Outpost
Sign inGet started

Trust & Data Handling

Last updated: May 30, 2026

Outpost is a product of LaunchWings. This page describes the sub-processors we use, the commitments we make about your data, how quickly we delete it, and the OAuth scopes the deputy requests. It is written to match what the product actually does, not what we hope to do later.

We do not train on your data.Your Slack, Linear, and GitHub content, and any drafts the deputy produces, are never used to train, fine-tune, or improve any model — ours or a sub-processor’s. We send your content to LLM providers only to draft the workflows you asked for (weekly customer status and eval-failure triage), and only for the duration of that request. Nothing is shared across customer-engagements or across customers of Outpost.

Sub-processors. Outpost relies on the following sub-processors. Each receives only the data needed for its function:

  • Anthropic— LLM inference for the deputy’s drafting and triage reasoning.
  • OpenAI — text embeddings only (text-embedding-3-small), used to give the deputy per-engagement memory. We do not use OpenAI for generation.
  • Neon — managed Postgres where engagement memory, drafts, and audit logs are stored.
  • Vercel — hosting for the Outpost web application.
  • Supabase — authentication (sign-in and session management).
  • Stripe — subscription billing. Stripe receives billing contact and payment details, never your workspace content.

We do not sell your data to third parties. Self-host installs may point inference and embeddings at their own OpenAI-compatible or Anthropic-compatible endpoints, in which case those sub-processors are replaced by the customer’s own infrastructure.

Deletion SLA — 30 days.When you archive a customer-engagement, the deputy’s memory and audit data for that engagement are purged within 30 days. A scheduled job runs every day at 02:00 UTC, finds engagements archived more than 30 days ago that have not yet been purged, and deletes their memory and audit rows in a single transaction. The job is idempotent — once an engagement is purged it never re-appears. You can also request deletion at any time via the contact email below.

Least-privilege OAuth scopes. Outpost requests only the scopes each workflow needs and no more. For Slack, the bot requests: channels:history, channels:read, chat:write, chat:write.public, team:read, users:read, and users:read.email. These let the deputy read the channels you grant it and post the drafts you approve — nothing else. Adding a scope requires an internal architecture decision record; we do not request broad grants speculatively.

Authentication & SSO. Today, sign-in is handled through Supabase using email and supported OAuth providers. SAML and SCIM-based enterprise SSO are not available in the current version — we would rather state that plainly than imply a capability we do not yet ship. If enterprise SSO is a requirement for your team, contact us and we will share our roadmap.

Security. Data is encrypted in transit and at rest. Deputy actions are audit-logged and exportable on request. The deputy drafts; your FDE approves — Outpost does not take autonomous customer-facing actions.

Contact. Questions about our data handling, or to request access, export, or deletion, email akash@lyric.tech.