Scoped OAuth
Integrations use provider authorization flows, scoped permissions, and encrypted token storage. Connected accounts can be disconnected by the user.
Security
Delegate treats connected tools as high-impact surfaces. The product is designed to prepare work safely, then ask before external impact.
Last updated: June 2, 2026
Integrations use provider authorization flows, scoped permissions, and encrypted token storage. Connected accounts can be disconnected by the user.
Email sends, calendar creation, public posts, document sharing, record modification, deletion, and spending are treated as sensitive actions.
Rate limits, prompt screening, failed-run visibility, and operational event logs help detect abuse or unsafe workflow requests.
The app exposes a configuration hook for external error monitoring and keeps local operational records for blocked prompts and failed executions.