Skip to main content
Security and Privacy Q&A

Resources to share on Security and Privacy with Lavender.

E
Written by Eduardo Rosenfeld
Updated over 8 months ago

We want to be transparent about how we utilize and process your data. We understand the inbox is a highly personal and private place, and we don't take you lightly when giving us access.

Do you have a Trust Center?

Yes, we do! You can access our trust center through this link.

A few things you will find there are:

  • SOC 2 audit reports

  • Penetration test reports

  • Subprocessors

  • and more!


What is your Privacy Policy?

You can read all about our Privacy Policy here: Lavender's Privacy Policy


TL;DR

  1. We don't store your emails.

  2. We don't store your payment info.

  3. We don't store your password.

  4. We encrypt everything.

  5. We don't read your emails.

  6. You can delete your data.

More info can be found here: https://www.lavender.ai/privacy


Is Lavender SOC 2 Type II certified?

Yes! Lavender became SOC 2 Type II Certified in November 2023


What is SOC 2?

SOC 2 stands for Service Organization Control 2.

It is a set of standard rules and guidelines for companies to be secure.


What are two types of SOC 2 audits?

SOC 2 Type I: This report tells you the company has the right security controls. It doesn’t tell you if the company is actively adhering to these controls.

SOC 2 Type II: This report tells you the company has the right security controls and is following them. An independent auditor verifies them.


Why does the Chrome Extension collect authentication information and payment information?

Lavender accounts are created and signed in with OAuth, a one-click sign-in for Google and Microsoft. This means we never see or save your password(s).

Payment information is collected to process subscription payments and is not required to proceed with our 7-day free trial of Lavender. We don't store your payment information; all payments are securely processed by Stripe, the industry leader in software payment processing, so we never see, touch, or store your credit card details.

On our Privacy page, you can read more about our adherence to the Google API Services User Data Policy, including the Limited Use requirements.


Will you use my data to train Lavender AI models?

We can use the data to train the AI models; our TOS has provisions for this.

However, we do not use emails or data in raw, unprocessed form. We de-identify the data and scrub out all semblance of PII before we save it or use it for model fine-tuning.


How long do you store data?

The data is stored until the account is completely purged from our system during DSAR or when a user clicks the delete button on the dashboard.

Backups are stored for 30 days on a rolling basis.


Can a human (employees, or third parties) view my data?

Humans can read the de-identified data, but access is restricted to engineers who need production access or support individuals who require this to perform their roles.

We do not transmit this data to third parties or allow third parties to read this directly from our database.

Users can opt out of this entirely if so desired. We can and do make that exception when asked specifically to do so.

Did this answer your question?