Security

Security

Last updated: May 31, 2026Aubrey AI

How Aubrey protects your account, assistant data, and connected information.

This overview explains the product controls and operating practices we use for account access, shared context, connected services, and privacy-sensitive information.

Account access

Aubrey uses account-based access so your assistants, conversations, shared agents, schedules, lists, and settings are tied to the people who are allowed to use them.

You control who you invite to shared assistants, shared lists, collaboration threads, and messaging pairings. Remove access when someone should no longer see or contribute to that shared context.

Tenant isolation

Aubrey is built as a hosted service with isolation between customer accounts and workspaces. We scope account-owned information to the right workspace before using it in the product.

Tenant-owned records are filtered by workspace context in backend queries, and database row-level policies are enabled for tenant-owned tables. Client-facing database roles are denied direct access to protected tables by default.

Assistant content, object storage, schedules, memory, files, and connected-service context are designed to stay associated with the right account and assistant.

Credential encryption

Connected-account tokens, OAuth refresh tokens, platform provider credentials, HTTP integration credentials, Telegram bot tokens, and WhatsApp session snapshots are stored in encrypted credential fields instead of plaintext columns.

Encryption and decryption happen on backend systems with a configured credential encryption key. The web app receives connection status and safe metadata, not raw access tokens, refresh tokens, provider API keys, or service credentials.

Connected services and credentials

When you connect services such as email, calendar, Drive, Docs, Sheets, or messaging channels, Aubrey uses those connections to follow your instructions and provide the features you turned on.

Connection credentials and provider tokens are handled on backend systems and are not exposed in the web app. Automated refresh keeps supported OAuth connections working when possible, and permanently failed or revoked credentials are marked for reconnect instead of being used silently.

You can revoke or change connected services when you no longer want Aubrey to use them.

Email, calendar, and messages

Each assistant can have an Aubrey email address for forwarded messages and direct requests. You choose what to send or forward, and we recommend forwarding selected messages instead of everything in your inbox.

Calendar feeds, reminders, recurring check-ins, and message replies can contain personal information. Treat shared links, group chats, and invited collaborators as access to the context they are connected to.

Files and signed links

Uploaded and generated files use storage paths that include the tenant and assistant identifiers, so files are organized around the account and assistant they belong to.

Browser uploads and downloads use server-generated signed URLs. The frontend never receives S3 access keys or storage service secrets.

Controlled actions

Aubrey is designed to act through the product features and integrations you enable. Hosted Aubrey keeps high-risk local tools and broad host access disabled unless a reviewed connector or sandbox path is added.

Mutating actions such as sending messages, changing calendar items, updating lists, writing files, or using connected services go through hosted tool handlers. Repeated action attempts use server-side idempotency records with redacted results to reduce accidental duplicate effects.

AI output can still be wrong or incomplete. Review important drafts, reminders, calendar items, and decisions before relying on them.

Production safeguards

Production startup checks require HTTPS public URLs, reject local development authentication mode, require important service secrets for enabled features, and block unsafe hosted tools unless an explicit audited override is configured.

Hosted SaaS mode blocks terminal access, local file access, arbitrary code execution, browser automation, MCP, plugins, local cron files, and delegation unless a future reviewed sandbox or connector path is added.

Monitoring and redaction

Operational logging is designed to report capability and status information rather than secrets. Error reporting is configured to avoid default personal data collection and to redact secret-shaped fields such as authorization headers, cookies, passwords, tokens, API keys, service-role keys, and credential material.

Integration request logs, lifecycle events, and idempotency records store redacted summaries instead of raw OAuth payloads, provider credentials, headers, signed URLs, message bodies, file contents, or full provider responses.

Privacy controls

  • Choose what you message, upload, forward, or connect to Aubrey.
  • Manage shared assistant access and remove collaborators when needed.
  • Stop forwarding emails or change inbox rules at your email provider.
  • Revoke integrations, rotate connected accounts, and disable calendar feed links when they should no longer be used.
  • Request access, correction, export, or deletion of account data by contacting support@helloaubrey.com.

Our operating practices

We avoid exposing service credentials, provider tokens, and private connection details to the frontend. We also avoid logging secrets and keep sensitive operational access limited to what is needed to run and support the service.

No online service can guarantee perfect security. Avoid sending secrets or highly sensitive information unless Aubrey needs it for the task and you understand the risk.

Report a concern

If you believe you found a security issue, privacy concern, or unexpected exposure of information, contact support@helloaubrey.com with enough detail for us to investigate.