How Powder Handles Data Privacy and Security

Security as a foundation, not a feature

When an AI agent has access to your CRM, docs, and communication tools, the security model has to be airtight. We built Powder with the assumption that every piece of data flowing through the system is sensitive, because for enterprise teams, it is.

Data access controls

Powder respects the permission models of your connected tools. If a user does not have access to a Salesforce record, the agent will not surface that record's data in their responses. Permissions are checked in real time, not cached, so changes propagate immediately.

No training on your data

Your data is used to generate responses for your team and nothing else. It is never used to train models, never shared across organizations, and never accessible to other customers. This is non-negotiable and contractually guaranteed.

Encryption and infrastructure

All data is encrypted in transit and at rest. We use SOC 2 Type II certified infrastructure with regular third-party audits. API connections to your tools use OAuth 2.0 with scoped permissions, meaning the agent only accesses what it needs.

Compliance and certifications

Powder maintains SOC 2 Type II certification and GDPR compliance. For teams with additional requirements, we support custom data residency configurations, SSO enforcement, and detailed audit logging of all agent interactions.

Security documentation and our trust center are available on request. We believe transparency about how we handle data is just as important as the technical controls themselves.