Rule one: no password sharing, ever
Standin does not ask for passwords. Access is handled through secure OAuth links whenever possible: the same authorization mechanism you use when you click “Sign in with Google”. You approve each connection directly in your own account, the connection is scoped to what it needs, and you can see and revoke it from your side at any time.
This matters more than it sounds. The common alternative in the assistant and agency world is a shared login in a password manager: which means invisible, unscoped, hard-to-revoke access tied to trust in an individual. OAuth replaces trust-in-a-person with permissions-you-control.
Rule two: approval-first by default
A new Digital Employee does not start by sending emails on your behalf. It starts by preparing work: draft replies, follow-up drafts, briefings, summaries, report drafts, status updates. A person approves anything sensitive before it goes anywhere.
Over time, you decide which actions are safe to automate. Maybe internal reports go out automatically and customer-facing email stays approval-first forever. That boundary belongs to you, not to us, and expanding it is always an explicit choice, never a default.
Rule three: clear data boundaries
One of the quiet risks of DIY AI adoption is that nobody knows what has been pasted into which tools. A managed deployment inverts that: the Digital Employee works inside approved connections, so the data surface is defined, visible, and auditable instead of scattered across personal chat histories.
The same thinking is in our Live AI Workshop: an entire module covers the company AI policy: what employees can use AI for, what requires approval, and what data should never be pasted into tools. If your company has no written rules today, the free AI policy generator produces a practical starting point in two minutes.
Rule four: plain ownership
The ownership split is simple and worth writing down before any engagement:
- You own your business data, your documents, prompts specific to your business, workshop materials created for your team, and outputs created for you.
- Standin owns its operating model, reusable frameworks, internal systems, and Digital Employee infrastructure.
You are never renting your own data back, and there is no dashboard hostage situation: revoke access and the connections end.
Questions to ask any AI vendor
Whether or not you talk to us, ask these before installing anyone's AI in your business:
- Do you need my passwords, or is every connection OAuth I can see and revoke?
- What can the system do without a human approving it, on day one and by default?
- Who decides when an action becomes automatic: you or me?
- What data leaves my systems, and where does it go?
- If we part ways, what do I keep, and what shuts off?
A vendor with good answers will have them ready. Ours are above, and in more depth in the FAQ.