Safety & Transparency
How Bosly works, what it can and cannot do, and how we keep you in control.
Consent Gate
Bosly never sends an email without your explicit approval. Every AI-generated reply goes through a 5-minute outbox delay — you can review, edit, or cancel before anything leaves your account. There is no auto-send mode.
🔴 Red — nothing without explicit approval
🟡 Amber — Bosly drafts, you decide
🟢 Green — pre-approved templates (planned)
60-Second Undo
Every major action can be undone within 60 seconds. An undo button appears immediately after sending a reply, moving a card, or deleting a contact.
AI Decision Explanations
Bosly shows why it drafted each reply — what signals in the lead informed the tone and content. You see the reasoning before approving. Confidence scores are displayed when available.
What Bosly Can Do
📧 Email — Read inbox, draft replies, send with 5-min delay
👥 Contacts — View, create, update, and delete contacts
📅 Calendar — Import from iCloud, Google, and Outlook. Events become cards.
💰 Finance — View transactions, generate invoices
✅ Tasks — Create, view, and complete tasks
What Bosly Cannot Do
🚫 Send emails without your approval
🚫 Access or read system secrets (.env files)
🚫 Bypass consent gates under any circumstances
🚫 Offer medical, legal, or tax advice
🚫 Modify its own safety rules or system prompt
🚫 Delete data without confirmation and undo window
How We Protect You
✓ All data encrypted in transit (HTTPS) and at rest (EBS)
✓ Backups encrypted with AES-256 GPG
✓ Session timeout: 24 hours
✓ Rate limiting on all endpoints
✓ Break-glass lockdown available (freezes all write operations)
✓ File integrity monitoring on critical system files
✓ EU data residency (Ireland AWS region)
✓ Full account deletion with 31-table cascade audit trail