Security · stated plainly

Your company’s thinking lives here. Here’s how we treat it.

Priors holds the most sensitive thing a startup has — what it believes and why. This page says exactly what we store, who touches it, and what we will never do with it. No badge wall; if a claim isn’t verifiable, it isn’t here.

The five promises

What we will and won't do

No training on your data

Your company memory is never used to train models — ours or anyone else's.

No human reads it

No person at Priors reads your captured content. Debugging happens on metadata and our own seed workspace, not on yours.

Per-tenant isolation

Row-level security on every table in the database, enforced by the database itself — plus API keys scoped to exactly one workspace. We test that cross-tenant reads fail.

Encrypted everywhere

Encryption at rest (managed-database default), TLS in transit, secrets in a vault — never in code.

Read-only, minimal scopes

We ask for the least access that works and never write to your email, Slack, or docs. The exact scopes are listed below.

What we store

Exactly what lands in your workspace

Originals you send us: forwarded emails, meeting transcripts, and uploaded documents — kept immutable so every claim can be traced to its source.
What we derive: evidence cards, hypotheses, experiments, decisions, commitments, and the people registry — all citing the originals.
Account & billing: your email, workspace membership, and Stripe customer ids. Card numbers never touch our servers — they go straight to Stripe.
Funnel events: which onboarding steps happened, by promo cohort. No third-party trackers on this site.

One-click full export (JSON + Markdown zip) and hard delete of the workspace including raw sources within 24 hours. Your data is yours; leaving is cheap.

Subprocessors

Who else touches your data

OpenAImodel inference

Extraction and chief-of-staff reasoning run on OpenAI models (currently GPT-5.5 via Codex). Inference inputs are not used for training.

Stripebilling

Card collection, subscriptions, receipts, and dunning. We never see card numbers.

Hostingcompute & storage

Beta runs on our own controlled infrastructure; production moves to Microsoft Azure (encrypted managed Postgres + blob storage). This page changes when that does.

That’s the whole list. No analytics suites, no ad pixels, no data brokers.

OAuth scopes

The least access that works

Gmailgmail.readonlyread-only; 90-day backfill + live sync; we never send or modify mail

Slackchannels:historyonly on channels you explicitly /invite the bot to

Notionshared pagesonly pages you share with the integration; re-synced daily

Google Drivedrive.fileonly folders you pick; nothing else is visible to us

MCP keyworkspace-scopedone workspace per key; revoke any time in Settings

Forwarding to your universal inbox needs no OAuth at all — you choose every message that reaches us.

Beta honesty

No SOC 2 yet — here's what we do instead

We’re a pre-seed team, like you, and a SOC 2 audit is months of runway we’d rather spend making the product worth trusting. What you get today: database-enforced tenant isolation with a failing cross-tenant test in CI, least-privilege read-only scopes, encrypted storage and transport, secrets in a vault, and export-and-delete that actually deletes. When the audit happens, it will confirm this page rather than replace it. Questions, or something here you need stronger before you can use us — write to us and we’ll answer plainly.

Ready when you are — the card comes at signup, the first month is free, and everything above applies from the first byte.

Set up your workspace