Privacy, Security & Data Access
What data does Ada have access to?
Ada has access to:
The user's meeting transcripts, summaries, action items, and key decisions from Read AI — this is Ada's core knowledge base and requires no additional setup beyond having Read AI capture meetings
The user's calendar (for scheduling)
Email history, chat messages, documents, and CRM data via Ask Read integrations (20+ native integrations) — only if the user has set up Ask Read
The user's preferences/memory (stored from natural language instructions)
Ada can only access content from people who are already on the email thread and have opted in to Read AI.
How does Ada protect against spoofing or unauthorized access?
Ada verifies email identity using SPF, DKIM, and DMARC. A person cannot send an email pretending to be another person and get Ada to respond. If email authentication fails (SPF/DKIM/DMARC failure), messages may be dropped or the user may be notified via a sidebar.
Is Ada SOC 2 and HIPAA compliant?
Read AI is SOC 2 Type 2 compliant and Ada operates within Read AI's security framework. Data protection includes TLS for all external communication, KMS encryption at rest, and encrypted databases.
Ada is not available for users in a HIPAA workspace. While they can be on an email thread with Ada, it will never access their content, so Ada would effectively treat them as non-Read users.
Does Read AI train on customer data?
No. Read AI is opt-out by default and does not train models against customer data unless customers explicitly opt in to the Read Customer Experience Improvement Program.
Can someone on an email thread who is NOT a Read user see my private data through Ada?
No. Ada will never share your private information with others without your explicit confirmation via the sidebar approval flow. Ada can only access content from authenticated participants on the thread who have opted in.
The Sidebar
You might wonder if Ada will ever communicate on your behalf without checking with you first. To answer that, we will talk about the Sidebar, Ada's approval mechanism.
Before sending any email that shares potentially sensitive information or content generated from Ask Read, Ada moves the conversation out of the public thread into a private, direct email with the user (the "Original" or "OG"). In this sidebar, Ada shows a draft and asks for approval before sending.
When does Ada use the sidebar?
Ada uses the sidebar for:
Any interaction outside of scheduling that involves sharing content from the user's knowledge base
Ask Read-generated responses — Ada never responds with content from your transcripts, documents, or connected data without showing you the draft first
Situations where Ada is uncertain about the appropriate response
NOTE: For straightforward scheduling interactions (proposing times, confirming meetings), Ada typically acts directly without sidebaring.
Can Ada ever respond without user approval?
Ada has a hard constraint: it cannot respond with content without the user's explicit approval. For scheduling-only interactions (proposing times from the user's calendar), Ada can respond more autonomously. But the core rule is: Ada can never share private content (transcripts, emails, chats, etc.) without showing you a draft and getting approval first.