Answers to the most common security and privacy questions we receive from individuals and enterprise customers.
Does CTD read my emails?
By default, no. CTD only needs email metadata (sender, recipient, timestamp, and subject) to build your contact profiles and score your relationships. We do not read or store email bodies.
You do have the option to grant CTD read access to your emails. If you do, you can read your own email threads directly within CTD. We never store email bodies — they're fetched on demand and displayed only to you. Read access is used solely to surface emails for a better experience, nothing else.
Can I disconnect my accounts at any time?
Yes. You can disconnect any integration (Google, Microsoft, LinkedIn) from your CTD settings at any time. You can also revoke access directly in your Google or Microsoft account without going through CTD at all.
What happens to my data if I delete my account?
When you delete your account, we permanently delete all your personal data — contacts, relationship scores, email metadata, and any synced data — from our systems. This is irreversible and we do not retain backups of deleted accounts beyond our standard backup rotation window.
Is my network shared with others?
Every user controls their own privacy and sharing rules. You have two starting modes:
- Closed network — your contacts are visible only to you. From there, you can whitelist specific people or entire company domains.
- Open network — your contacts are visible to CTD users you know. From there, you can block specific people or entire companies.
Regardless of your network setting, you can also mark individual contacts as private. A private contact is visible only to you — no one else will know you have a relationship with that person.
How does CTD access company email on Business plans?
For Business Edition, CTD uses domain-wide delegation — a standard mechanism supported by Google Workspace and Microsoft 365. The admin defines exactly what CTD can access (e.g., metadata-only access means CTD will never see email bodies or attachments). Access can be revoked by the admin at any time. CTD does not automatically create accounts for all employees — admins control which users are provisioned and what data scopes each user has.
Is CTD a multi-tenant environment? How is customer data separated?
CTD is not a traditional multi-tenant application with physically isolated databases per customer. By design, CTD is one unified relationship graph — its value comes from understanding how people and companies are connected across the entire network.
What we have instead is logical separation enforced at the data layer. Every query enforces the privacy and sharing rules you've set. Your contacts, relationship scores, and network data are never exposed to other users beyond what you've explicitly shared.
For enterprises with stricter isolation requirements, our team is happy to walk through the architecture in detail. Contact security@ctd.ai.
Is CTD SOC 2 certified?
Yes. CTD is SOC 2 Type II certified, covering Security, Availability, and Confidentiality. Audits are conducted annually by an independent third party. Enterprise customers can request our SOC 2 report by contacting security@ctd.ai.
Does CTD comply with GDPR and CCPA?
Yes. CTD complies with GDPR for EU/EEA users and CCPA for California residents. You have the right to access, correct, delete, and export your data at any time. We do not sell personal data. See Compliance and certifications for the full breakdown.
How do I report a security vulnerability?
If you believe you've found a security vulnerability in CTD, please contact us at security@ctd.ai. We take all reports seriously and will respond within 48 hours.