Back to Home

Your Data Security is Our Priority

We built The Control Surface with privacy-first architecture. Here's exactly how we protect your information.

Our Security Principles

Read-Only Access

We request the minimum Gmail permissions needed. The Control Surface can only read your emails - we cannot send, delete, or modify anything in your inbox.

Minimal Data Storage

We extract and store only structured data (summaries, dates, costs, vendor names) - never full email content. Your original emails stay in Gmail where they belong.

Encryption Everywhere

All data is encrypted in transit and at rest using industry-standard encryption. Your OAuth tokens are encrypted before storage.

Token Security

Your Gmail access tokens are encrypted and stored securely. We use short-lived tokens and refresh them automatically. You can revoke access anytime.

Infrastructure & Compliance

Enterprise-Grade Hosting

Our infrastructure runs on Google Cloud Platform with enterprise-grade security, automatic backups, and disaster recovery.

Google API Compliance

The Control Surface adheres to Google API Services User Data Policy including Limited Use requirements. We completed Google's OAuth verification process for sensitive scopes.

No Third-Party Sharing

We never sell, share, or transfer your personal data to third parties for marketing. Data is shared only with essential service providers (Stripe, Google Cloud) under strict agreements.

What We Access & Store

What We Access

  • Email metadata (sender, subject, date) during portfolio discovery
  • Email content for property-related emails only after you confirm
  • PDF attachments for invoice and document extraction
  • Gmail thread IDs for deduplication

What We Store

  • Extracted summaries (e.g., 'HVAC repair - $450')
  • Vendor names and contact information
  • Cost amounts and dates
  • Property addresses you confirm
  • Case classifications (maintenance, turnover, etc.)

What We Never Store

  • Full email body content
  • Personal emails unrelated to properties
  • Your Gmail password
  • Emails from senders you haven't approved

Revoke Gmail Access

You can revoke The Control Surface's access to your Gmail at any time without deleting your account:

  1. 1. Go to Google Security Settings (myaccount.google.com/security)
  2. 2. Click 'Third-party apps with account access'
  3. 3. Find 'The Control Surface' and click 'Remove Access'
  4. 4. Your stored data will remain but no new emails will be processed

Delete Your Account

You have complete control over your data. Deleting your account will:

  • Revoke our access to your Gmail
  • Delete all stored property data, cases, and contacts
  • Remove your encrypted OAuth tokens
  • Delete all personally identifiable data from our systems

This action is permanent and cannot be undone.

Delete My Account

Security Questions?

If you have questions about our security practices or want to report a vulnerability, please contact us.

support@thecontrolsurface.com