent | 1 hour | Actor or connected provider |
| Tasks metadata | Task Lists IDs, tasks IDs | Linking actions and workflows | Yes | 30 days | Actor infrastructure |
| Knowledge | Customer-uploaded documents and text | Retrieval and assistance | Yes | Until deleted | Actor infrastructure |
| Memory | Saved preferences and learned context | Personalization | Yes | Until deleted or expired | Actor infrastructure |
| Workflow data | Triggers, conditions, actions, execution data | Automation | Yes | Until deleted Logs 30 days | Actor infrastructure |
| Support data | Feedback, screenshots, selected email context | Troubleshooting | Yes, when submitted | 6 months | Support systems |
| Security logs | IP, authentication events, system activity | Security and fraud prevention | Yes | 30 days | Logging infrastructure |
| Actor blacklist | Email address | Security and fraud | Yes | 2 years | Actor infrastructure |
| Billing data | Plan, invoice references, payment status | Billing | Yes | Legal retention period | Actor + payment provider |
06
AI and machine-learning practices
AI providers+
Actor may use one or more AI model providers depending on customer configuration, the feature in use, region, security requirements, enterprise agreement, and model availability. The specific providers in use for your organization are listed in the subprocessors table in Section 10.
Training — stated separately by category+
- Actor’s own models: Actor does not train its own general-purpose AI models on customer content.
- External providers: Approved AI providers do not train on submitted customer content under Actor’s commercial terms with them.
- Voluntary feedback: Feedback submitted voluntarily by users (e.g. through in-product feedback tools) may be used to improve Actor.
- Aggregated usage data: Anonymized or aggregated usage data may be used to improve product performance and reliability.
- Opt-out: Where applicable, customers can contact Actor to discuss opt-out options for voluntary feedback or aggregated usage data.
AI data retention+
- Provider-side retention periods vary by AI provider and are documented in the subprocessor table.
- Abuse-monitoring retention may apply at the provider level, where offered by that provider.
- Zero-data-retention configurations are available for eligible enterprise agreements, where supported by the underlying provider.
- Whether prompts and outputs are stored by Actor itself depends on the feature — see the data handling matrix in Section 5.
- Enterprise configurations may differ from default/self-serve configurations; contact the security team for your organization’s specific setup.
Human access+
Authorized personnel may access customer information only in these circumstances:
- Customer-requested support
- Security investigation
- Legal obligations
- Explicit feedback submissions (e.g. when a user voluntarily attaches email content to a support ticket)
- Restricted, logged operational troubleshooting
Reconciliation note
Where a user voluntarily submits email content as part of a support request, that content may be reviewed by support personnel for the purpose of resolving the request. This is distinct from routine or automatic access to email content, which does not occur.
Tenant isolation+
Customer data, memory, knowledge, workflows, and retrieved context are scoped to the authorized user and organization. Data from one organization is not accessible to or used by another organization.
Automated actions+
Customers control which automated actions are enabled within their organization and remain responsible for reviewing AI-generated outputs where appropriate, particularly for actions with external or irreversible effects.
07
Security controls
Identity and access management+
- OAuth 2.0 integrations for connected accounts
- Role-based access control within Actor organizations
- Organization membership controls
- User delegation
- Privileged-access restrictions for internal systems
- Periodic access reviews
- Employee offboarding procedures
- Single sign-on (SSO) availability — plan-dependent
- Multi-factor authentication (MFA) availability
Architecture note
Where authentication is delegated to Google, Microsoft, or an enterprise identity provider, MFA and SSO are enforced at that identity provider rather than directly within Actor. This page describes the actual authentication architecture rather than implying Actor independently re-implements these controls.
Encryption and secrets management+
- Encryption in transit (TLS) for data moving between Actor, customers, and approved subprocessors
- Encryption at rest for stored customer data
- OAuth token protection using dedicated secure credential storage
- Centralized secrets management for application and infrastructure credentials
- Key access restrictions limited to authorized systems and personnel
- Key rotation practices
- Backup encryption
Application security+
- Secure development lifecycle practices
- Code review prior to merge
- Automated dependency scanning
- Static analysis
- Vulnerability scanning
- Environment separation (development, staging, production)
- Secure deployment practices
- Change management
- API security controls
Infrastructure security+
- Cloud hosting model — see Section 11 for processing locations
- Network isolation between environments
- Firewalls
- Least-privilege permissions for infrastructure access
- Infrastructure monitoring
- Patch management
- Database security controls
- Backup protection
Monitoring and logging+
- Authentication monitoring
- Logging of administrative actions
- Security event monitoring
- Service failure monitoring
- Suspicious access detection
- Restricted access to logs
- Defined log retention periods
Precision note
Actor system does not log any email content. Logging practices across application logs, error reporting, monitoring tools, queues, and support tooling are being reviewed for consistency with this statement, and this section will be updated to reflect verified scope. There are logs that include email identifiers, but not content.
Personnel security+
- Confidentiality agreements for employees and contractors
- Security awareness training
- Role-based access aligned to job function
- Background checks → currently not being taken
- Formal access approval and revocation procedures
Vulnerability management+
Actor maintains a Vulnerability Disclosure Program that defines scope, reporting rules, safe-harbor language, and the reporting process for security researchers.
08
Privacy
- Data minimization: we store only what is needed to provide Actor’s services
- Purpose limitation: data is used only for assistant features, support, security, and legal compliance
- Customer ownership: users keep control over their data and connected accounts
- User rights: access, correction, deletion, portability, objection, and consent withdrawal
- Data deletion: users can delete data and revoke connected account access at any time
- Data export: data can be exported in a structured, machine-readable format
- International transfers: protected through DPAs, SCCs, and applicable safeguards
- Government and legal requests: data is shared only when legally required
- Privacy by design: OAuth, encryption, limited access, and no LLM training on user data
- Cookies, analytics, and feedback: used to improve the product, never sold or used for advertising
09
Compliance and regulatory support
GDPR+
Actor supports customers with their GDPR obligations through contractual commitments, data-processing terms, security measures, data-subject assistance, and subprocessor transparency.
The Data Processing Agreement documents processing instructions, security measures, subprocessors, assistance obligations, deletion, audit rights, and international transfers, consistent with the technical and organizational measures expected of EU processor agreements.
Swiss FADP+
Actor applies technical and organizational measures designed to protect personal data under applicable Swiss data-protection requirements, including controls such as encryption, authentication, and anonymization identified by the Swiss FDPIC as appropriate safeguards.
CCPA / CPRA+
Actor acts as a service provider or contractor, as applicable, under the CCPA/CPRA for in-scope processing. Actor does not claim general “CCPA certification” — the CCPA does not operate as a SaaS certification scheme.
HIPAA → eligible plans only+
HIPAA-supported processing may be available to eligible Business customers under an executed Business Associate Agreement (BAA) and an approved configuration. Customers must contact Actor before using the service to process electronic protected health information (ePHI).
This is not a blanket “Actor is HIPAA compliant” claim across every plan and integration. Per HHS guidance, cloud providers and subcontractors that create, receive, maintain, or transmit ePHI generally require an appropriate BAA — even where data is encrypted or the provider lacks the encryption key. Before any ePHI processing, Actor verifies:
- Every relevant subprocessor offers a BAA
- The selected AI providers are approved for PHI
- Logging and support tools are covered
- The plan and configuration are clearly restricted to the approved scope
- A risk analysis exists
- The Actor BAA matches actual operations
Certifications and attestations
✓ Completed
Certified or independently assessed
Only completed and currently valid certifications are listed here once available.
→ Alignment
Security frameworks followed
Selected controls aligned with frameworks such as ISO 27001, NIST, CIS, or OWASP. Alignment is not the same as certification.
⏳ Planned
Planned
SOC 2 Type I, ISO 27001, and independent penetration testing are on the roadmap.Actor does not display a certification badge based solely on an underlying cloud provider’s certification.
10
Subprocessors
Every organization that may process customer data on Actor’s behalf, grouped by function. Google and Microsoft are listed separately where they act as the customer’s own independent email/calendar provider rather than as an Actor subprocessor — see the note below the table.
Core infrastructure AI processing Operations & security Optional integrations
| Legal entity | Service | Purpose | Data involved | Processing location | Transfer mechanism | Required? | Effective date |
|---|---|---|---|---|---|---|---|
| Core infrastructure — hosting, databases, storage, networking, backups | |||||||
| Google Cloud EMEA Limited / Google LLC | Google Cloud Platform | Cloud hosting, compute, databases, storage, networking, backups, and infrastructure security. | Account data, application data, configuration data, logs, metadata, encrypted backups. | EU / EEA and other Google Cloud regions depending on configuration. | DPA, SCCs, and applicable data transfer safeguards. | Yes | 15 Oct 2024 |
| Microsoft Ireland Operations Limited / Microsoft Corporation | Microsoft Azure | Cloud hosting, compute, databases, storage, networking, backups, and infrastructure security. | Account data, application data, configuration data, logs, metadata, encrypted backups. | EU / EEA and other Azure regions depending on configuration. | DPA, SCCs, and applicable data transfer safeguards. | Yes | 15 Dec 2024 |
| DigitalOcean, LLC | DigitalOcean Cloud Platform | Cloud hosting, compute, databases, storage, networking, backups, and infrastructure security. | Account data, application data, configuration data, logs, metadata, encrypted backups. | EU / EEA and other DigitalOcean regions depending on configuration. | DPA, SCCs, and applicable data transfer safeguards. | Yes | 30 Oct 2024 |
| AI processing — LLM providers, embedding providers, speech processing | |||||||
| Google Cloud EMEA Limited / Google LLC | Google Gemini / Vertex AI | AI model processing for classification, summarization, drafting, assistance, embeddings, and related AI features. | User prompts, email content selected for processing, calendar/task context, metadata, generated outputs. | EU / EEA and other Google Cloud regions depending on configuration. | DPA, SCCs, and applicable data transfer safeguards. | Yes, for AI features using Gemini | 01 Dec 2024 |
| Anthropic, PBC | Anthropic Claude | AI model processing for classification, summarization, drafting, assistance, and related AI features. | User prompts, email content selected for processing, calendar/task context, metadata, generated outputs. | United States and other locations depending on service configuration. | DPA, SCCs, and applicable data transfer safeguards. | Yes, for AI features using Claude | 12 Feb 2025 |
| OpenAI, L.L.C. | OpenAI API | AI model processing for classification, summarization, drafting, assistance, embeddings, and related AI features. | User prompts, email content selected for processing, calendar/task context, metadata, generated outputs. | United States and other locations depending on service configuration. | DPA, SCCs, and applicable data transfer safeguards. | Yes, for AI features using OpenAI | 01 Oct 2024 |
| Operations and security — monitoring, error tracking, support, auth, communication | |||||||
| Datadog, Inc. | Infrastructure and application monitoring | System monitoring, performance analytics, logs, metrics, alerting, and security monitoring. | System logs, metadata, IP addresses, device/browser data, usage events, technical identifiers. | EU / United States depending on configuration. | DPA, SCCs, and applicable data transfer safeguards. | Optional / To be confirmed | 17 May 2025 |
| Cloudflare, Inc. | CDN, DNS, security, and network protection | Content delivery, DNS, DDoS protection, firewall, bot protection, and traffic security. | IP address, request metadata, browser/device information, security logs, technical identifiers. | Global network locations. | DPA, SCCs, and applicable data transfer safeguards. | Optional / To be confirmed | 01 Oct 2024 |
| Stripe, Inc. | Payments and billing | Subscription billing, payment processing, invoices, tax handling, and fraud prevention. | Billing contact details, payment metadata, transaction data, invoice data, limited account identifiers. | EU / United States depending on configuration. | DPA, SCCs, and applicable data transfer safeguards. | Yes, for paid customers | 01 May 2025 |
| Google LLC | Google OAuth / Google Workspace APIs | Authentication and customer-authorized access to Gmail, Google Calendar, and related Google services. | Name, email address, OAuth tokens, authorized email/calendar/task data depending on granted permissions. | EU / United States and other Google locations depending on configuration. | DPA, SCCs, and applicable data transfer safeguards. | Optional, only when enabled by customer | 15 Oct 2024 |
| Microsoft Corporation | Microsoft Entra ID / Microsoft Graph APIs | Authentication and customer-authorized access to Outlook, Microsoft Calendar, users, and related Microsoft services. | Name, email address, OAuth tokens, authorized email/calendar/task data depending on granted permissions. | EU / United States and other Microsoft locations depending on configuration. | DPA, SCCs, and applicable data transfer safeguards. | Optional, only when enabled by customer | 12 Dec 2024 |
| Optional integrations — used only when a customer enables the related feature | |||||||
| Zapier, Inc. | Workflow automation integration | Optional workflow automation between Actor and third-party applications configured by the customer. | Customer-selected workflow data, metadata, account identifiers, event payloads. | United States and other locations depending on configuration. | DPA, SCCs, and applicable data transfer safeguards. | Optional | 01 Jan 2026 |
Google & Microsoft — role clarification
When Google or Microsoft provide a customer’s own email and calendar service, they act as the customer’s independent provider, not as an Actor subprocessor. When Actor itself purchases infrastructure such as Google Cloud or Microsoft Azure to operate the Actor service, that entity is listed above as an Actor subprocessor for that specific purpose.
11
Data locations and international transfers
| Processing activity | Primary location | Possible additional locations | Customer choice available? |
|---|---|---|---|
| Actor application hosting | New York | Amsterdam, Zurich | Yes, enterprise |
| Database storage | New York | Backup location New York 2 | Yes, enterprise |
| AI inference | Provider-dependent | US & EU only | Yes, enterprise |
| Monitoring and logs | New York | Amsterdam | Yes, enterprise |
| Customer support | Switzerland / EU | No |
Swiss FDPIC guidance
Cross-border data transfers require attention to the destination country’s data-protection level and the use of appropriate safeguards where that level is not deemed adequate. Actor’s transfer mechanisms are documented in the DPA.
12
Data retention and deletion
Retention categories and duration.
| Category | Retention |
|---|---|
| Account data | Until revoked or disconnected by the user. Deleted automatically in 14 days of no access |
| Connected-account tokens | Until revoked or disconnected by the user |
| Email and calendar content | 30 days Identifiers only |
| Message and event identifiers | 30 days |
| Knowledge and Memory | Until deleted by the user or organization |
| Workflow history | 30 days |
| AI prompts and outputs | 24 hours |
| Support tickets | 12 months |
| Security logs | 6 months |
| Backups | 30 days |
| Billing records | Per applicable legal retention requirements |
| Deleted accounts | 12 months Encrypted email addresses |
What happens after you request deletion+
- Entire associated data is deleted in minutes after deletion
- Backups still include configuration data during backup expiration period
Controls available to you+
- Organization administrator controls
- Revoking Google or Microsoft access directly from your account settings
- How to submit a deletion request — see Delete account documentation
13
Reliability and business continuity
- Public service status page
- Incident history
- Availability target — where contractually offered
- Continuous monitoring
- Backups and disaster recovery
- Recovery testing
- Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
- Change and release management
Precision note
Specific RTO, RPO, and uptime figures are published only once Actor can consistently meet them, and will appear here with effective dates once finalized.
14
Incident response
The process below is described at a level that’s useful for evaluation without revealing sensitive internal detail.
1
Detection
2
Escalation
3
Containment
4
Investigation
5
Notification
6
Recovery
7
Review
This covers internal escalation, containment, investigation, customer notification, regulatory cooperation where required, recovery, and a post-incident review for each confirmed security incident.
Security incident
security@actordo.comGeneral security
security@actordo.comVulnerability report
security@actordo.com
15
Security and legal documents
Public documents
Privacy PolicyView →
Terms and ConditionsView →
Subprocessor ListView →
Technical and Organizational MeasuresView →
Vulnerability Disclosure ProgramView →
Cookie PolicyView →
Data Retention Policy (summary)View →
Available on request → request access
Data Processing AgreementRequest →
HIPAA Business Associate AgreementRequest →
Detailed security architectureRequest →
Completed security questionnaireRequest →
Penetration-test executive summaryRequest →
Business continuity summaryRequest →
Incident response summaryRequest →
Vendor risk documentationRequest →
Transfer Impact AssessmentRequest →
Detailed Technical and Organizational MeasuresRequest →
Work in progress
SOC 2 Type I report⏳work in progress
ISO 27001 certification⏳ planned
16
Frequently asked questions
Does Actor store email content?+
It depends on the feature. Some email content is processed transiently to perform a requested task; other content — such as identifiers, summaries, or context needed for workflows and memory — may be stored. See the data handling matrix in Section 5 for category-by-category detail.
Which email and calendar permissions does Actor require?+
Actor requests the OAuth scopes needed for the specific features you enable. You can review and revoke these at any time from your Google or Microsoft account settings.
Does Actor use customer data to train AI models?+
Customer content is not used to train general-purpose AI models. See Section 6 for the full breakdown across Actor’s own models, external providers, voluntary feedback, and aggregated usage data.
Which AI providers does Actor use?+
The current list of AI providers is published in the subprocessors table in Section 10, and may vary by feature, region, and enterprise configuration.
Can I choose the AI provider?+
This may be configurable for certain enterprise agreements. Contact the security team to discuss options for your organization.
Can Actor employees read my email?+
Routine or automatic access to email content does not occur. Authorized personnel may access content only in specific circumstances — such as a support request where you’ve voluntarily included email content — described in Section 6.
Where is my data stored?+
See the data locations matrix in Section 11 for processing activity by location.
How long does Actor retain data?+
Retention varies by data category. See Section 12 for the full retention schedule.
How do I delete my data?+
Submit a deletion request using the form in Section 18, or through your account settings if you’re an organization administrator.
How do I revoke Google or Microsoft access?+
You can revoke Actor’s access directly from your Google Account permissions page or Microsoft account security settings at any time.
Does Actor support GDPR?+
Yes — see Section 9 for how Actor supports customer GDPR obligations through the DPA, security measures, and subprocessor transparency.
Is a DPA available?+
Yes. The Data Processing Agreement is available in Section 15.
Is Actor HIPAA compliant?+
HIPAA-supported processing may be available to eligible Business customers under an executed BAA and approved configuration. This is not available across every plan by default — see Section 9 for details and required steps before processing ePHI.
Is a BAA available?+
Yes, for Business customers. Contact the security team to begin the process — see Section 18.
Who are Actor’s subprocessors?+
The full list, grouped by function, is in Section 10.
How will I be informed about new subprocessors?+
Review this page to follow change updates regarding Section 10. Changes are communicated with a defined notice period before going live, along with an objection procedure.
Does Actor support SSO and MFA?+
Yes. SSO is available depending on plan, and MFA is enforced via your identity provider (Google, Microsoft, or enterprise SSO) where authentication is delegated to that provider. See Section 7.
How do I report a security vulnerability?+
Use the Vulnerability Disclosure Program linked in Section 15, or email security@actordo.com directly.
Does Actor undergo penetration testing?+
Independent penetration testing is being carried out repetitive. See Section 9, Certifications and attestations.
What happens when I close my account?+
See Section 12 for what happens immediately after deletion, what remains temporarily in backups, and any legal exceptions that apply.
17
Updates and change log
This demonstrates that the Trust Center is actively maintained, not a static page.
18 january 2026Trust Center launched
3 March 2026Updated retention information
18
Contact and document request
For sensitive documents, please send an email at security@actordo.com or contact us privately.