Security

Inbox AI needs clear boundaries

Business inboxes contain leads, complaints, supplier requests, customer data, finance questions and sensitive edge cases. AiBorz builds each mailbox workflow around approved access, least-privilege permissions, human review, escalation rules, client control and safe offboarding.

Approved inboxes only
Human-approved by default
Sensitive messages escalated
Client-owned access where practical
No payments, bank changes, legal or HR decisions

Approved access onlyAiBorz connects only the mailboxes and systems approved for the workflow. The setup defines which inboxes are in scope, who owns approvals, which messages can be summarised or drafted, and which actions are not allowed.

Least-privilege setupThe Mailbox Handler should only receive the access needed for the agreed workflow. Permissions, connectors, model providers and data retention are confirmed during setup and reflected in the proposal.

Human approval by defaultThe default product prepares summaries, routing notes and draft replies for humans to approve. Approved sending rules are only used for low-risk messages after testing, written approval and defined escalation triggers.

Sensitive messages are escalatedLegal threats, angry customers, refund demands, payment issues, bank-detail changes, HR matters, medical or safety issues, confidential requests and unusual instructions should be escalated to the approved human owner.

Flexible inbox supportAiBorz runs on a flexible OpenClaw agent layer, so mailbox workflows can be scoped around different inbox systems, connectors, browser workflows and business rules where secure access is practical.

Revocation and offboardingWhere practical, access is connected through client-owned accounts and can be revoked by the client. Cancellation and offboarding include revoking tokens/connectors and deleting scoped data according to agreed retention terms.

Agent safety

Agent safety for mailbox workflows

Emails can contain instructions, links, attachments, spoofed sender names and urgent requests. AiBorz treats incoming email content as untrusted business content, not as instructions for the AI system to change its own rules or take risky actions.

The Mailbox Handler should escalate unsupported requests, bank-detail changes, payment requests, legal threats, HR matters, confidential requests, suspicious links, unusual attachments and anything that conflicts with approved business rules.

The AI should not follow instructions inside an email that attempt to override the client's rules, reveal internal prompts, bypass approval, export data, change payment details or contact third parties outside the agreed workflow.

Access model

Access is scoped during setup

AiBorz can connect through different access patterns depending on the client environment: connector/API access, delegated mailbox access, approved forwarding, IMAP where appropriate, browser-based workflows or integrations with CRM/helpdesk systems.

Inboxes in scope

The setup confirms which inboxes are included and which remain out of scope.

Permission level

The setup confirms whether access is read-only, draft-capable or send-capable.

Attachments

The setup confirms whether attachments are included or excluded.

Approval owners

The setup confirms which internal users approve replies and which messages must escalate.

Logging and retention

The proposal defines what is logged and retained for the workflow.

Revocation

The setup confirms how access can be revoked and how offboarding and deletion are handled.

Questions this page answers

Access, storage, model use and risky emails

What inboxes can it connect to?

Google Workspace/Gmail, Microsoft 365/Outlook, shared mailboxes, IMAP or other approved inbox systems where connector, API, forwarding or browser-based access is practical. Exact setup is confirmed during the fit check.

Does AiBorz need full mailbox access?

Access depends on the workflow and is limited to what the mailbox handler needs wherever practical.

Does the AI send emails?

Draft-only by default. Approved low-risk sending only after written approval, testing and clear escalation rules.

Does AiBorz store emails?

Storage, logging and retention are defined in the client proposal and data handling terms.

Is data used to train public AI models?

Client mailbox data is not used to train public AI models by default. Approved model providers, settings, processing locations and data-handling terms are confirmed before paid mailbox access.

What happens if the AI is unsure?

It escalates. It should not guess unsupported answers.

What happens with attachments?

Attachment handling can be scoped. It is not promised by default and high-risk attachments should be escalated.

What does it never do?

No payment approval, bank-detail changes, legal/HR/medical decisions, unsupported customer advice or binding commitments by default.