Trust is the product.
Overwise sends emails under your name to your prospects. Every safety guardrail below is on by default — you can't even turn most of them off. Domain reputation, deliverability, and 'never send something we can't cite' aren't upsells; they're table stakes.
The 8 things we don't let you turn off.
The buyer reflex on outbound AI is "is this thing going to torch my domain?" The answer is no — because the safety guardrails below override your campaign settings, not the other way around.
Every AI-drafted message is checked against the lead's actual signals (LinkedIn, hiring page, recent funding). If a claim can't be cited, the message is discarded and the lead is held back, not sent. We never invent facts about your prospect.
For every send, you can see exactly which signals the agent used and which channel it picked. No black box; no 'the AI decided'. Trust comes from being able to inspect the decision.
First 7 days of any new mailbox: every send is queued for one-click approval. After 7 days of clean sends, you can switch to autopilot. Default-on safety beats default-on power.
Send-volume caps for the first 14 days regardless of campaign settings: 10 → 25 → 50 → 100/day. We protect your domain reputation more conservatively than you would; you can't even override it.
If your mailbox-wide bounce rate hits 8%, the campaign pauses automatically and you get a banner with the diagnosis (deliverability issue / list quality / DNS / OAuth). Re-resume manually after fixing.
Single sender enforces suppression — across all your campaigns and mailboxes. Negative replies, unsubs, and CAN-SPAM opt-outs feed back into one list, so a 'no thanks' from one campaign suppresses the lead in every other campaign you'll ever run.
Every message ends with a one-line disclosure that an AI assisted the drafting, in the user's local language where applicable. Compliant by default; you don't have to think about it.
Auto-injected on every send: physical mailing address (your business address), valid List-Unsubscribe header (one-click), valid List-Unsubscribe-Post body. We don't ask whether you want to comply.
Your data, your domain, your call.
Google or Microsoft OAuth only — we never store your password. Sign-in tokens are encrypted at rest and rotated per session.
Lead data and outreach history live in a hosted MongoDB cluster in EU-Central (Frankfurt). Encryption at rest (AES-256), encryption in transit (TLS 1.3).
You own your data. Export to CSV from any campaign. Delete your account from the billing page; data wipe is hard-deleted from primary storage within 30 days, from backups within 90.
Your data is never used to train Anthropic's or OpenAI's models. We pass prompts through their APIs with explicit no-training flags. Your sent-folder samples used for brand-voice extraction live only in your project's vector index — not shared, not aggregated.
Anthropic (Sonnet — drafting + classification), OpenAI (Embeddings — voice extraction), MongoDB Atlas (storage), Stripe (billing), Postmark (transactional email), Apify (lead discovery scraping). Full DPAs signed; list updated when changes occur.
GDPR-ready (EU data residency, DPA available on Founder Team), CAN-SPAM compliant (auto-injected headers + body unsubs), GDPR Art. 14 transparency-by-default. SOC 2 Type 2 in progress (target Q4 2026).
Trust questions, answered short.
The security and compliance questions every founder should ask before letting an AI send under their name.
Will Overwise email anyone without my approval? +
Not on a fresh mailbox. The first 7 days are 'review-each-send' mode — every draft is queued for one-click approval. After a clean track record, you can switch to autopilot per-campaign. Default-on safety, opt-in autonomy.
Can the AI invent facts about my prospects? +
No. The MessageVerifier is a cite-or-discard step — every claim in the draft must be supported by a signal we actually scraped (LinkedIn role, recent funding, hiring page). If it can't be cited, the message is discarded and the lead is held back. We don't send messages we can't back up.
What happens if my domain reputation is at risk? +
Three guardrails fire automatically: (1) a 14-day warmup ramp caps daily send volume on new mailboxes regardless of your campaign settings; (2) bounce-rate auto-pause kicks in at 8% mailbox-wide; (3) SPF/DKIM/DMARC checks block sending from broken domains. You can't override these — they exist to protect you.
Does Overwise comply with GDPR? +
Yes. EU data residency (Frankfurt), one-click unsub auto-injected, DPA available on Founder Team, suppression at single chokepoint, GDPR Art. 14 transparency footer on every AI-drafted message. We don't enrich beyond what's publicly available; consent-respecting.
Is my data used to train AI models? +
No. We pass prompts to Anthropic and OpenAI with explicit no-training flags set. Your sent-folder samples (used for brand-voice extraction) live only in your project's vector index — never shared, never aggregated across customers.
How do I delete my data? +
Cancel from the billing page. After cancellation, data is read-only for 30 days (so you can re-activate without losing context), then hard-deleted from primary storage. Backup retention runs 60 more days, then full purge. Email tobias@overwise.com to expedite.
Your first leads, in 5 minutes.
14-day trial. Card on file, hard-stop at your lead cap (no surprise bills). All trust artifacts standard. Cancel any time without an email.
Start 14-day trial — first leads in 5 min → Card on file · No demo gate · Cancel any time