Security, data handling & integrations

Open vs Upload (Free vs Pro) — the contract

We separate “open a file to analyze it” from “upload/save a file for history.” This reduces accidental storage and keeps control with the user.

• Default is Open (ephemeral): analyze without creating history or a saved copy.
• Upload/Save is explicit: a deliberate action that creates history and enables export/sharing workflows.
• Paid features map to storage: vaults, history, and exports are tied to explicit upload/save behavior.

Read the full spec in docs →

Token revocation & audit logging expectations

For integrations that require OAuth tokens (for example Drive/OneDrive), we design for safe disconnect and reviewable events.

• User can disconnect anytime: disconnect revokes access where possible and stops further reads.
• Short-lived access: prefer short-lived access tokens; refresh tokens are protected and rotated.
• Audit trail: connect/disconnect and access events should be attributable and reviewable.

Read details in docs →

Cloud drives (read-only) — approach

Our goal is simple: let users choose a file from their drive, open it, analyze it — without background syncing or indexing.

Google Drive (read-only)

• Connect/disconnect UX: clear consent, clear scope, and one-click disconnect.
• Picker → open → analyze: user selects a file, we fetch the file, then run analysis.
• Token storage: encrypted at rest, with rotation and revocation support.

Google Drive design notes →

OneDrive (read-only)

• Microsoft Graph: consistent UX and behavior with Drive where possible.
• Cross-browser matrix: test common desktop/mobile browser combinations.

OneDrive design notes →

iCloud Drive

• User-initiated selection: iOS/Safari constraints mean user-driven file selection flows.
• Parity: once selected, “open and analyze” should behave like local uploads.

iCloud Drive notes →