Security & privacy

Your brain. Only yours.

Lookout holds the operating memory of your company. It is built so that memory belongs to you — private by architecture, not by policy. Here is exactly how.

These describe how Lookout is architected. It's in private beta; we'll only ever claim a control once it's true by construction.

You, and only you

Every row of memory is isolated at the database with Row-Level Security. A query always runs as you — cross-user access is structurally impossible, not just discouraged. Even a bug in our own code can't return another founder's brain, because the database refuses it.

No long-lived secret to leak

Connection is OAuth 2.1 + PKCE — the same standard as any modern connector. There is no API key sitting in a file on your disk. Access tokens are short-lived and scoped to your memory; revoke them from the web in one click.

Encrypted source credentials

The tokens for Fireflies / Otter / your calendar are envelope-encrypted at rest and are only ever used by backend ingestion — they are never handed to the tool surface your Claude Code talks to, and never rendered back to you.

CEO / org visibility, honestly

When Teams ships, an admin can see the team's shared memory — never anyone's private memory. It's disclosed at join and every access is audit-logged. Consent is the product.

Everything is logged

Every recall and every action is audit-logged with what was called, when, and by whom — so there's always a record you can inspect.

How the connection works, end to end

Claude Code discovers Lookout as an OAuth-protected resource, registers as a client, and runs a PKCE authorization flow with a browser consent you approve. It receives a short-lived access token scoped to your memory. Every tool call is verified, re-derives your identity from the token (never from arguments), and is checked against the database's row-level policies before any data is touched. Nothing extractable is stored on your machine.