Giving AI access to your business, without losing control.

The most reasonable objection to an AI employee is not about capability. It is: “you want access to my inbox, my calendar, and my CRM: why would I hand that over?” Good. That instinct is correct, and any vendor who waves it away should worry you. Here is exactly how access works at Standin.

Rule one: no password sharing, ever

Standin does not ask for passwords. Access is handled through secure OAuth links whenever possible: the same authorization mechanism you use when you click “Sign in with Google”. You approve each connection directly in your own account, the connection is scoped to what it needs, and you can see and revoke it from your side at any time.

This matters more than it sounds. The common alternative in the assistant and agency world is a shared login in a password manager: which means invisible, unscoped, hard-to-revoke access tied to trust in an individual. OAuth replaces trust-in-a-person with permissions-you-control.

Rule two: approval-first by default

A new Digital Employee does not start by sending emails on your behalf. It starts by preparing work: draft replies, follow-up drafts, briefings, summaries, report drafts, status updates. A person approves anything sensitive before it goes anywhere.

Over time, you decide which actions are safe to automate. Maybe internal reports go out automatically and customer-facing email stays approval-first forever. That boundary belongs to you, not to us, and expanding it is always an explicit choice, never a default.

Rule three: clear data boundaries

One of the quiet risks of DIY AI adoption is that nobody knows what has been pasted into which tools. A managed deployment inverts that: the Digital Employee works inside approved connections, so the data surface is defined, visible, and auditable instead of scattered across personal chat histories.

The same thinking is in our Live AI Workshop: an entire module covers the company AI policy: what employees can use AI for, what requires approval, and what data should never be pasted into tools. If your company has no written rules today, the free AI policy generator produces a practical starting point in two minutes.

Rule four: plain ownership

The ownership split is simple and worth writing down before any engagement:

  • You own your business data, your documents, prompts specific to your business, workshop materials created for your team, and outputs created for you.
  • Standin owns its operating model, reusable frameworks, internal systems, and Digital Employee infrastructure.

You are never renting your own data back, and there is no dashboard hostage situation: revoke access and the connections end.

Questions to ask any AI vendor

Whether or not you talk to us, ask these before installing anyone's AI in your business:

  1. Do you need my passwords, or is every connection OAuth I can see and revoke?
  2. What can the system do without a human approving it, on day one and by default?
  3. Who decides when an action becomes automatic: you or me?
  4. What data leaves my systems, and where does it go?
  5. If we part ways, what do I keep, and what shuts off?

A vendor with good answers will have them ready. Ours are above, and in more depth in the FAQ.

Do we have to share passwords with Standin?No. Access is handled through secure OAuth links whenever possible. You authorize each connection directly, and Standin works inside those approved boundaries. Standin does not need passwords to do the work.
Can the Digital Employee send emails or change records on its own?Not by default. Sensitive actions start approval-first: the Digital Employee drafts, summarizes, organizes, and prepares, and a person approves before anything is sent, changed, or committed. You decide which actions ever become automatic.
Who owns our data and the work product?You own your business data, documents, prompts specific to your business, and outputs created for you. Standin owns its operating model, reusable frameworks, internal systems, and Digital Employee infrastructure.
Can we revoke access?Yes. Because access is granted through OAuth connections you authorize, you can see what is connected and revoke any connection from your own systems at any time.

Have a security question
we didn't answer?

Book a free Standin Fit Call and bring your IT person if you want. We do not need passwords, documents, or tool access before the first conversation.

Book a Fit Call
Free call · OAuth only · approval-first by default