Our customers, friends, and families, use Obie every day. They trust him and rely on him to provide value without compromising security. That’s why the Obie.ai team went the extra steps to ensure Obie is an approved bot in the Slack app directory. This means that he has been cleared by Slack for privacy compliance, security standards, and usability. In addition, he is one of the highest-ranking bots in the Slack app directory, and categorized as a “Brilliant Bot”.
All communication to/from Obie is transmitted over HTTPS, and any data stored is encrypted at rest. Passwords are never, and can never, be decrypted. They are stored as a one-way SHA-256 hash.
Obie and his associated resources are hosted with trusted providers including Microsoft Azure and Amazon Web Services (AWS). They’re among the top hosting providers in the world - used by companies like Atlassian, Pinterest, Airbnb and of course, Slack.
All data you enter into Obie remains yours, and the Obie.ai team is committed to ensuring that your data is kept safe and confidential. We do not copy or clone your documents in any way.
Obie does store some data on our servers. He collects answers you store via chatting with him, and in the Dashboard as 'Books' 'Pages' & 'Responses'. For third-party providers, file metadata such as ID and title is stored. Your authorization tokens for any third parties are also collected, which allow Obie to search, but come with strict restrictions (see Third-Party Applications below).
No machines can access the Obie.ai database except our own server and the dashboard server. The database is restricted by IP address to those servers only, making any outside attack next to impossible without gaining access to the servers first.
Internally, only the Obie.ai engineers have access to these machines in the cloud, and each engineer’s account is protected with strict internal protocol, including 2-Factor Authentication.
When connecting Obie to third-party applications (such as Google, Evernote, DropBox, etc), he uses their respective APIs and only asks for the lowest available read-only permission-set afforded to him by the provider. These permission sets always have to be explicitly approved by the person connecting Obie.
The Obie.ai team has taken great care to ensure that users are unable to escalate their permissions on the dashboard, or any third-party platform, by interacting with Obie. He may bring back search results that not everyone on your team can access, but the third-party will verify whether that person has access to the document beyond the title. The third party will often prompt to "request access to the document" if the user does not have permission.
Obie and his team have the full intention to be around for the long haul. However, if he were to retire, his humans would give plenty of notice to all users, and provide an easy way to download all of your data in an open and widely supported format.
The Obie.ai team takes data security seriously. If you have any further questions or concerns about Obie's security, don't hesitate to reach out to firstname.lastname@example.org