Privacy Policy

Last updated: April 28, 2026

This Privacy Policy describes how Outpost Labs, LLC (“Outpost”, “we”, or “us”) collects, uses, and shares information when you use the Outpost service, website, and applications (the “Service”).

1. Information We Collect

Information you provide

  • Account information: your email address and any profile details you provide when signing up.
  • Scout configurations: the prompts, schedules, and tool selections you use to define your Scouts.
  • Connected accounts: authorization tokens and account identifiers for third-party services you choose to connect (such as email, calendar, document, messaging, or CRM providers). Connections are opt-in and just-in-time — we never request access to any third-party service at signup. You only authorize a connection when you build or run a Scout that requires it, and only for the scopes that Scout needs. We store these credentials encrypted at rest in a managed secret vault and use them solely to act on your behalf inside those services, as directed by your Scouts. See our Integrations page for a per-connector list of the scopes requested, the data accessed, and how each integration is handled.
  • Billing information: when you subscribe to a paid plan, your payment details are collected and processed by our payment provider (Stripe). We do not store full credit-card numbers on our systems.
  • Support correspondence: if you email us, we retain your message and our response.

Information generated by using the Service

  • Run data: the inputs to and outputs from each Scout run, including data retrieved from your connected accounts and the result delivered to your inbox. Scout result content is retained for seven (7) days by default.
  • Usage and telemetry: technical data such as IP address, browser type, device, pages visited, and timestamps, collected to operate, secure, and improve the Service.
  • Cookies: we use strictly necessary cookies for authentication and to keep you signed in. We do not currently use advertising or cross-site tracking cookies.

2. How We Use Information

We use information to:

  • Provide, maintain, and improve the Service.
  • Execute your Scouts, including reading from and writing to connected third-party accounts as you’ve configured.
  • Send you transactional messages about your account, your Scouts, and your billing.
  • Monitor for abuse, enforce our Terms of Service, and secure the Service.
  • Comply with legal obligations.

We do not sell your personal information. We do not use the content of your Scout runs, the data we access in your connected third-party accounts, or any information derived from them, to develop, improve, or train generalized or non-personalized artificial-intelligence or machine-learning models. Google user data is subject to the additional restrictions described in Section 9 below.

3. How We Share Information

We share information only as necessary to operate the Service.

Service providers

We use a small set of vetted service providers, all based in the United States, to operate the Service. Each processes information on our behalf under contract and is not permitted to use it for their own purposes. The categories of service provider we rely on are:

  • Cloud hosting and compute— to run the Outpost web application and execute Scout runs.
  • Database, authentication, and credential storage — to store your account, Scout configurations, run history, and encrypted connection tokens.
  • AI inference providers— to generate Scout results. Outpost selects and configures the AI models used by the Service; model choice is not exposed to end users. The providers we use are contractually prohibited from retaining your data beyond the run or using it to train their models.
  • Payment processing— to handle paid subscriptions.
  • Transactional email delivery— to deliver account emails and Scout result emails you’ve opted in to receive.

A current list of named service providers is available on request to hello@getoutpost.io.

AI inference providers

The text and context of your Scout runs — including data retrieved from your connected accounts when the Scout has requested it — are sent to an AI model selected and managed by Outpost for processing. Responses are stored as Scout run data. We do not permit AI providers to retain this data beyond the run or to use it to train their models.

Third-party services you connect

When you authorize a connection to a third-party service, your Scouts interact with that service directly using the tokens you’ve granted. We act on your behalf within those services per your instructions. The third party’s own privacy policy continues to govern your data inside its platform. Your use of each connected service through Outpost remains subject to that service’s terms.

Legal and safety

We may disclose information if required by law, to protect the rights and safety of Outpost or others, or to investigate fraud or abuse.

Business transfers

If Outpost is involved in a merger, acquisition, or asset sale, your information may transfer to the acquiring entity, subject to this Policy.

4. Your Choices

  • Access and export: you can export your account data at any time from your account settings.
  • Deletion: you can delete your account at any time from your account settings. Deletion removes your account, Scouts, run history, and connected-account credentials from our active systems, and we revoke the associated access tokens with each provider where the provider’s API supports revocation. Limited backups may persist for up to 30 days before being purged.
  • Disconnecting third-party services: you can revoke a connection at any time from the Connections page in your account settings; revocation stops the Service from acting on your behalf inside that service. You may also revoke access directly with the third-party provider. For Google, visit https://myaccount.google.com/permissions.
  • Email preferences: you can unsubscribe from non-essential emails (product announcements, marketing) in your account settings. Transactional messages (security alerts, billing) cannot be disabled while you have an active account.

5. Data Security

We use industry-standard measures to protect information, including encryption in transit (TLS 1.2+), encryption of credentials and connection tokens at rest in a managed secret vault, access controls limited to personnel who require access to operate the Service, and regular security reviews. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

Scout run results are retained for seven (7) days by default. Account information is retained while your account is active and for a reasonable period afterward to meet legal, tax, and operational obligations. Connection credentials are retained until you disconnect the connection or delete your account. Following account deletion, active-system removal of account data, Scouts, run history, and connection credentials completes within thirty (30) days; limited backups are purged on the same schedule.

7. International Transfers

The Service is operated from the United States. If you access the Service from outside the US, you understand that your information will be transferred to, stored in, and processed in the United States. By using the Service, you consent to these transfers.

8. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it.

9. Google User Data

Outpost offers optional integrations with Google services (Gmail, Google Calendar, and Google Drive). These integrations are never enabled by default and are only available after you explicitly connect your Google account and grant the specific scopes needed by a Scout you are building.

Limited Use.Outpost’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, Outpost does not use Google user data to develop, improve, or train generalized or non-personalized artificial-intelligence or machine-learning models. Google user data is used solely to provide or improve user-facing features that are prominent in the Outpost experience.

Scopes we request and why. When you connect your Google account, Outpost requests only the scopes needed for the specific Scouts you build:

  • https://www.googleapis.com/auth/gmail.modify — read messages, labels, and threads in your Gmail account, and send mail on your behalf. Used by Scouts you configure for inbox triage, summarization, sender monitoring, replies, and digest delivery. Outpost does notdelete email; the “modify” capability is used only to label or archive when a Scout you configure explicitly requests it.
  • https://www.googleapis.com/auth/calendar.events — read and manage events on your Google Calendar. Used only by Scouts you configure to access Calendar (for example, a morning briefing that summarizes today’s events, or a Scout that creates focus-time blocks).
  • https://www.googleapis.com/auth/drive.file — per-file access to Google Drive. This scope only grants Outpost access to the specific files or folders you explicitly select for a Scout via the Google Picker. Outpost cannot see, list, or search any other files in your Drive.
  • https://www.googleapis.com/auth/drive.appdata — access to a private, app-only folder in your Drive (hidden from the Drive UI) for Scout-internal state, such as remembering items already seen across runs. This scope does not grant access to any of your visible Drive files.

Outpost requests the minimum scopes required for the feature you are enabling, and requests them only when you build or run a Scout that needs them.

How Google user data is handled.Data retrieved from Google APIs is processed solely to produce the Scout result you requested. It is sent to an AI model selected and managed by Outpost (see Section 3), stored with the Scout run in our database under the seven-day retention policy, and encrypted in transit and at rest. Google user data is never sold, never used to serve advertising, and never used to develop, improve, or train AI or machine-learning models — by Outpost or by any subprocessor. Google user data is not shared with any third party other than (a) the AI model provider processing the run on a no-retention, no-training basis, or (b) as required by law.

Human access.Outpost personnel do not read Google user data except: (a) with your explicit consent — for example, when you request support for a specific Scout run and opt in to share it; (b) for security purposes, including investigating abuse or an imminent threat to the Service; (c) to comply with applicable law; or (d) when the data has been aggregated and anonymized such that it no longer identifies you or any Google user.

Revocation and deletion.You can revoke Outpost’s access to your Google account at any time from the Connections page in your Outpost settings, or directly at https://myaccount.google.com/permissions. When you disconnect Google or delete your Outpost account, we revoke the associated tokens with Google and remove the stored credentials from our active systems. Any Google user data that remains in Scout run records is purged according to the seven-day retention policy.

10. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you by email or by posting a notice within the Service. Continued use of the Service after changes take effect constitutes your acceptance of the updated Policy.

11. Contact

Questions about this Policy or your data can be sent to hello@getoutpost.io.