The agents platform is built to meet the highest enterprise security standards. Every agent, whether developed by Superhuman or a third party, follows strict protocols to protect user data and maintain trust. These protocols manage the relationship between Superhuman, agent developers, third-party services, and our users.
Restricted Network Requests
Agents can share data only with the domains they declare. Developers must specify which domains their agent connects to, and those domains appear on the agent’s security tab in the Superhuman Agent Store.
Superhuman enforces this constraint so agents cannot connect to any other domain. All communications to the network use Transport Layer Security (TLS) encryption.
Locked-Down Authentication
Developers never see or handle user login details. When an agent requires authorization, Superhuman manages credentials securely—encrypting them at rest and applying them to outgoing requests. Agent code and developers never access these credentials directly.
Rigorous Evaluation
Agents run in secure, sandboxed environments isolated from Superhuman’s core systems and from one another. This infrastructure undergoes annual third-party penetration testing and is continuously monitored through Superhuman’s bug bounty program.
Just What You Share, and No More
When an agent runs, it only interacts with the content where it’s active, and you can control the content it has access to. Developers can indicate which actions an agent could take that are irreversible so that the platform confirms with the user before taking action.
Agents are limited to the specific data categories declared by the developer and controlled by the enabled OAuth scopes. They cannot access any data from outside of these categories.
Note: In some cases, the agent developer may also own or operate the third-party service that the agent connects to. In those cases, the developer may have access to data or credentials you authorize with the service through their ownership of that service. You should review the privacy and security policies of any third-party service you connect to.
Data Flow
1) Start
• You click an agent on the bench.
• The platform initializes a secure, isolated execution.
2) Context the agent can see
• The agent can read your current app or browser context needed to perform its task.
• The agent cannot see inactive tabs or apps unless a user explicitly prompts the agent with an inactive tab.
3) Optional data ingestion
• Some agents ingest data, similar to a sync table.
• Ingested data is stored on Superhuman servers so the agent can use it across runs. You can remove this data by deleting the agent. Data is encrypted at rest.
• Users can configure what data they want their agent to store. Agents cannot see data beyond the scopes granted to them.
4) External requests
• If needed, the agent calls an external API hosted on the domain declared by the agent.
• Network requests are limited to the domains declared on the agent’s listing.
5) Results and actions
• The agent returns results to the UI.
• If an action cannot be undone, the agent asks you to confirm before proceeding.
6) Persistence and cleanup
• Access and auditing follow Superhuman’s security controls.
Built on Superhuman’s Secure Foundation
agents benefit from the same protections that keep all of Superhuman secure:
- SOC 2 compliant systems
- Data encrypted at rest and in transit
- Strict access controls and auditing
Third-Party Agents and Your Data
All third-party agents in the Agent Store are reviewed and vetted by Superhuman before release. Developers must comply with Superhuman’s security and privacy requirements.
Users choose which agents to install, and those agents only access data during active engagement. Data is shared only with the declared domain required for the agent’s function.
Each agent listing includes the developer’s own terms and privacy policy, which users are encouraged to review before installation. For more details, see Superhuman’s Privacy Policy and Developer Terms.
The information about each agent listed on the Superhuman Agent Store may be provided by third-party developers. We do not validate or endorse the accuracy, completeness, or reliability of the details presented. Superhuman is not liable for any inaccuracies or misrepresentations made by third parties.