Security & Data Privacy
Published February 28, 2026 · Last updated March 5, 2026 · 4 min read
This article explains how Obvious handles your data — what it stores, how it protects it, and what controls you have over access.
How Obvious approaches security
Obvious is built for teams working with real data — documents, spreadsheets, connected integrations, AI-generated content. Security isn't a layer added on top of that. It's built into how Obvious stores, processes, and controls access to everything in your workspace.
The short version: your data is encrypted in transit and at rest, access is controlled by roles and permissions, and every action taken in your workspace is logged.
Encryption
In transit: All data moving between your browser and Obvious uses TLS/HTTPS. This covers everything — your workspace content, API calls, integration traffic.
At rest: Data stored in Obvious is encrypted. This includes workspace content (documents, workbooks, files), project data, and account information.
Access controls
Obvious uses a role-based permission system. Every person in your workspace has a role that determines what they can see and do. Roles are applied at the workspace level and can be scoped further at the project level.
Workspace roles
- Owner — Full control over workspace settings, billing, members, and all content.
- Admin — Manage members, settings, and workspace-level configuration. Cannot access billing.
- Member — Create and edit content in projects they have access to.
- Viewer — Read-only access to shared projects.
Project-level permissions
Each project can be shared with individuals or teams at a specific permission level — edit or view. A person's project permission can be more restrictive than their workspace role, but not more permissive.
What the agent can access
The Obvious agent operates within the same permission model as human users. It can only access projects and artifacts that the user it's working with has permission to see. It doesn't have elevated access.
What Obvious stores
Obvious stores the content you create and upload: documents, workbooks, files, presentations, images, threads, and project artifacts. It also stores account information (name, email, authentication records) and metadata (access logs, version history, activity).
Obvious does not persist your data in third-party AI systems. When the agent processes your content to generate a response, that processing happens without storing your data in external model providers. Context is ephemeral — it isn't retained by the underlying model after the interaction ends.
Audit log
Every action in your workspace is recorded in the audit log: sign-ins, content changes, permission updates, and access events. The log captures who did it, what they did, when, and whether it succeeded.
Workspace Owners and Admins can view and filter the audit log from Settings → Audit Log. The log can be exported as CSV for review by your security team.
This is the record you use when you need to understand what happened in your workspace — after an unexpected change, during an access review, or for compliance purposes.
IP access controls
Workspace Owners can restrict access to specific IP addresses or ranges using allowlists and blocklists. When IP rules are active, anyone trying to reach the workspace from an unlisted IP sees an access-denied screen — no workspace content is visible.
This is available as an optional control. It's not on by default. Configure it from Settings → Security if your organization requires network-level access restrictions.
Data you control
You can manage your data in Obvious in several ways:
- Remove project access — Revoke a person's access to a project at any time. Their access ends immediately.
- Remove workspace members — Remove a member from the workspace to cut off their access entirely.
- Delete artifacts — Artifacts deleted in Obvious are soft-deleted, meaning data is preserved for a short period before permanent removal. This allows recovery if something is deleted by mistake.
- Export your data — Workbook data can be exported as CSV, Excel, or JSON. Documents can be copied or exported in their native format.
Your privacy rights
Obvious's Privacy Policy describes your rights in detail: what data Obvious collects, how it's used, how long it's retained, and how to request deletion or correction of your personal information.
The Privacy Policy is available at obvious.ai/privacy.
For questions about your data, data deletion requests, or security concerns, contact help@obvious.ai.
Next steps
- Audit Log — View and filter the activity log for your workspace.
- IP Access Rules — Restrict workspace access to approved networks.
- Workspace Roles & Permissions — How roles work and what each one can do.