Trust & Security

Security

VerbaPulse is built for enterprise teams where communications are sensitive. Here is exactly how we handle your data, who has access to it, and what we do to protect it.

🔒
No email storage
Email content is processed in memory and discarded immediately after analysis. Never written to disk.
🔐
Encrypted in transit
All data moves over HTTPS/TLS 1.2+. No plaintext communication at any layer.
📊
No person-level tracking
Analytics are aggregated at the team and department level. We never surface individual user behavior.

How Email Content Is Processed

When you trigger an analysis in the Chrome Extension or Outlook Add-in, the following happens:

Your device
→ HTTPS/TLS
VerbaPulse API
→ HTTPS/TLS
OpenAI API
Text extracted from active compose window only, never background reading
Text held in memory → analysis returned → memory discarded. Nothing written to database.
Only anonymized event metadata (risk type, risk level, accept/dismiss action) is stored, never the email content itself.

Transport Security

Authentication & Access Control

Infrastructure

OpenAI Integration

VerbaPulse uses OpenAI's API (gpt-4o) to perform language risk detection. Key facts about this integration:

Sub-processors

Provider Purpose Data shared Region
Amazon Web Services Application and database hosting Account data, anonymized event logs, policy guidelines EU (Frankfurt, eu-central-1)
OpenAI Language risk analysis Email body text only (no PII) United States
SendGrid (Twilio) Transactional email delivery Recipient email address, first name United States
Google Analytics Website traffic measurement Anonymized page views (no PII) United States

We maintain a complete and up-to-date list of sub-processors. Enterprise customers may request notification of sub-processor changes by contacting [email protected].

Data Residency

VerbaPulse's application and database are hosted on AWS in the EU (Frankfurt, eu-central-1). Account data, anonymized event logs, and uploaded policy guidelines are stored in the EU. Email content is processed transiently and never stored, so data residency requirements related to persistent storage do not apply to email content.

Language risk analysis is performed by OpenAI in the United States (see Sub-processors above). Teams handling regulated or highly sensitive communications can contact us about EU-region AI processing and zero-retention options.

Vulnerability Disclosure

If you discover a security vulnerability in VerbaPulse, please report it responsibly to [email protected] with the subject line "Security Disclosure". We commit to:

We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it.

Security questions? Email [email protected]

Enterprise security review? We are happy to complete security questionnaires and provide additional documentation for enterprise procurement. Contact us to get started.