Security & privacy
How we keep
your data safe
This page explains what we actually do — not what we aspire to. We describe the security measures that are built and running today.
01
Credential encryption
Integration credentials you connect are encrypted with AES-256-GCM before being stored. Keys are never stored alongside the data they protect. Agents never see your raw credentials — they receive only the access tokens needed to complete their task.
02
Scoped agent permissions
Each agent is given access only to the specific integrations and tools you explicitly connect to it. An agent running a research task has no access to your email. An outreach agent has no access to your codebase. Scope is set by you, not inferred by the system.
03
Approval before high-stakes actions
Agents that are about to send an email, modify a file, or take any action you've flagged as sensitive will pause and ask for your confirmation first. You approve or reject directly from Slack or the 2Hands app. Nothing happens without your sign-off.
04
Activity logging
Every action an agent takes is logged — what it did, when, and what the outcome was. You can review any agent's activity from the dashboard at any time. Logs are retained so you can trace exactly what happened on any given run.
05
Workspace isolation
Your workspace data is fully isolated from other workspaces. There is no shared state or data between teams. Agents, missions, and results are scoped to your workspace only.
06
Your data is never used for training
We do not use your tasks, agent outputs, credentials, or any workspace data to train AI models — ours or anyone else's. Your data is used only to run the work you assign.
Common questions
Can agents access integrations I haven't connected?
No. Each agent only has access to integrations you explicitly assign to it during setup. Other integrations in your workspace are not visible to agents that weren't given access.
What exactly is stored when I connect an integration?
OAuth tokens or API keys you authorize are encrypted and stored. The raw credential is never logged or exposed to the agent directly — the agent uses it only at the moment it needs to take an action.
How do I control which actions require my approval?
When setting up an agent you can flag specific action types — like sending emails or posting to Slack — as requiring confirmation. The agent will always pause before those actions and wait for your response.
Is my data used to train 2Hands AI models?
No. Your workspace data — tasks, outputs, credentials, agent history — is never used to train any AI model.
Who at 2Hands can access my data?
Access to customer data is strictly limited to situations where it's required to diagnose a technical issue you've reported, and only with your consent. We don't browse customer workspaces.