Security

Your brain. Only yours.

Lookout holds the operating memory of your company. It's built so that memory belongs to you— private by architecture, not by promise. Here's exactly how.

No secret on your diskOnly your memoryRevoke anytime
01

You, and only you

Every memory is isolated at the database with Row-Level Security. A query always runs as you — reading another founder's brain is structurally impossible, not just against the rules. Even a bug in our own code can't leak across tenants, because the database refuses it.

02

No long-lived secret to leak

You connect with OAuth 2.1 + PKCE — the same consent flow as any modern connector. There's no API key sitting in a file on your machine. Tokens are short-lived, scoped to your memory, and revocable from the web in one click.

03

Encrypted source credentials

Your Fireflies, Otter, and calendar tokens are envelope-encrypted at rest and used only by backend ingestion. They are never handed to the tool surface your Claude Code talks to, and never shown back to you.

04

CEO / org visibility, honestly

When Teams ships, an admin sees the team's shared memory — never anyone's private memory. It's disclosed at join and every access is audit-logged. Consent is the product, not a setting.

Honest by default

We'd rather say “we don't know.”

Every recall traces to a real source moment; if nothing matches, Lookout says so instead of inventing your history. We don't fabricate metrics, logos, or answers. Lookout is in private beta — we'll only ever claim a control once it's true by construction. Read the technical detail in the docs.