Encryption in transit
Traffic between your browser, dolv and connected providers travels over encrypted connections, so data is protected on the wire — described as a practice, not a certification.
trust & data handling
dolv security, in plain terms
dolv security comes down to a few honest practices: scoped, least-privilege OAuth, human-in-the-loop approvals so nothing consequential happens without you, grounded data that stays yours, and encryption in transit — with the power to revoke any integration anytime. Described as practices, not certifications.
The AI does the heavy lifting — you stay in control of the moment it acts. dolv it.
the approach
We lead with practices, not badges
Is dolv secure? We don't open with certifications we don't hold — we open with how the product actually behaves. Request the least access we need, keep your company context grounded rather than leaked to the open web, and keep a human in the loop for anything that leaves your account. These are the security practices that shape the whole command center.
Least-privilege OAuth
Each integration requests only the OAuth scopes a feature needs — never blanket access to your accounts. The provider consent screen shows exactly what is requested.
Human-in-the-loop
External and irreversible actions are prepared and queued, never auto-sent. An approval gate stands in front of anything that leaves your account.
Grounded, contained data
Your company profile, playbooks and knowledge ground your own AI. They are not sold and not used to train third-party models — grounding is a privacy posture too.
Capped, logged agents
Configurable agents inherit the same approval gate and grounding, run with a $250/mo budget cap, and write every run to history — so autonomy stays bounded and auditable.
Revoke anytime
Disconnect any of the 20 read + write integrations from inside dolv, or revoke directly at the provider. Once revoked, dolv can no longer call that tool on your behalf.
human-in-the-loop AI safety
A human in the loop, by design
dolv executes real work — but anything external or irreversible is prepared and queued, never auto-fired. Sending an email, publishing a page, posting to LinkedIn: each is drafted, then waits in the Approvals inbox. Nothing leaves the building until you approve it.
You hold the gate — approve, edit, reject or discard each prepared action. Outbound and irreversible actions are exactly the ones that wait for you, and completed actions land in run history so there's a record of what ran. See it end to end in how it works, or watch grounded AI act in AI agents.
least-privilege OAuth integrations
Only the scopes a feature needs
When you connect a tool, dolv requests only the OAuth scopes that feature needs — never blanket access to your accounts. Across our 20 read + write integrations — Google Workspace, Microsoft 365, GA4, Search Console, Ahrefs, LinkedIn and more — least-privilege is the rule, and you can see exactly what's requested on the provider's consent screen.
To do the work you ask for, dolv sends your prompt, the knowledge you've selected and relevant integration data to LLM providers acting as processors under confidentiality terms — they run the request, they don't own your data. AI output can be imperfect, which is exactly why approvals exist: model results are a draft until a human reviews them. Our use of Google user data follows the Google API Services User Data Policy, including its Limited Use requirements. See the full integrations list and our Privacy Policy.
grounded, not generic
Your context stays yours
dolv grounds every answer in your company profile, playbooks and knowledge — so the AI works from your business, not the open web's average. That same grounding keeps your context contained: it isn't sold, and it isn't used to train third-party models.
Grounding is a privacy posture as much as a quality one — your data powers your AI, not someone else's training set. The same grounding feeds funnel intelligence, the correlation engine and multi-touch attribution, so the reads you act on stay tied to your real context. See how it works on grounded AI.
data protection
Honest measures, and an honest caveat
We use technical and organizational measures — encryption in transit, scoped access and least-privilege permissions — to protect your data. We're also plain about the limit: no method of transmission or storage is ever 100% secure. That candor is part of the practice. Here's where to go deeper.
Privacy Policy
How we collect, use and protect your data — and how Google Limited Use applies.
Grounded AI
Why your company context grounds your own AI — contained, not sold, not training data.
Integrations
The 20 read + write connections, each with least-privilege OAuth you can revoke anytime.
disclosure
Email security@dolv.work Report a security issue
Found something? We want to hear about it. Email security@dolv.work with enough detail to reproduce the issue, or reach the team through the contact page. We take reports seriously and will respond.
questions
Security, answered
Whether your data is safe, what the AI can and can't do without you, and how to control access.
Is my data safe with dolv?
dolv is built around a few clear practices: traffic moves over encrypted connections (encryption in transit), each integration uses least-privilege OAuth scopes, access is scoped to what a task needs, and consequential actions are gated by human approval. We describe these as practices, not certifications — and, honestly, no method of transmission or storage is ever 100% secure. For the full picture, see our Privacy Policy, which covers how we collect, use and protect your data.
Can the AI send emails or post without my approval?
No. External or irreversible actions — sending an email, publishing a post, posting to LinkedIn — are prepared and queued, not auto-sent. They move through the action queue: prepared → approved → executing → done. Nothing leaves your account until you approve it in the Approvals inbox, so a human is always in the loop for anything consequential.
What OAuth permissions does dolv request?
dolv requests only the OAuth scopes a given feature needs — least-privilege by design, not blanket access to your accounts. When you connect Google Workspace, Microsoft 365 or another provider, the consent screen shows exactly what is being requested. Our use of Google user data follows the Google API Services User Data Policy, including its Limited Use requirements.
Can I revoke a connected integration?
Yes. You can disconnect any integration from inside dolv, and you can also revoke access directly at the provider — for example in your Google Account or Microsoft account security settings. Once revoked, dolv can no longer call that integration on your behalf.
Does dolv use my data to train AI models?
Your company context — profile, playbooks and knowledge — is used to ground your own AI inside dolv. It is not sold, and it is not used to train third-party models. Prompts, selected knowledge and integration data are sent to LLM providers acting as processors under confidentiality terms so the model can do the work you asked for. Read more on the grounded AI page and in the Privacy Policy.
How do I report a security vulnerability?
Email security@dolv.work with the details, or reach us through the contact page. We take reports seriously and will respond. Please give us enough detail to reproduce the issue.
See dolv work — with you in the loop
Scoped OAuth, encryption in transit, and human approval on everything that leaves your account. Connect your stack and watch grounded AI run real work, safely. Don't just plan it. dolv it.