IT & Security

We will not be the reason your security review stalls.

A tool that reads drafts has to clear IT and security before anyone uses it. VerbaPulse is built to pass that review: no mail-flow change, no email storage, nothing new to host, and clear answers to every question on your questionnaire.

Book a demo → Read the security details
The concern

"Something reads our email" is a hard no by default

Any product that touches message content lands on the security team's desk, and rightly so. The default answer is no until the data path, storage, and access model are understood. Most "AI writing" tools fail here because they are vague about where content goes.

VerbaPulse is built the other way around: the smallest possible data footprint, nothing in the delivery path, and an architecture that is easy to verify. This page is the short version; the Security page has the specifics.

What actually touches your data

A deliberately small footprint

How it deploys

Nothing in the mail flow, nothing new to host

VerbaPulse runs client-side: an Outlook add-in and a Chrome extension. There is no inbound connector, no journaling rule, and no server you have to stand up or patch.

Identity, residency, paperwork

The rest of the questionnaire

For the full processing description, transport details, and sub-processor table, see the Security page, our privacy stance, and the DPA.

FAQ

Common questions

Does VerbaPulse sit in our mail flow?
No. There is no inbound connector, no journaling rule, and nothing in the delivery path. VerbaPulse runs as an Outlook add-in and a Chrome extension on the client side, analyzing the draft a user is actively writing. If VerbaPulse is unavailable, mail sends normally; it cannot delay or block delivery at the transport layer.
Where does email content go, and is it stored?
Text from the active compose window is sent over TLS to the analysis API, held in memory for the duration of the analysis, and discarded. It is never written to disk or database. Only anonymized event metadata (risk type, severity, action taken) is retained, with no message text and no named individuals.
Is our content used to train AI models?
No. Analysis runs through the OpenAI API, and OpenAI does not use API-submitted content to train its models. VerbaPulse does not train on customer content either.
Does it read all employee email or monitor inboxes?
No. VerbaPulse only sees the draft a user is actively composing. It does not scan, index, or access existing mailboxes, sent items, or background mail. There is no passive monitoring.
How is it deployed, and how much IT effort is it?
The Outlook add-in deploys org-wide from the Microsoft 365 admin center (Integrated apps), so there are no per-user installs or tickets. The Chrome extension covers Gmail and browser text fields. Setup is about five minutes per user and adds no new server to maintain.
What about SSO, provisioning, and access control?
Enterprise plans include SAML single sign-on and SCIM provisioning. The compliance policy list, NDA records, and dashboards are admin-managed; regular users cannot change organizational settings.
Can we get a DPA and complete a security questionnaire?
Yes. A Data Processing Agreement is available, and we will complete your security questionnaire. Full details on processing, transport security, sub-processors, data residency, and vulnerability disclosure are on our Security page.

Send us your security questionnaire

Book a demo →

More from VerbaPulse

Security
Processing, transport security, sub-processors, and data residency in detail.
Privacy by Design
Protects the organization without monitoring your people.
For Compliance Teams
Pre-send risk control with evidence the program works.