Security & Privacy

We take your data security extremely seriously. Shortwave is designed from the ground up to securely handle your most sensitive business data including important emails, attachments, and more.

Before Shortwave, our engineering team built high security, high reliability data systems at Google Cloud. We have a lot of experience building and operating cloud products that handle mission-critical data.

CASA Tier 2 compliance & annual audit

Shortwave has been reviewed by third-party security auditors to ensure it complies with strict security requirements. To maintain this verification, Shortwave undergoes an annual security audit. You can read more about CASA (Cloud Application Security Assessment) here.

Google verification

Shortwave has been approved by Google and is compliant with Google's API Services User Data Policy, including its guidelines for sensitive data and its Additional Requirements for Specific Scopes. Shortwave’s app is also approved for listing in the Google Workspace Marketplace.

Google Advanced Protection

Shortwave works with Google’s Advanced Protection program. You can authorize Shortwave for your organization by following the instructions here.

All data securely stored in Google Cloud

All Shortwave data is stored in Google Cloud’s highly secure & compliant data centers. Stored data is encrypted at rest using AES256 and encrypted in transit using TLS 1.2+. We employ a “defense in depth” philosophy where every system is protected by multiple layers of security, including at the network, service, and application levels.

Sub-processors

No customer data is ever shared with other parties except as necessary to provide our service, and we keep both the sub-processors we use and the data we send to them to an absolute minimum. Currently, besides Google Cloud, we only use OpenAI, Anthropic, and Pinecone.

The vast majority of our AI workloads use open source models that run on hardware we control.

No third-party LLM training

Your data will never be used to train third-party LLMs.

Audit logging

Access to customer data is very tightly controlled internally and all access is audit logged to ensure compliance. No customer data is ever accessed by an employee without explicit customer permission. All employee data access requires multi-factor authentication using hardware security keys.

SOC 2 Type II & GDPR compliance

If your organization requires SOC 2 Type II or GDPR compliance, please contact our sales team at sales@shortwave.com.

Deleting your account & data

If at any time you wish to delete your account and all associated data, you can do so by following the instructions here.

Privacy Policy & Terms of Service

For additional information about our privacy practices and terms of use read our Privacy Policy and Terms of Service.