August for Outlook: Security & Data Privacy

August for Outlook: Security & Data Privacy

Learn how to securely use and deploy the August Outlook add-in — with full admin controls and compliance safeguards — so your email workflows remain private, auditable, and firm-compliant.

Overview

The August Outlook add in brings your legal workspace directly into your inbox. You can summarize email threads, review attachments, draft responses, or send material to a Matter vault. Because this work often involves sensitive or privileged information, the add in is designed with strong security, privacy protections, and firm level governance. This guide explains how August handles data, how access is controlled, and what users and administrators should know.

What Data August Can Access and How It Is Processed

• August only processes the specific emails, messages, or attachments you choose to send to the add in
• It does not scan or index your entire mailbox
• Attachments such as PDFs or Word documents are processed only when you instruct August to analyze, summarize, or review them
• All data transmitted between Outlook and August is encrypted
• Uploaded content is stored according to your firm’s retention and security settings
• August does not use your emails or documents for model training or public datasets

Authentication, Deployment, and Access Controls

Deployment Options for Administrators

Firms may deploy the Outlook add in using:

• Tenant wide deployment through Microsoft 365 Admin Center
• Private add in catalogs
• Enterprise deployment tools such as SCCM or Intune
• Direct installation from the add in store when permitted by policy
• Sideloading via manifest for restricted or isolated environments

These options allow firms with specific compliance or security requirements to control deployment centrally.

User Authentication and Authorization

• Users authenticate with their firm credentials through Single Sign On
• Access to client data, emails, attachments, and vaults follows the firm’s permission and role based access controls
• Admins can revoke access, manage permissions, and control who may run analyses or export data

Audit Logging and Administrative Visibility

• All activity in the Outlook add in can be logged
• Logs may include summaries, drafts, uploads, exports, and document interactions
• Admins can review who accessed what, when, and which operations were run
• Firm retention and export rules apply to Outlook add in workflows

Compliance, Certifications, and Data Handling Commitments

August is designed to support the standards required for legal and professional environments:

• Data sovereignty and customer control over all stored material
• No use of client or confidential data for training models
• Encryption in transit and at rest, strong key management, and least privilege principles
• Architectural alignment with frameworks such as SOC 2, ISO 27001, and GDPR or regional privacy rules depending on your firm’s settings

This approach supports use in high sensitivity legal and regulated industries.

What Your Firm Should Consider Before Deployment

Before deploying the Outlook add in, firms should review:

• Whether network, firewall, or VPN settings allow encrypted communication between Outlook and August
• Compliance requirements such as data residency, export restrictions, and confidentiality limits
• How permissions will be assigned, including who can run analyses or export documents
• Whether audit logging and reporting will be enabled to track usage and data flows
• Internal guidance for attorneys and staff on how to handle sensitive materials in Outlook

Frequently Asked Questions

Does August process my entire mailbox No. August only processes the emails or attachments you select.

Is email or document data encrypted Yes. All data is encrypted during transmission and stored under your firm’s security and retention settings.

Can exports be restricted Yes. Administrators can control export permissions and enforce retention or vault only storage policies.

Does using the add in violate confidentiality rules No. Using August is consistent with confidentiality obligations as long as you follow firm and client requirements.

Can we audit user activity Yes. Audit logging is available and records when the add in is used, by whom, and what was processed.

Does August use my documents for model training No. Your documents are not used to train external models.

Why This Matters

Legal professionals work with privileged and sensitive information every day. The Outlook add in helps teams work faster by summarizing email threads, reviewing attachments, and storing materials in Matter vaults without compromising confidentiality or compliance. August provides strong access controls, encryption, auditability, and firm level governance so you can work efficiently while maintaining professional responsibility.