---

​

Overview

Micro is built for founders and investors who share sensitive information — deal flow, fundraising conversations, hiring decisions, and more. Security and privacy are foundational to how we build the product.

---

​

Authentication

Micro uses Clerk for authentication. You can sign in with Google or email — no passwords are stored by Micro.

• Session security — httpOnly, secure cookies with strict same-site policies
• Google OAuth — Used to connect Gmail and Google Calendar. OAuth tokens are stored separately from your main data in encrypted storage.
• Security headers — All API requests are protected with industry-standard security headers via Helmet

---

​

Encryption

• In transit — All data is encrypted using HTTPS/TLS. Insecure connections are automatically upgraded.
• At rest — All data is encrypted at rest using AWS default encryption (AES-256) across databases, file storage, and token storage.

---

​

Infrastructure

All Micro infrastructure runs on Amazon Web Services (AWS):

• Database — PostgreSQL on AWS RDS with automated backups
• File storage — AWS S3 for files and email data
• Token storage — AWS DynamoDB for OAuth credentials (isolated from main database)
• Job processing — AWS SQS for background tasks
• Region — US-based infrastructure

---

​

Email Privacy

Email body content is never shared with your teammates. You control what metadata is visible through per-account sharing settings in Settings → Connected Accounts:

---

​

AI & Your Data

​

No training on your data

Your data is never used to train AI models. Our AI providers (Anthropic, OpenAI, Google) do not use API customer data for model training under their standard API terms.

​

When AI accesses your data

The AI assistant only accesses your data when:

• You ask it a question or give it a command
• AI Autofill runs on a property you’ve enabled it for
• Meeting summaries are generated from recordings you’ve opted into

​

Automation scoping

AI Autofill, Auto-Add, and other automations run based on your connected account’s activity — your emails, your calendar, your meetings. They do not run based on your teammates’ activity, even on shared lists. Each team member’s automations run independently.

​

AI Providers

---

​

Compliance

• CASA Tier 3 — Certified by Google. This is Google’s Cloud Application Security Assessment, a third-party security audit required for apps that access Gmail and Google Calendar data.
• GDPR — We acknowledge and support EU data rights including access, correction, erasure, portability, and objection.
• CCPA/CPRA — California residents have rights under the California Consumer Privacy Act.
• SOC 2 Type II — If your organization requires SOC 2 compliance, please contact us at support@micro.so.

---

​

Google Permissions

When you connect Gmail and Google Calendar, Micro requests the minimum permissions needed:

• Read email — To display and search your inbox
• Send email — To send and reply from within Micro
• Modify email — To archive, label, star, and mark as read/unread
• Read calendar — To display events and enable meeting features

Micro does not request permission to permanently delete emails.

---

​

Sub-Processors

The following third-party services process user data as part of the Micro platform:

---

​

Data Deletion

To delete your account and all associated data, contact us at support@micro.so. We will process your request in accordance with applicable data protection laws.

---

​

Legal Documents

• Privacy Policy
• Terms of Service

---

For security questions or to report a vulnerability, contact support@micro.so.