Approve before autopilot
Test mode steps through a run one column at a time on your push. You review how each step behaves and sign off before any board runs on its own.
Trust & Security
Gizmo acts on accounts that spend money and talk to your customers. That's a responsibility we take seriously — here's exactly how we keep you in control and your data protected.
You stay in control
Autonomy is only useful when you can see it, steer it, and stop it. Every Gizmo workflow is built so a human is always in the loop where it counts.
Live, full audit trail
Every step, reasoning trace, tool call, and result is streamed in real time and persisted — a complete, reviewable record of what each agent did and why.
Reviewable outputs
Drafts and actions surface on the board so high-stakes steps get a human glance. Coaching feedback you give is saved and applied to every future run.
Scoped OAuth access
Connections use OAuth. Agents act only within the scopes you approve on each platform — never with your raw username and password.
Disconnect anytime
Unlink any integration in one click. Access stops immediately and the stored connection is removed.
Least privilege by default
Workflows request only the data and permissions a task actually needs — nothing more.
How we protect your data
Your credentials, your content, and your customers' information are handled with industry-standard safeguards at every layer.
Encrypted everywhere
Integration tokens are encrypted at rest with AES-256, and all traffic is encrypted in transit with TLS. Credentials are never stored in plain text.
We don't train on your data
We do not use your data — or your customers' data — to train AI models, and we don't sell personal information. Data is used to run your workflows, period.
Restricted access
Access to production systems is limited to authorized personnel and protected with strong authentication. We log and review administrative access.
Data minimization & retention
We request the minimum data needed and cache platform content only as long as reasonably necessary. You can request deletion of your account and data anytime.
Your rights, honored
Access, export, correct, or delete your personal information per our Privacy Policy and applicable law.
Breach response
If data accessed through Gizmo is ever compromised, we move quickly to investigate, contain, and notify affected parties and platforms as required.
Subprocessors
We work with a small set of trusted providers to operate the Service. Each is bound by confidentiality and data-protection obligations.
| Provider | Purpose | Data handled |
|---|---|---|
| Cloud infrastructure provider | Application hosting & storage | Account data, encrypted tokens, workflow content |
| Anthropic (Claude) | AI model processing | Workflow content needed to run a step |
| OpenAI (ChatGPT) | AI model processing | Workflow content needed to run a step |
| Connected platforms | Actions you direct (Shopify, Meta, Google, Etsy) | Only the data your workflows read or write |
Compliance & standards
We're committed to meeting the bar our customers and their platforms expect. Current status:
SOC 2 Type II In progress
GDPR & CCPA Aligned
Platform API terms Compliant
Encryption in transit & at rest Live
Built on the official APIs of Shopify, Meta, Google, and Etsy and operated within their terms, so your connected accounts stay in good standing.
Report a security concern
Found a vulnerability or have a security question? We want to hear from you. Email [email protected] and we'll respond promptly. Please give us a reasonable window to investigate and remediate before any public disclosure.