Security
How Compact Stays Secure
Andrew Combs · June 5, 2026
Update on June 23rd, 2026: Revisions made to clarify wording
As we move into our closed beta stage, we want to be upfront about how we handle and protect data across the platform.
AI Security
Our agents natively run Google's Gemini line of models. Per their terms of service, Gemini will not record your data or use it to train future models.
Google doesn't use your prompts (including associated system instructions, cached content, and files such as images, videos, or documents) or responses to improve our products, and will process your prompts and responses in accordance with the Data Processing Addendum for Products Where Google is a Data Processor
Document and Integration Security
Your documents and integrations will stay secure because we don't store them. The platform does not internally store any data outside of the files you specifically upload (such as playbooks) or the data it creates.
Data is only read on a need-to-use basis, accessed through secure APIs maintained by providers, and encrypted end-to-end. Your emails, documents, matters, and other materials stay where they are, and are only used in-transit and only when doing so supports your work.
Task and Deliverable Security
Tasks and deliverables may understandably contain sensitive information. Because of this, our platform has several layers of protection, including end-to-end encryption, multiple layers of authentication checks, detailed logging, secure data access policies, and using a trusted database provider.
All your tasks and deliverables are encrypted at rest. This means even our own developers can't see your data. During the beta period, as a last leg of safety, we automatically delete all non-recurring tasks and deliverables after 30 days.
Data Transparency
Beta testers will be kept updated with anything happening with their data and privacy. If you decide the platform isn't for you, you can delete all your data at any time, no questions asked.
A Final Note
We haven't yet pursued formal compliance certifications like SOC2 or ISO27001 because we're still relatively early in development. That said, we have taken considerable, concrete steps to ensure the security of your data. If you're curious, we would be happy to discuss our security in more detail. Reach out to us any time at dev@compact.legal