// Security
Data security
and privacy.
PrioFlow is built for sales reps who handle sensitive commercial conversations. Here is exactly what we access, what we store, and how we protect it.
SECURITY STATUS
Gmail / Outlook
mail.readonly
Google Calendar / Outlook Calendar
calendar.readonly
HubSpot CRM
OAuth scoped
Read-only
Email and calendar access
No sending, no deleting, no modifying. Read-only scopes across Gmail, Outlook Mail, Google Calendar, and Outlook Calendar.
Encrypted
Tokens and data at rest
OAuth access and refresh tokens are encrypted before storage. The database itself is encrypted at rest.
Location
Hosted in the EU
All infrastructure, data storage, and AI processing runs in Europe. Your data does not leave the EU.
// What PrioFlow accesses
Minimal access. Clearly scoped.
Gmail / Outlook
mail.readonlyWhat we access
PrioFlow reads email threads that involve contacts already in your CRM. It does not read your entire inbox.
Cannot do
Send, delete, label, or modify any emails.
Google Calendar / Outlook Calendar
calendar.readonlyWhat we access
PrioFlow reads your calendar events to surface pre-meeting prep and post-meeting follow-up actions.
Cannot do
Create, edit, or delete calendar events.
HubSpot CRM
OAuth — read + scoped writeWhat we access
PrioFlow reads deal stages, contact history, and last activity dates to weight your daily priority list. When you ask us to, PrioFlow also writes tasks, notes, and updates to deals and contacts so HubSpot stays in sync with the work you do in PrioFlow.
Cannot do
Modify pipelines or stage definitions, delete records, or take any action you have not initiated.
// How we protect data
Encrypted, isolated, and minimal.
Tokens encrypted at rest
OAuth access and refresh tokens for every integration are encrypted before storage and decrypted only at the moment they are needed.
No raw email bodies
Email content is processed for signals and metadata only. Raw message bodies and attachments are never stored.
Calendar metadata only
We store event titles, attendees, and times. We do not fetch meeting recordings or transcripts — you choose when to paste one in.
GDPR architecture
Hosted in Europe with data minimisation throughout — short snippets and metadata rather than full content.
Per-account isolation
Every record is scoped to your account. Queries are filtered by your user identity on every request.
TLS in transit
All traffic — browser to PrioFlow, PrioFlow to your integrations, PrioFlow to its database — uses HTTPS / TLS 1.2 or higher.
Disconnect anytime
Revoke any integration from Settings at any time. The stored OAuth tokens for that integration are deleted immediately and syncing stops.
No data sharing
We do not sell, share, or license your data to third parties. Data is used solely to operate PrioFlow for your account.
// Google OAuth verification
Unverified app notice.
PrioFlow is currently undergoing Google OAuth verification for gmail.readonly and calendar.readonly scopes. This review takes 4–6 weeks.
During the review period you will see an “unverified app” warning. You can safely proceed by clicking “Advanced” then “Go to PrioFlow (unsafe)”. This reflects Google's review status, not a security risk. Up to 100 users can connect without verification.
VERIFICATION STATUS
// Infrastructure
Secured by design.
Hosted in Europe
All infrastructure, data storage, and AI processing runs in Europe. Your data does not leave the EU.
Encrypted database
Customer data is held in an encrypted database with daily backups and point-in-time recovery within the backup window.
Federated sign-in
Sign in with Google, Microsoft, or email and password through our identity provider. PrioFlow never sees or stores passwords directly.
// Questions
Questions about security?
Reach out at [email protected] or use the contact form. We will respond within one business day.
PrioFlow processes commercial email and calendar data on behalf of individual sales reps. We take that responsibility seriously — and we are transparent about exactly how we do it.