Security

Your data is yours. Here's what that means in practice.

You're about to connect a CRM full of customer contacts, an inbox full of deals, and an accounting system full of revenue. You should know how we handle it before you do. Below is exactly that, with no marketing varnish.

The short version

Four things that matter most.

One tenant per customer, enforced at the database level

Every row in every table carries a tenant id. Supabase row-level security policies prevent one customer's session from ever reading another customer's row. We test this with two-tenant checks on every migration.

Encryption in transit on every connection

TLS on every API call between your browser, our app, Supabase, and every connected source. No plaintext hops.

OAuth only for connectors

When you connect Jobber, Gmail, or QuickBooks, we never see your password. OAuth tokens are stored encrypted in Supabase and rotated when the source rotates them.

One-click disconnect and one-click delete

You can disconnect any source without contacting us. Delete your entire tenant on request and we wipe it, including raw payloads, within 30 days.

How your data moves

What happens after you hit connect.

OAuth handshake

You authorize Sully to read from your CRM, inbox, calendar, or accounting tool. The source hands us a token, not a password. We store that token encrypted in Supabase.

Raw ingest

We pull the data the source exposes to the token and store it in a tenant-scoped raw table, unmodified. This is so we can re-process if our extraction logic improves, without re-calling the source.

Canonical layer

Raw payloads are transformed into a clean schema: canonical_people, canonical_clients, canonical_jobs, canonical_communications. Same schema across every tool. This is what answers your questions.

Signal extraction

For communications (emails, meetings, calls), we send the text to Anthropic's Claude API to extract signals like sentiment, next action, and entity mentions. Anthropic does not train on content sent through the API. Prompt caching is enabled so system prompts don't get re-billed.

Answering questions

When you ask a question, we run it against your canonical tables. The answer is built from your tenant's rows. We never see another customer's data in the process.

Subprocessors

Who we share data with, and why.

Every vendor below has a written data processing agreement with us. Each one only receives the data it needs to do its job.

SupabasePostgres hosting, row-level security, auth, edge functions
VercelFrontend hosting and serverless API routes
Anthropic (Claude)LLM inference for signal extraction and question answering
ResendTransactional email (magic-link sign-in)
CloudflareDDoS protection and static asset delivery
SentryApplication error tracking
PostHogProduct analytics, self-hosted region where applicable

This list can change. When it does, we update this page and, for material changes, email active tenants.

What we don't do

The stuff the fine print is usually ambiguous about.

We do not sell your data to anyone. Not advertisers, not data brokers, not industry benchmarking firms.
We do not train any AI model on your data without explicit, per-tenant opt-in. Anthropic, our LLM provider, does not train on API content.
We do not let one customer see another customer's data. Row-level security enforces this at the database, not at the application layer.
We do not upload or share your data with advertising platforms. No Meta pixel firing on your CRM records.
We do not hold your data hostage. Disconnect and delete are both self-serve.

Where we are today

Honest about what we don't have yet.

We're a small team in beta. We don't hold SOC2. We haven't been audited by a third party. We don't run a bug bounty program yet.

What we do have: a small, senior team that reads every error that hits Sentry, a mandatory code-review pipeline, tenant isolation enforced at the database layer, encryption in transit and at rest, and a habit of writing the hardest question about safety down before we ship.

If you need a signed MSA, DPA, or security questionnaire filled out, email us. If you need us to delete your tenant and all its raw payloads, email us. If you find something that looks wrong, email us and we'll fix it.

Email the security team

Still want to know more before you connect?

The fastest way is to email us and ask. We're responsive because we're small and we care about getting this right.

Connect your CRM Read the privacy policy

Four things that matter most.

One tenant per customer, enforced at the database level

Encryption in transit on every connection

TLS on every API call between your browser, our app, Supabase, and every connected source. No plaintext hops.

OAuth only for connectors

When you connect Jobber, Gmail, or QuickBooks, we never see your password. OAuth tokens are stored encrypted in Supabase and rotated when the source rotates them.

One-click disconnect and one-click delete

You can disconnect any source without contacting us. Delete your entire tenant on request and we wipe it, including raw payloads, within 30 days.

What happens after you hit connect.

OAuth handshake

You authorize Sully to read from your CRM, inbox, calendar, or accounting tool. The source hands us a token, not a password. We store that token encrypted in Supabase.

Raw ingest

We pull the data the source exposes to the token and store it in a tenant-scoped raw table, unmodified. This is so we can re-process if our extraction logic improves, without re-calling the source.

Canonical layer

Raw payloads are transformed into a clean schema: canonical_people, canonical_clients, canonical_jobs, canonical_communications. Same schema across every tool. This is what answers your questions.

Signal extraction

Answering questions

When you ask a question, we run it against your canonical tables. The answer is built from your tenant's rows. We never see another customer's data in the process.

Who we share data with, and why.

Every vendor below has a written data processing agreement with us. Each one only receives the data it needs to do its job.

SupabasePostgres hosting, row-level security, auth, edge functions
VercelFrontend hosting and serverless API routes
Anthropic (Claude)LLM inference for signal extraction and question answering
ResendTransactional email (magic-link sign-in)
CloudflareDDoS protection and static asset delivery
SentryApplication error tracking
PostHogProduct analytics, self-hosted region where applicable

This list can change. When it does, we update this page and, for material changes, email active tenants.

The stuff the fine print is usually ambiguous about.

We do not sell your data to anyone. Not advertisers, not data brokers, not industry benchmarking firms.

We do not train any AI model on your data without explicit, per-tenant opt-in. Anthropic, our LLM provider, does not train on API content.

We do not let one customer see another customer's data. Row-level security enforces this at the database, not at the application layer.

We do not upload or share your data with advertising platforms. No Meta pixel firing on your CRM records.

We do not hold your data hostage. Disconnect and delete are both self-serve.

Honest about what we don't have yet.

We're a small team in beta. We don't hold SOC2. We haven't been audited by a third party. We don't run a bug bounty program yet.