Emma
Inherit Team Β· Typically replies instantly
Thanks for checking out Inherit! What got you looking to automate your sales handoffs?
Powered by Inherit AI
Inherit handles sensitive CRM data, customer relationships, and deal context. Here's exactly how we protect it.
All data is encrypted with TLS 1.3 in transit. Supabase (PostgreSQL) encrypts data at rest using AES-256. Your CRM tokens and account data are never stored in plaintext.
Your CRM data, account notes, and generated briefs are never used to train AI models β Anthropic's or ours. Data submitted to the Claude API is processed and discarded.
HubSpot and Salesforce connections use OAuth 2.0. We request the minimum required scopes (read-only where possible). Tokens are stored encrypted and can be revoked from your dashboard at any time.
We're pursuing SOC 2 Type II certification. Our infrastructure runs on Vercel (SOC 2 certified) and Supabase (SOC 2 certified). Audit logs and access controls are in place.
Vercel
Application hosting
SOC 2 Type IIGlobal edge network, DDoS protection, automatic HTTPS
Supabase
Database & Auth
SOC 2 Type IIPostgreSQL with RLS, encrypted backups, MFA-protected access
Anthropic
AI brief generation
No training on API dataClaude API processes data per-request and does not store or train on inputs
What data do you store?
We store the account and contact data you submit (via CSV or CRM sync), the AI-generated briefs, your profile information, and usage metadata (login timestamps, handoff counts). We do not store full CRM datasets β only the accounts included in a specific handoff.
How long is data retained?
Active handoff briefs are retained as long as your account is active. When you delete a handoff, its associated briefs and account data are permanently removed from our database. On account deletion, all data is purged within 30 days.
Who has access to my data inside Inherit?
Access is strictly row-level: Supabase RLS (Row Level Security) policies ensure each user can only read their own data. Inherit staff do not have routine access to customer data. Production database access is logged and requires multi-factor authentication.
Do you share data with third parties?
We send account data to the Claude API (Anthropic) for brief generation only. We use Stripe for payment processing β they receive only billing information, never CRM data. We do not sell or share your data with any other third parties.
Can I export or delete my data?
Yes. You can export briefs as PDF from any handoff. To request a full data export or account deletion, email privacy@useinherit.com. We will fulfill requests within 30 days per GDPR/CCPA requirements.
How do you handle security incidents?
We have an incident response plan that includes customer notification within 72 hours for any breach affecting personal data. Critical vulnerabilities are patched within 24 hours of discovery. Security issues can be reported to security@useinherit.com.
Procurement or InfoSec team asking questions? Paste your security questionnaire below and get instant AI-generated answers based on Inherit's actual security posture. For formal vendor assessments, email security@useinherit.com.
Our team responds to security inquiries within one business day.
We use cookies to improve Inherit
We use a small set of analytics cookies (PostHog) to understand which features get used. Strictly necessary cookies (login session, security) are always on. Privacy policy.