Security & data control

Your work is personal. Your data should stay that way.

Understand how Continuo approaches access, privacy, control, and responsible product development. We state what is in place today and keep our roadmap clearly separate.

Last updated: July 10, 2026

Our approach

Security is part of the product, not an afterthought. Continuo is built on least privilege, per-person data separation, and a simple principle: it suggests, and you approve. Nothing important is changed or sent without you.

Data access & permissions

You choose what to connect. When you connect Google Calendar or Gmail, Continuo requests minimal permissions — Gmail access is read-only — and you can disconnect any integration at any time. Continuo complements your CRM and does not write to it.

Data separation

Each person's data is private and separated from every other user's. Reads and changes are scoped to the signed-in account, so one user's information is never returned to another.

Encryption

Data is encrypted in transit (HTTPS/TLS) and encrypted at rest by our cloud database provider. On your device, authentication tokens are held in the platform's secure storage (iOS Keychain).

Authentication

Sign in with Apple, Google, or email. When you use Apple or Google sign-in, multi-factor authentication is enforced by that provider. An optional device lock (Face ID) can protect the app itself.

AI & how your data is used

Continuo uses AI to organize, summarize, and prioritize your work. Your data is not used to train foundation models by our AI provider. Continuo suggests changes; you review and approve them. We describe what the AI helps you do, not the internal methods behind it.

Not a system for patient data

Continuo is a personal productivity tool, not a medical record system. It is designed to avoid Protected Health Information (PHI), and connected email is automatically scrubbed of patient identifiers before processing. Please do not enter PHI.

Retention & deletion

Your data belongs to you. You can request export and deletion of your account data.

Where we are — and what's ahead

We believe in being precise about status. The following are on our roadmap and not represented as complete today:

  • Formal third-party security certification (such as SOC 2) and independent penetration testing.
  • Business Associate Agreements and HIPAA-aligned controls — required before Continuo would ever handle PHI.
  • A published subprocessor list and incident-response summary.

Questions about security or data handling? Email hello@mycontinuo.app. See also our Privacy Policy and Terms.