HeyBob. ← Back to heybob.ai

How Bob is secured

Last updated: 7 July 2026

Bob gets write access to real systems, so this page states plainly what he can see, where he runs, and what stops him from doing something you didn't approve. Nothing below is aspirational marketing copy — it's what's actually built.

What Bob can actually access in Slack

These are the exact bot permissions Slack grants on install — pulled straight from the install code, not a marketing summary.

ScopeWhy Bob needs it
app_mentions:readSee when someone @mentions Bob so he knows there's a job to do.
chat:writePost Bob's replies, results, and receipts back into the thread.
chat:write.publicReply in a public channel even before Bob's been explicitly added to it.
files:writeAttach the files, spreadsheets, or reports a task produces.
files:readRead files you share with Bob so he can work from them.
channels:historyRead message history in public channels Bob's in, for context on a task.
channels:readSee the list and names of public channels, so Bob knows where he's been added.
groups:historyRead message history in private channels Bob's been added to.
im:historyRead prior direct-message context in a conversation with Bob.
im:readSee your list of DM conversations with Bob.
im:writeStart a direct message — onboarding notes, an approval prompt, a heads-up.
users:readSee workspace member names, so Bob can tell who asked and who approved.
commandsRespond to Bob's slash command, if you use it.

Bob only reads messages directed at him — an @mention or a DM — never your team's wider channel traffic beyond what these scopes allow.

Sandbox architecture

Every run gets its own isolated, disposable computer in the cloud — spun up fresh for that task and torn down after. Credentials for the tools you connect (your CRM, your ledger, your drive) never live inside that sandbox. They're held in a separate OAuth vault, encrypted at rest; the vault brokers the specific tool call a task needs, server-side, without ever handing the sandbox a copy of the token. A compromised or misbehaving run has nothing to steal.

Approval gates, default-on

Writes to systems of record — your CRM, your books, your docs — pause for a visible Approve/Deny button before they happen, by default. You can loosen or tighten what's automatic per tool and per action, but the default is a human in the loop, not an opt-in.

Audit log

Every run, every tool call, every approval, and every credit is logged and exportable. If Bob touched it, it's on the record — not a black box you have to trust.

Spend caps

Workspaces can set a hard monthly spend cap. You get a warning at 80% of it, and nothing runs silently past the ceiling.

No-training commitment

We do not use your data, prompts, or connected-tool content to train external AI models, and we don't sell your data. Full detail in the Privacy Policy.

Subprocessors

To run the product we rely on a small set of vendors: a cloud hosting provider, our AI model provider (Anthropic), a payments processor (Stripe), and an integration platform (Composio) that stores OAuth credentials for third-party apps you choose to connect through Bob's extended catalog. Under BYOK, your model tokens are billed directly to you by your model provider under your own agreement. We maintain a current subprocessor list and provide it on request.

BYOK & self-host

Bring your own model API key and your token bill goes straight to your provider at your negotiated rate — we never see it, so there's nothing for us to mark up. The Enterprise tier ships as containers for your own VPC, with offline license verification that degrades gracefully: an expired license stops new runs, it never bricks an existing deployment.

Compliance, honestly

We'd rather publish an accurate "in progress" than an overstated badge. This table reflects where things actually stand today.
ItemStatus
Encryption in transitTLS everywhere
Encryption at restYes, including the OAuth vault
Access to production systemsRestricted and logged
Training on customer dataNever
SOC 2 Type 1In progress — no target date yet

Questions about anything on this page: [email protected].