Security, Privacy & Compliance

We pledge to keep your data secure, follow security best practices, and never sell or share your data with any third party.

SOC 2 Type 2, GDPR and CASA Tier 2 / Tier 3 compliance

As of April 1, 2024, we are proud to announce our compliance with the AICPA SOC 2 Type 2 standards, ensuring that our systems and processes meet rigorous criteria for security.

Additionally, we adhere to the EU’s GDPR compliance checklist for US companies, affirming our commitment to data protection and privacy for our international users.

Furthermore, Bardeen meets the stringent requirements of Tier 2 and Tier 3 of the Cloud Application Security Assessment (CASA) as defined by the App Defense Alliance, built upon the industry-recognized OWASP Application Security Verification Standard (ASVS).

Your App Data

We’ve designed Bardeen so that your app data is only persisted in your local browser cache. The data exchange happens directly between your browser and the integrated third-party application.

This allows us to keep our cloud infrastructure minimal and scalable, and your data safe.Bardeen doesn’t store data from connected applications (such as your calendar, email or any other) in the cloud. The data is persisted in the local browser storage, and never on our cloud servers (for Enterprise users-only with “Workflow Intelligence Platform” see the corresponding section bellow for more details). No third-party or website can access information stored in your browser unless someone compromises your computer itself.

If you are using our paid services, and chosen to run your Automations or Autobooks even when your browser is closed, then part of your automations would be running on our server infrastructure. In this case, an instance of Bardeen would be created every time your automation condition is met (eg. when an e-mail arrives) in order to run your playbook (eg. send me a slack message). Contrast to your browser Bardeen instance, a cloud instance of Bardeen has no storage capabilities, meaning that once your playbook has finished running, all of your data are erased.

To allow you to access your automations and account settings from different browsers, we store the following data on our servers:

Your connected apps & and configurations to access them
Your custom Playbook and Autobook data

This information is securely exchanged between your client and our servers using industry-standard technologies and protocols.

Deleting account and removing all data

We hate to see our users go. You can remove all your data from Bardeen with a few clicks from the settings page. Learn more here.

What information do we collect?

To build a product that people love, we need to understand how our users use it.We collect basic information such as how many active users we have, Playbooks people use, and the errors that happen to fix them.

The usage information we collect does not include any user data.

For example, we may store the fact that a user ran a Playbook that saves events from Google Calendar to Notion. But none of the  information about the event itself (like subject, date, participants, etc) or data related to Notion (name of the database, column names in the database etc.) is ever collected.

We use Amplitude to store usage and telemetry information (number of Playbooks and Autobook executions, integration activation, etc).

We use Stasig for A/B testing and dynamic configuration.We use Sentry to store anonymized error and crash reports.  

For more detailed information, please visit our Privacy Policy page or contact us.

Workflow Intelligence Platform (Project ‘Synthesis’)

Please note that the Workflow Intelligence Platform (Project Synthesis) is an enterprise-only feature available exclusively to customers within our highest subscription tier, ensuring dedicated security resources and enhanced protection for your mission-critical automation needs.

Bardeen's Workflow Intelligence Platform operates within our comprehensive security framework, ensuring your workflow data remains protected throughout the observation, understanding, and automation processes.

All workflow event streams captured during the observation phase are handled with the same SOC 2 Type 2 compliant infrastructure that powers our core platform.

Like all Bardeen services, Synthesis employs TLS 1.2 for in-transit data protection and 256-bit AES encryption for data at rest. 
The data derived from observed browser interaction data is processed securely to create meaningful workflow patterns while maintaining strict privacy controls.

The custom-tailored AI agents created through Synthesis inherit the same stringent security controls that govern our automation platform, ensuring your automated workflows maintain confidentiality, integrity, and availability.

Workflow data collected by Synthesis is never sold or shared with any third party, aligning with our core security pledge and GDPR compliance standards.

Permissions that the extension requires

Bardeen uses the following Chrome Extension Permissions only for the purposes described.

webNavigation
This permission is required for implementing a custom OAuth authentication flow that is required by a number of integrations (such as Google Mail, Google Drive, Google Calendar, Google Sheets, Zoom and Slack) supported by Bardeen.
unlimitedStorage
The extension provides options for interacting with data-intensive services such as Google Drive, Google Sheets , Airtable and others. As such it is often required to store data in the local browser storage, the default storage cap of 5MB is sometimes not enough for storing/caching data from those services.
notifications
Bardeen has commands for displaying browser notifications. It is convenient for time-sensitive things like joining meetings. We will only display a notification if a user invokes a corresponding Playbook or has enabled an Autobook that displays a notification
activeTabs and tabs
These are required for being able to manipulate browser tabs (close/open/switch), for capturing snapshots (like when a user wants to create a pdf or a png of the tab) as well as for implementing scraper features (like background scraping)
history and bookmarks
Bardeen reads browser bookmarks and history to provide relevant and in-context Autobook and Playbook suggestions for the user. All the matching and suggestion generation always happens locally inside the user’s browser and the data never leaves the browser.
contextMenu
Bardeen allows users to create and assign custom workflows to the browser context menu. This way, when a user right clicks on a page while browsing they can see an automation that they would like to invoke right there. See an example here.
host permission
This is needed for being able to lay over Bardeen UI over the web page that the user is browsing. This is essential for being able to run the web scraper and helps the users to stay in the flow and avoid switching tabs.

Encryption and other information

Bardeen uses TLS 1.2 for securing in-transit data as well 256-bit AES encryption at rest on our cloud infrastructure.
Infrastructure as code: all our infrastructure services are deployed using declarative configuration, all changes are versioned and stored.
All code changes undergo a peer-review.
The code is automatically scanned for known security vulnerabilities and patches are applied in a timely manner.

Security contact

Please send any security related information or inquiries (including vulnerability disclosures) to security@getwiq.ai

SOC 2 Type II certified
Ensure peace of mind knowing your data is protected by the industry's strictest security standards.
© Copyright 2025 WIQ by Bardeen Inc. All rights reserved.
Privacy Policy
Security & Privacy
Terms of Service
Cookie Policy
Cookie Policy
By clicking “Accept”, you agree to the storing of cookies. View our Privacy Policy for more information.
AcceptDenyPreferences