Your AI assistant, your rules
Every action that leaves the system — every email, every booking, every calendar change — requires your explicit approval. No exceptions.
Four steps. You control the last one.
You make a request
Ask TendBot to send an email, book a table, or reschedule a meeting — just like messaging a human assistant.
TendBot classifies the action
The server automatically determines whether the action is a read (safe to execute) or a write (requires your approval), and assigns a risk level.
You review the details
Write actions appear as approval cards in your chat — showing exactly what will be sent, to whom, and when. Nothing is hidden.
Only your OK makes it happen
The external API is only called after you explicitly approve. Deny or ignore it, and nothing leaves the system.
Server-side enforcement, not prompt-based
API-level separation
The AI can only request actions — it cannot construct results, skip steps, or fake completions. This is an API protocol constraint, not a prompt rule.
Database-backed approvals
Every write action creates a database record. External APIs are only called when the approval record is resolved by your explicit action.
Fail-closed defaults
Unknown actions are blocked automatically. If classification fails or a tool is unrecognized, the system denies rather than permits.
Not all actions carry the same weight
Low risk
Calendar changes, easily reversible. Future: eligible for auto-approval.
Create a meeting, update an eventMedium risk
Emails to known contacts, bookings. Cannot be unsent once approved.
Reply to an email, book a restaurantHigh risk
New contacts, forwarding, attachments. Maximum scrutiny, never auto-approved.
Forward an email, contact someone newYour data, nobody else's
Row-level security
Every database query is scoped to your user ID. No other account can ever access your data — enforced at the database level, not application code.
EU data residency
All data is processed and stored within the EU. Full GDPR compliance with data subject rights: access, rectification, erasure, and portability.
What your AI assistant sees
To be useful, your assistant needs context. Here is exactly what is shared with the AI language model when you send a message — and what is not.
Shared with the AI model
- Your name and timezone — so the assistant knows how to address you and when things are scheduled.
- Upcoming calendar events — titles, times, and attendee names so the assistant understands your schedule.
- Recent email metadata — sender, subject, and a short summary (not the full body) for context on what is happening.
- Relevant notebook entries — only entries that match your current question, retrieved via search.
- Memory — preferences and patterns the assistant has learned about you.
- Conversation history — your recent messages with the assistant for continuity.
How your data is protected
- Not used for AI training — Anthropic's commercial API terms prohibit using API data for model training.
- Encrypted in transit — all data is sent over TLS-encrypted connections.
- Temporary processing — the AI provider may retain data up to 30 days for safety monitoring only, then it is deleted.
- Isolated per request — your data is never mixed with other users' requests or shared across accounts.
Never shared with the AI model
- Passwords and OAuth tokens
- API keys and encryption secrets
- Payment details or financial credentials
- Full email bodies in passive context (only short summaries are included). When you ask TendBot to read a specific email, a truncated excerpt is shared to draft a reply.
What TendBot never processes
For bookings that require payment, TendBot prepares a brief and hands you a direct link to complete the transaction yourself.