At Filo, security is built into the way we design and operate the Service. Features such as AI summaries, Agent workflows, connected-app automations, and smart triage rely on safeguards that prioritize confidentiality, integrity, and reliability. We use modern encryption, segmented cloud architecture, access controls, provider safeguards, and regular security review to protect account data, connected-app data, and user-enabled product content.
Independent reviews such as Google's Cloud Application Security Assessment (CASA) help validate key safeguards for Gmail-related access. If you decide to leave, you can delete your account at any time. Filo will disable access, revoke or delete supported tokens where applicable, and delete active product data that Filo controls, while limited operational logs, security records, billing records, backups, and third-party provider records may remain for limited periods where required for security, recovery, compliance, dispute handling, or provider operations.
Filo's core production infrastructure is hosted in Amazon Web Services (AWS). We also rely on trusted service providers for payment, analytics, diagnostics, connected-app, and AI functionality as described in our Privacy Policy. AWS maintains widely recognized certifications (e.g., ISO/IEC 27001, SOC reports, and PCI DSS for applicable services).
Filo has completed Google's Cloud Application Security Assessment (CASA) Tier 3 for apps requesting restricted Gmail scopes. Reviews like CASA help validate key safeguards for Gmail-related access.
Filo designs Gmail-related access to align with Google's API Services User Data Policy and applicable Google Workspace Marketplace requirements.
Filo integrates with Google’s Advanced Protection Program. Administrators can allow-list the app via standard Google Admin controls for third-party OAuth access.
Customer prompts and outputs are not used to train public or foundation models without permission. We use AI providers to deliver requested AI features and configure provider paths with appropriate data-use, access, logging, retention, and security controls. DeepSeek V4 Pro is routed through OpenRouter with Zero Data Retention enabled for prompt and completion content where supported by OpenRouter's routing controls.
Internal access requires strong authentication and least-privilege authorization. Access to customer content is limited to authorized service, support, security, or legal purposes, and sensitive access events are logged and reviewed according to our security procedures.
You retain meaningful control:
Deletion disables account access, revokes or deletes supported tokens where applicable, and removes active copies of Filo-controlled product data. Some operational logs, security records, billing records, backups, and third-party provider records may remain for limited periods where required for security, recovery, compliance, dispute handling, or provider operations. See our Privacy Policy for more detail.
Disconnect it from Settings → Mailboxes → Remove (or the equivalent in your client). Only that mailbox and its associated data are deleted.
For more detail, read our complete Privacy Policy and Terms of Service.