Security & Trust
Last Updated: November 2025
Protecting your data — and your clients' privacy — is the foundation of our platform.
This page explains, clearly and transparently, what we access, what we never access, how we secure it, and what protections exist even in a worst-case scenario.
We designed Found Opportunity for real-estate professionals who rely on confidentiality, speed, and accuracy — including agents dealing with VIP, high-net-worth buyers and sellers. Our approach is simple:
1. What We Access (and Why)
Found Opportunity uses OAuth to connect to Gmail or Outlook so we can scan only your spam folder and alert you when a valuable lead ends up there.
We Access:
- Emails in your spam folder only
- Sender name + email
- Subject line
- First ~1,000 characters of the body (for opportunity detection)
- Date/time received
This is the minimum required to detect renter inquiries, buyer leads, referrals, and FSBO messages that were incorrectly flagged as spam.
We Do Not Access:
- Inbox
- Sent mail
- Drafts
- Trash
- Contacts
- Calendar
- Your login password (you never share it with us)
Our code never queries or processes any folder except Spam.
2. Why You Can Trust That We Only Access Spam
Gmail and Outlook do not provide a "spam-only" permission level — the API technically allows reading all folders — so we provide multiple layers of protection:
Code-Level Enforcement (Primary Protection)
Every email query includes:
This guarantees we only fetch spam emails. There is no code path that queries inbox or sent mail.
Failsafe / Circuit Breaker
A separate guard runs before every scan:
- If a query ever returns a non-spam email → halt immediately
- Block further scanning
- Send internal alert
- Require manual release after investigation
Google Oversight (CASA Tier 2 Certified)
Google's OAuth verification process includes ongoing compliance requirements. Apps that deviate from declared permissions risk having OAuth access revoked. This provides external accountability alongside our internal controls.
We have been verified through TAC Security's CASA Tier 2 assessment. This is the same level used by major SaaS tools that connect to Gmail.
Legal & Contractual Protection
Our Terms of Service contractually guarantee:
Privacy-by-Design Architecture
- No employee can view your full inbox.
- Admin panel shows only anonymized subject lines + truncated previews, never tied to your identity.
- No matching of opportunities to agent email addresses.
3. Read-Only Permissions = We Cannot Send or Modify Email
Our OAuth scope is gmail.readonly / Mail.Read.
This means:
We can only read spam messages — nothing else.
4. What Happens If You Disconnect
You can disconnect anytime:
- From your Found Opportunity dashboard
- From Google/Microsoft security settings
Once disconnected:
- OAuth token becomes invalid instantly
- All scanning stops
- All opportunity data deletes within 7 days
- Nothing remains that could access your email
5. Data Handling & Auto-Deletion
We Store (for 7 Days Only):
- Sender
- Subject
- 1,000-character preview
- Opportunity classification
- Timestamp
We never store:
- Attachments
- Full emails
- Non-spam folders
- Entire message history
Opportunity data is automatically deleted after 7 days.
6. Encryption & Infrastructure
Encrypted At Rest and In Transit
- HTTPS (TLS 1.2+) everywhere
- OAuth tokens encrypted using Fernet symmetric encryption
- Passwords hashed with bcrypt + salt
- Database not exposed to the internet
- All scans and tokens encrypted end-to-end
Hosted on DigitalOcean (SOC 2, ISO 27001)
- NYC3 datacenter
- Daily backups
- Firewalls + access control
- Only essential ports opened (SSH, 80, 443)
7. Security Monitoring & Controls
- 2FA required for all user logins
- 2FA required for admin access
- SSH key-only server login
- UptimeRobot external monitoring
- Intruder.io vulnerability scanning (continuous)
- Automated security updates
- Cyber liability insurance: $1,000,000
8. Worst-Case Scenario: What If We Were Hacked?
Even in the unlikely event of a server breach:
An attacker still could NOT:
- Send emails
- Delete emails
- Modify emails
- Access passwords
- Access calendars/contacts
- Access inbox/sent without rewriting code + bypassing failsafe + avoiding detection
What they could access:
- Only spam emails fetched during the last 7 days
- Only stored metadata (subject/body preview)
- Encrypted OAuth tokens (would still require code execution path)
To access inbox or sent, an attacker would need to:
- Breach the server
- Access the encrypted OAuth token
- Rewrite the application code
- Bypass the spam-only failsafe
- Execute unauthorized Gmail queries
- Avoid detection by Google OAuth monitoring
- Avoid triggering our own internal anomaly alerts
This is a multi-stage, high-effort, high-risk chain involving detection points at every step.
This layered defense makes inbox compromise extremely unlikely.
9. Third-Party Security
We only share data with vendors essential to providing the service:
- Google & Microsoft (OAuth, email access – they already store your email)
- Anthropic (AI evaluation; no retention; SOC 2)
- SendGrid (sending notifications; SOC 2)
- DigitalOcean (hosting; SOC 2)
- Stripe (billing; PCI DSS Level 1)
10. You Stay in Control
- Export your data anytime
- Disconnect anytime
- Delete your account anytime
- Everything automatically permanently removed within 7 days
Need to Talk Security?
We're always available to answer technical questions — including from IT teams, CTOs, and security officers.