Postgate AI
Security & GDPR

Security model: delegated permissions instead of a shared service account.

AI access to Microsoft Exchange mailboxes without bending your permission model: every user only with their own permissions, content passed through without storage, hosted in Germany - with a DPA from day one.

The model

Six principles that make the difference

The same commitments are binding in the data processing agreement (Annexes 1 and 2) - this is the plain-language version.

Delegated permissions, no shared account

Every employee accesses their mailbox with their own existing Exchange permissions. There is no central service account with access to all mailboxes and no application impersonation - the classic “master key” simply does not exist in Postgate AI.

Transparent proxy - no storage

Mailbox content is processed only transiently for forwarding: no storage, no content logging. Only encrypted credentials and technical metadata (who, when, which function) are stored.

Encrypted credential vault

Exchange credentials are stored RSA-4096-encrypted in a vault in Germany. Cross-user isolation: nobody sees anyone else’s mailbox.

Tenant separation

Each organization runs a dedicated, hardened instance with its own configuration and data set - no shared environment with other customers.

Data location: Germany

Processing takes place exclusively in a German data centre (ISO 27001 certified operator). With a local AI model, even the entire processing can stay on your premises.

Controlled write access

Read functions run automatically; every write action (send email, create appointment) requires explicit confirmation by the user. Security-relevant events are audited without content.

The data flow, explained honestly

What happens to a request?

Your AI assistant sends a request to Postgate AI. Our server in Germany fetches the requested data from your Exchange with the permissions of the respective user and passes it through to the assistant you have chosen - like a transparent proxy, with TLS encryption on every route. After that, the process is over for us: no copy, no content log. Your mailboxes remain in your Exchange at all times; you decide which AI model processes the content - up to a fully locally hosted model.

FAQ

Frequently asked questions

Is it GDPR-compliant?

Yes. Processing takes place in Germany, and a data processing agreement (DPA) pursuant to Art. 28 GDPR is concluded directly during registration - including documented technical and organisational measures and a list of subprocessors. Registered users can access the agreement in the portal at any time.

Why is a service account with access to all mailboxes a risk?

An account with organization-wide mailbox access is a single point of attack: if it is compromised, every mailbox is exposed - and every action runs under the same identity, without per-person traceability. Postgate AI does without it entirely: delegated access per user, with their own permissions.

What data does Postgate AI store permanently?

Encrypted Exchange credentials (RSA-4096, vault in Germany), portal accounts (name, work email, password hash) and technical audit metadata without content. Mailbox content itself is neither stored nor logged - it stays in your Exchange.

Does the AI provider see our emails?

That is up to you: you choose the AI assistant and connect it to the service yourself - which model processes content is in your hands. With a locally hosted model (e.g. Ollama), no content leaves your environment. We do not operate an AI of our own.

Security your DPO will sign off on.

The DPA with TOMs and subprocessor list is concluded directly during registration - and the trial runs on exactly the model that applies in production.