Security & Trust
Last Updated: December 2025
Protecting your data — and your clients' privacy — is the foundation of our platform.
This page explains, clearly and transparently, what we access, what we never access, how we secure it, and what protections exist even in a worst-case scenario.
We designed Found Opportunity for real-estate professionals who rely on confidentiality, speed, and accuracy — including agents dealing with VIP, high-net-worth buyers and sellers. Our approach is simple:
For IT & Security Teams
We've prepared a detailed security questionnaire you can review or share internally:
📄 Download Found Opportunity Security Questionnaire (PDF)
Last updated: December 7, 2025 • Version 1.0
Need a completed vendor form, DPA, or additional documentation? Email support@foundopportunity.com
1. What We Access (and Why)
Found Opportunity uses OAuth to connect to Gmail or Outlook so we can scan only your spam folder and alert you when a valuable lead ends up there.
We Access:
- Emails in your spam/junk folders only:
- Gmail: messages labeled
SPAM - Outlook / Microsoft 365: folders named "Junk Email" or "Junk"
- Gmail: messages labeled
- Sender name and email address
- Subject line
- A short body preview (approximately 300 characters) for opportunity detection
- Date/time received
This is the minimum required to detect renter inquiries, buyer leads, referrals, and FSBO messages that were incorrectly flagged as spam.
We Do Not Access:
- Inbox
- Sent mail
- Drafts
- Trash
- Contacts
- Calendar
- Your login password (you never share it with us)
Our code never queries or processes any folder except spam/junk (Gmail SPAM and Outlook "Junk Email"/"Junk").
2. Why You Can Trust That We Only Access Spam
Gmail and Outlook do not provide a "spam-only" permission level — the API technically allows reading all folders — so we provide multiple layers of protection:
Code-Level Enforcement (Primary Protection)
For Gmail, every email query includes:
For Outlook/Microsoft 365, every email query is restricted to folders where:
This guarantees we only fetch spam/junk emails. There is no code path that queries inbox or sent mail.
Failsafe / Circuit Breaker
A separate guard runs before every scan:
- If a query ever returns a non-spam email → halt immediately
- Block further scanning
- Send internal alert
- Require manual release after investigation
Google Oversight (CASA Tier 2 Certified)
Google's OAuth verification process includes ongoing compliance requirements. Apps that deviate from declared permissions risk having OAuth access revoked. This provides external accountability alongside our internal controls.
We have been verified through TAC Security's CASA Tier 2 assessment. This is the same level used by major SaaS tools that connect to Gmail.
Legal & Contractual Protection
Our Terms of Service contractually guarantee:
Privacy-by-Design Architecture
- No employee can view your full inbox.
- Admin panel shows only anonymized subject lines + truncated previews, never tied to your identity.
- No matching of opportunities to agent email addresses.
3. Read-Only Permissions = We Cannot Send or Modify Email
Our OAuth scope is gmail.readonly / Mail.Read.
This means:
We can only read spam messages — nothing else.
4. What Happens If You Disconnect
You can disconnect anytime:
- From your Found Opportunity dashboard
- From Google/Microsoft security settings
Once disconnected:
- Your OAuth tokens are deleted from our database and become invalid immediately
- All scanning stops; we can no longer access your email
- Existing opportunity records continue to follow our standard 7-day retention window from the time they were created, then are deleted automatically
- To remove all opportunity data and processed email identifiers immediately, you can also delete your Found Opportunity account, which deletes active records right away (backups then purge within ~7 days)
5. Data Handling & Auto-Deletion
We Store (for 7 Days Only):
- Sender (email address encrypted at rest)
- Subject line
- A short body preview (approximately 300 characters)
- Opportunity classification metadata (why we think it's relevant)
- Timestamp and technical identifiers (e.g., email message ID)
We Also Store:
- Hashed message IDs for emails we've processed, so we can:
- Avoid scanning the same spam multiple times
- Enforce spam/junk-only access logic
- These hashes persist while your account is active and are deleted when you delete your account
We Never Store:
- Attachments
- Full email bodies
- Non-spam folders
- Entire message history
Opportunity data is automatically deleted after 7 days.
6. Encryption & Infrastructure
Encrypted At Rest and In Transit
- HTTPS (TLS 1.2+) everywhere
- OAuth tokens encrypted using Fernet symmetric encryption
- Passwords hashed with bcrypt + salt
- Database not exposed to the internet
- All scans and tokens encrypted end-to-end
Hosted on DigitalOcean (SOC 2, ISO 27001)
- NYC3 datacenter
- Daily backups
- Firewalls + access control
- Only essential ports opened (SSH, 80, 443)
7. Security Monitoring & Controls
- Strong authentication for user logins, including magic-link (passwordless) verification
- 2FA required for admin and infrastructure access (e.g., DigitalOcean, GitHub), with SSH key-only access to servers
- SSH key-only server login (no password-based SSH)
- UptimeRobot external monitoring
- Intruder.io vulnerability scanning (continuous)
- Automated security updates
- Cyber liability insurance: $1,000,000
8. Worst-Case Scenario: What If We Were Hacked?
Even in the unlikely event of a server breach:
An attacker still could NOT:
- Send emails
- Delete emails
- Modify emails
- Access passwords
- Access calendars/contacts
- Access inbox/sent without rewriting code + bypassing failsafe + avoiding detection
What they could access:
- Only spam emails fetched during the last 7 days
- Only stored metadata (sender, subject, ~300-character body preview, classification, timestamps)
- Encrypted OAuth tokens (would still require code execution path)
To access inbox or sent, an attacker would need to:
- Breach the server
- Access the encrypted OAuth token
- Rewrite the application code
- Bypass the spam-only failsafe
- Execute unauthorized Gmail queries
- Avoid detection by Google OAuth monitoring
- Avoid triggering our own internal anomaly alerts
This is a multi-stage, high-effort, high-risk chain involving detection points at every step.
This layered defense makes inbox compromise extremely unlikely.
9. Third-Party Security
We only share data with vendors essential to providing the service:
- Google & Microsoft – OAuth and email access (they already store your email as your provider)
- Anthropic (Claude) – AI evaluation of spam/junk emails; no long-term retention, per API terms
- SendGrid – Sending account emails, notifications, and security alerts
- DigitalOcean – Hosting, managed PostgreSQL database, and encrypted backups
- Stripe – Billing and subscription management (we do not store full card numbers)
- UptimeRobot – External uptime and health monitoring for public endpoints
- Intruder.io – External vulnerability scanning and security assessments
- Namecheap – Domain registration and DNS hosting (website/DNS logs such as IP addresses and user agents)
- Apple – iOS app distribution and push notifications via APNs
- Google (Play Store + FCM) – Android app distribution and push notifications via Firebase Cloud Messaging
We minimize the data shared with each provider and do not sell user or email data.
10. You Stay in Control
- Export your data anytime
- Disconnect anytime
- Delete your account anytime
When you delete your account, active records (account data, opportunity data, processed email hashes) are deleted without undue delay (typically within seconds), and any remaining copies in encrypted backups are overwritten as backups rotate (within approximately 7 days).
Need to Talk Security?
We're always available to answer technical questions — including from IT teams, CTOs, and security officers.