VigilVigil
Documentation Pages

Documentation

Security & Privacy

Vigil's approach to privacy is architectural rather than policy-based. The strongest privacy guarantee isn't a promise in a terms of service document — it's a system that is structurally unable to expose data it doesn't have.

  • Limit what enters the system in the first place
  • The surface area for harm shrinks accordingly

No inbox access

Vigil has no connection to your email account. There is no OAuth flow, no permission grant, no "allow Vigil to read your mail."

  • The forwarding setup happens entirely within your email provider, under your control
  • You decide which emails Vigil sees — if you stop forwarding, Vigil sees nothing
  • If you set up a filter to only forward emails from certain senders, Vigil only ever sees those

This is a fundamentally different model from email apps that request inbox access. Those applications can read everything you've ever received. Vigil can only read what you actively choose to send to it — the privacy guarantee depends on the forwarding rules you control in your own account, not on trusting Vigil's intentions.

Email bodies are discarded

When an email arrives, the agent reads the body text in memory to produce its analysis. Once analysis is complete, the body is discarded — it is never written to any form of storage.

  • What persists is the agent's own interpretation: a machine-generated summary, extracted facts, thread status updates
  • A one-way fingerprint of the original body is stored as proof of receipt, but cannot be reversed to reconstruct the content

This means that even in the event of a security breach, email bodies are not exposed — they were never there. The worst case for a compromised Vigil database is the exposure of metadata (sender, subject, timestamps) and AI-generated summaries, not the actual content of your emails.

What we store

Five categories of data are stored per account:

  • Metadata — sender address, recipient, subject line, timestamps
  • Analysis — summaries and classifications produced by the language model, never raw content
  • Thread state — which conversations exist, their status, and participant lists
  • Memories — the atomic facts the agent decided to retain
  • Action log — every decision the agent made, what tools it used, and its reasoning

Account credentials are stored in hashed form — your password is transformed before storage using a one-way function and is never retrievable, even internally.

Authentication and access control

Your account is protected by several layers of access control:

  • Passwords are transformed into a cryptographic hash before being written to the database — the original is never stored
  • Sessions are managed through short-lived tokens that expire automatically; if a token is compromised, its useful window is narrow
  • Watcher addresses are token-protected — only emails routed through Vigil's email infrastructure can trigger your agents; there is no way to invoke a watcher from the public internet without the correct token
  • The API enforces authentication on every endpoint that accesses user data
  • Cross-origin requests are restricted to Vigil's own domains — third-party websites cannot make authenticated API calls on a user's behalf without their knowledge

Webhook signatures

If you configure a watcher to send webhooks to an external service, every outgoing payload is cryptographically signed.

  • Each watcher has a unique signing secret
  • Verify the X-Vigil-Signature header in your receiving application to confirm the request genuinely came from Vigil
  • This protects your webhook endpoints from being spoofed by a third party claiming to be Vigil
Agent IntegrationAPI Reference