Town connects to your tools to work on your behalf. We never sell your data, and we never act without your permission.
We connect to your tools for one reason: to do the work you ask us to do.
Your content powers and improves Town for you. That's it.
Everything you bring into Town — emails, documents, prompts, outputs — remains yours. We claim no ownership over your content.
Town uses AI models through their APIs, where terms explicitly prohibit using your inputs, outputs, or conversations for model training.
Data from Gmail, Google Calendar, and Google Drive is never used to train machine learning models. Required by Google's API Services User Data Policy — and a commitment we stand behind.
Here's what we access, and why.
Surfaces what matters, drafts replies, organizes your inbox. Only accesses what's needed.
Prepares briefings, finds conflicts, manages invitations. Never modifies events without your approval.
Reads docs from Drive, Notion, and other sources for task context. Files are not stored beyond what's necessary.
Brings context from Slack, GitHub, Linear, HubSpot, and more into one place. Every integration is optional.
Town gives you a dial, not a switch. Start cautious, then grant autonomy when you're ready.
Town never sends an email, modifies a document, or takes a destructive action without your explicit approval — unless you configure it otherwise. See approval modes.
Every integration is optional. Connect email, calendar, Drive, Slack, or any combination. Disconnect anytime from your settings.
Full action log for every workflow. Clear reasoning for every step. Complete transparency into what happened, when, and why.
Read-only for monitoring. Approval-required for review before action. Autonomous when you're ready. Adjust per-workflow and per-tool. See workflow modes and approval details.
Go to Settings to delete your account. We soft-delete immediately and permanently remove all data within 30 days.
Disconnect any integration from your settings, or revoke Town's access directly from your Google, Slack, or Notion security settings.
Security isn't a feature we ship. It's how we build.
All data is encrypted in transit and at rest.
Data hosted on Convex and AWS in the United States.
CASA (Cloud Application Security Assessment) completed, validated by an independent third party based on the OWASP ASVS standard.
No team member has production database access. User sessions are only accessed at your request, or with explicit CEO or CPO approval.
Actively completing SOC 2 Type 2 certification for audited assurance of our security controls.
Google user data is used only to provide services to you. Never shared, sold, or used for advertising.
Permissions reset when you start a new thread. Learn more about different settings.
Set permission mode in the composer with the shield control, then review each required action in-chat before anything executes.
If your organization has security requirements, we'd love to talk.
Contact us