Skip to content

Security

Your data stays yours.

Connecting Patricia to your clients' accounts is a real decision, and it deserves a real answer. Here is exactly what she can see, who at our end can reach it, and what she is allowed to do without asking you first.

SOC 2Type II, audited
GDPRCompliant
ISO 27001In progress, Q3 2026

Reports and audit documentation live in the BetterGroup Trust Center. BetterGroup is Patricia's parent company, and it runs compliance for every product in the group.

The short version

Three questions, answered before you ask them.

An agency runs ten clients out of one workspace. That makes the security question concrete rather than theoretical, so these are the three answers that matter.

What she can see

Only the channels you add her to and the tools you connect. Each client account is walled off in the data layer, so nothing she learns on one can surface on another.

Who can reach it

Your team, under the role you give them. On our side, a small number of authorized staff on a need-to-know basis, bound by confidentiality, and every time it happens it is written to a log that cannot be edited.

What she can do alone

Reading and drafting. Anything that leaves the building, changes a setting, deletes data, or spends money waits for a named yes from someone you have allowed to give it.

Isolation and storage

One client cannot bleed into another.

Isolation is not a setting you switch on. It is how the data layer is built, and it fails closed.

Every query is bound to one account

Each record carries the account it belongs to, and the data-access layer scopes every read and write to a single account by construction. A query that is not correctly scoped returns nothing rather than someone else's data. Tests that run two accounts side by side guard it on every change.

Stored in the US, encrypted throughout

Primary storage is in the United States, US East (Virginia) region. Traffic is TLS-encrypted with HSTS. Credentials and connected-tool secrets are encrypted at the application layer with AES-256-GCM, on top of the encryption at rest the infrastructure already provides.

Her memory is per-account too

Patricia builds a working memory of a brand, its voice, and its standards. That memory belongs to that account, is encrypted at rest, and is never pooled with another customer's.

Untrusted code runs in a sandbox

When a task needs to execute code, it runs in a per-run sandbox that is thrown away afterwards. It cannot reach the database or the secrets, and it cannot call out to the internet unless the task is allowed to.

Access

Who can reach your data, on both sides.

On your side, roles you control. On ours, need-to-know and a log that cannot be rewritten.

RoleWhat it can do
OwnerEverything, including billing, spend caps, and the team
AdminRuns, integrations, settings, audit log. Approves high-risk work
MemberRuns and memory. Approves medium-risk work
ViewerRead only. Cannot change or approve anything

The honest answer about our own access

A small number of authorized Patricia staff can reach customer data on a need-to-know basis, to run and support the service. That is what makes it possible to debug the run you told us broke. They are bound by confidentiality obligations, the access is scoped to the job at hand, and it lands in the audit log like everything else. Any vendor telling you that nobody on their side can ever see your data is either doing client-side encryption, which Patricia is not, or is not being straight with you.

Security-relevant events, hers and ours, are written to an append-only audit log enforced at the database layer. It cannot be edited or deleted through the application. Who, what, when, and on whose approval.

Approvals

She cannot act on anything that matters without a named yes.

Every action she can take carries a risk tier. The low tiers run on their own. The rest stop and wait for a person you have chosen.

TierFor exampleWhat happens
Read onlyList a channel, open a file, pull yesterday's ad spendRuns on her own
LowReply in the thread she was asked in, draft a docRuns on her own
MediumSend an external email, post to a client-visible channelWaits for approval
HighChange an integration, delete dataWaits for an admin or owner
CriticalSpend past your cap, change billingWaits for the owner, and cannot be waived

An approval is bound to one exact action

The request carries a fingerprint of the action it approves, who is allowed to approve it, and an expiry. Approve a draft and she sends that draft. The same yes cannot be replayed against a different action, reused after it expires, or accepted from someone whose role does not allow it.

Approval sits where the work does

Requests post in the channel the work lives in, so a client lead approves their own account and the founder stops being the bottleneck. You decide which roles can approve which tier.

Connected tools

She borrows the keys. She never holds them.

Connecting Google Ads or a CRM hands Patricia an OAuth grant. Here is what happens to it.

Credentials never reach the model

Tokens are held server-side and encrypted with AES-256-GCM. Patricia asks the integration gateway to perform an action; the raw credential is never placed in a prompt, so it cannot be leaked back out through one.

Scoped to what you granted

She can only do what the grant allows. A read scope stays a read scope, and writing to a connected tool is gated behind an approval on top of that.

Logged, and cut off in one click

Every use of an integration is in the audit log. Disconnect it in the dashboard and Patricia's access to it is gone.

Every provider that processes data on your behalf, what it does, and where it runs is listed on the subprocessors page. We give at least 14 days' notice before adding or replacing one, and you can object.

AI and your data

Your work does not become someone else's model.

No training on your data

We use our model providers on API terms under which inputs and outputs are not used to train their models. We do not use your data to train or improve any model served to another customer, and we do not sell it or share it.

What she learns, she learns for you

Patricia gets sharper on your accounts from your feedback and your corrections. That learning stays inside your account. It is never pooled into a shared model, so your standards do not end up improving a competitor's output.

The model providers are named on the subprocessors page, and the commitment is contractual rather than a promise on a marketing page: it is written into section 2.4 of the DPA.

Retention and deletion

It leaves when you leave.

The full windows are in the Privacy Policy. The short version:

Briefs and workspace inputsUp to 1 year, and deleted on request at any time
Work she produces for youUp to 3 years, so you can pull up past work
Brand memoryFor as long as the account is active
Account dataDeleted within 90 days of a deletion request
On cancellationDeleted or returned within 30 days. The audit log stays as an integrity record: who did what, not your content

Deletion, access, and other data-subject requests go to privacy@patricia.app and are handled by our team within the windows in the Privacy Policy. We have appointed EU and UK representatives, and both are named there.

Compliance

Audited, and honest about the rest.

Two lists: what has been independently checked, and what we have not built yet. A vendor that only shows you the first one is showing you half of it.

SOC 2Type II, audited
GDPRCompliant
ISO 27001In progress, Q3 2026

What we have not built yet

  • Row-level security in the database

    Isolation is enforced today in the data-access layer, where every query is bound to one account and an unscoped one fails closed rather than returning data. Database-level policies are a second wall behind that, and they are on the roadmap.

  • SSO, SAML, and SCIM provisioning

    Roles are managed in the dashboard today. Enterprise single sign-on is planned.

  • Self-service export and bulk erasure

    Deletion and data-subject requests are handled by our team, on request, within the windows in the Privacy Policy. There is no self-service button for it yet.

  • Configurable retention windows

    Retention follows the fixed windows published in the Privacy Policy. Per-account windows are planned.

If one of these is a hard requirement for your agency or for your client, tell us. It changes the conversation, not the answer.

Responsible disclosure

Found something? Tell us first.

Email ricardo@patricia.app with what you found and how to reproduce it. We acknowledge reports within two business days and keep you posted until it is fixed. We are most interested in isolation bypasses, authentication and authorization flaws, and anything that exposes a credential.

We do not run a paid bounty today, and we will credit you if you want the credit. Please do not touch another customer's data while testing. Report it, and we will take it from there.

FAQ

The questions security teams actually send.

Can Patricia read everything in our Slack?

No. She sees the channels you add her to and the messages directed at her. She is not a workspace-wide crawler, and you choose exactly which channels she can read.

Can one client's data reach another client's work?

No. Every record carries the account it belongs to, and every query she runs is bound to a single account in the data-access layer. A query that is not correctly scoped returns nothing rather than the wrong account's data, and tests that run two accounts side by side guard it on every change.

Can anyone at Patricia read our data?

A small number of authorized staff can, on a need-to-know basis, and only to run and support the service, for example to debug a failed run you have reported. They are bound by confidentiality obligations, and the access is written to the same append-only audit log as everything else. Any vendor telling you nobody on their side can ever reach your data is either running client-side encryption or is not being straight with you.

Do you train AI models on our data?

No. We use our model providers on API terms under which inputs and outputs are not used to train their models, and we never use your data to train or improve any model served to another customer. What Patricia learns from your feedback stays inside your account and is never pooled across customers. The commitment is in section 2.4 of the DPA, not just on a marketing page.

Where is our data stored?

Primary storage is in the United States, in the US East (Virginia) region, alongside the model providers named on the subprocessors page. Everything is encrypted in transit and at rest, and EU, UK, and Swiss transfers are covered by the Standard Contractual Clauses in the DPA.

What happens if one of our OAuth tokens leaks?

Credentials are encrypted with AES-256-GCM and held server-side. Patricia asks the integration gateway to act; the raw token is never placed in a prompt, so it cannot be leaked back out through one. Every use is in the audit log, so an unexpected action is visible, and disconnecting the integration in the dashboard cuts off her access.

Can she post to a client-visible channel on her own?

No. That is a medium-risk action, so it waits for a named yes from someone on your team whose role allows it. The approval is bound to that exact action, so it cannot be reused for a different one.

What is your breach process?

We notify you without undue delay after becoming aware of a breach affecting your data, with what we know and what we are doing about it. Reportable breaches go to the supervisory authority within 72 hours. The commitments are in the DPA and the Privacy Policy.

Can we get a DPA and a SOC 2 report?

Yes to both. The DPA is published in full and covers the EU Standard Contractual Clauses, the UK Addendum, and Swiss FADP terms; email access@patricia.app for a countersigned copy. The SOC 2 Type II report and the rest of the audit documentation are available through the BetterGroup Trust Center.

What happens to our data if we cancel?

It leaves with you. We delete or return your data within 30 days of the request, and account data is gone within 90 days. The append-only audit log is kept as an integrity record; it holds who did what and when, not the substance of your content.

Bring your security questions.

The hard ones are the ones we like. Book a demo and we will walk your team, or your client's team, through any of this.

Pick a time that works for you. You get a live walkthrough of Patricia on your real work, and every question answered.

No credit card.