Security and data.
Updated 2026-07-14
Beagle's security model rests on three things: it works under your own revocable OAuth grants rather than standing credentials, access is scoped to the tenant and to the person who asked, and every outbound action waits for human approval. SOC 2 is in flight, the product is GDPR ready, and data is encrypted in transit and at rest.
Posture
- SOC 2. In flight. Request the current packet at security@heybeagle.com.
- GDPR. Ready. Privacy questions go to privacy@heybeagle.com.
- Encryption. In transit and at rest.
The access model
Beagle holds no standing credentials of its own. Every tool connection is an OAuth grant you make, scoped to your tenant, revocable at any time from the Connections page. Reads follow the permissions of the person who asked, so one team's or one client's data does not surface in another's work. In Slack and Teams, Beagle sees only the channels it was added to.
The full reference
The security page is the operations reference - certifications, sub-processors, data handling, and retention - written to be handed to a security team. The enterprise page covers the architecture: least privilege, the peer model, and tenant isolation. The privacy policy covers personal data, including the Google API Services User Data Policy Limited Use requirements Beagle adheres to for Google Workspace scopes.
Reporting a vulnerability
Email security@heybeagle.com. Include what you found and how to reproduce it, and a human will respond.
FAQ
Is Beagle SOC 2 certified?
SOC 2 is in flight. The current security packet, including certification status and sub-processors, is available on request from security@heybeagle.com, and the security page carries the operations reference.
Is my data used to train models?
The privacy policy on heybeagle.com/privacy is the authoritative statement on data use and retention. For Google Workspace data specifically, Beagle adheres to the Google API Services User Data Policy, including the Limited Use requirements.
How do I report a security issue?
Email security@heybeagle.com with what you found and how to reproduce it.
How is client confidentiality kept between accounts?
Access is scoped to the tenant and to the person who asked - not pooled into one shared context - and every connection is a revocable per-tool OAuth grant. One engagement's data does not surface in another's work.
Read next
- Security - The full operations reference
- Privacy - The authoritative data policy
- Connections - Grants, scoping, revocation