Security designed for sensitive workflows

We focus on practical safeguards. Clear boundaries. Minimal access. You stay in control.

Data boundaries

Your data is isolated at the user level. No cross-user data access, ever. Each account is a separate, secure boundary.

User-level isolation
Your data is separate from other users. Complete isolation.
Access control
Authentication with strong passwords. Optional two-factor authentication.
Encryption at rest
Sensitive tokens and credentials are encrypted. API keys, OAuth tokens, and financial credentials stored securely.

Integrations safety

We use OAuth with least-privilege scopes. We request only the minimum permissions needed for each feature.

Least-privilege OAuth
When connecting Google, Gmail, or Calendar, we request only the minimum permissions needed. We don't access data we don't need.
Token handling
OAuth tokens are stored securely and encrypted. You can revoke access anytime.

Data minimization

We store what we need to run the product. Where possible, we use metadata-first approaches.

Email metadata first
For email integrations, we process metadata first. Full email content is only accessed when you explicitly forward or create tasks from emails.
Financial data
We use Plaid for bank connections. Plaid handles authentication directly with your bank. We only read transaction data. We cannot initiate transfers or payments.

AI data handling

AI processes content within bounded contexts. We send only what's necessary for each request. Your data is not used to train models.

Operational safeguards

We maintain audit logs of access and changes. Rate limiting and monitoring help prevent abuse.

Account controls

You can export your data, delete your account, or disconnect integrations at any time through your account settings.

Responsible disclosure

Security is an ongoing process. If you discover a security vulnerability, please report it responsibly.

Report Security Issues
Email: security@frameplane.com
Please include details about the vulnerability and steps to reproduce. We'll respond within 48 hours.

Have questions about security or privacy?