AAutopilotby Sophoro Labs
PrivacyTermsAcceptable UseSecurity
Open Autopilot

Sophoro Labs LLC

Security Overview

Last updated: 2026-05-28Contact: support@sophorolabs.com

This overview describes current Autopilot security practices at a high level. Security practices may change as the service evolves.

User-Approved Sending

Autopilot prepares drafts for users to review. It does not send a customer-facing reply without user action and approval. Sending is tied to an individual suggestion, not a bulk recipient list.

Connected Mailboxes

Users may connect a Google or Microsoft mailbox to send approved replies from their own account. OAuth tokens are used server-side for the authorized operation. Users can revoke access in Autopilot Settings or through their provider account; revocation may prevent connected-mailbox sending.

Data Isolation and Access

Application access is scoped by user role and client workspace. Client-scoped controls are intended to limit users to their own workspace data. Administrative access is broader and is limited to operational needs such as support, security, safety, and account management.

Infrastructure and Encryption

Autopilot is hosted on AWS. Connections to the application and API use HTTPS encryption in transit. AWS infrastructure services support compute, storage, email processing, monitoring, and service operation.

Tokens and Secrets

OAuth tokens and service secrets are stored server-side and are not exposed to the frontend. Access to tokens and secrets is limited according to system and operational need.

Logging

Operational logs and metrics support debugging, security, and reliability. Normal application logs are designed to avoid raw email bodies, OAuth tokens, service secrets, and highly sensitive content. Information may still be accessed when reasonably necessary to investigate a specific support or security issue.

AI Processing

Forwarded email content, workspace context, metadata, and drafting instructions may be processed by a configured AI provider to generate summaries and reply suggestions. Provider retention, training, and abuse-monitoring behavior depends on the provider and applicable account configuration.

Current Limitations

  • Autopilot is not currently SOC 2 certified.
  • Autopilot is not currently offered as a HIPAA or regulated-compliance service.
  • No internet service can guarantee protection against every security risk or uninterrupted availability.

Report a Security Concern

Send security questions or suspected security issues to support@sophorolabs.com. Include enough information to identify the affected account or behavior, but do not send passwords, OAuth tokens, or other secrets by email.

Autopilot© Sophoro Labs LLC
HomePrivacyTermsAcceptable UseSecurityApp