Built for executives who can't tolerate surprises.
PilotMail is review-first by architecture, not by policy. Every send is yours; every model decision is explainable; every audit answer is one export away.
Encryption everywhere
TLS 1.3 in transit. AES-256 at rest. Per-tenant key wrapping for sensitive payloads.
Tenant isolation
Each workspace runs in a logically isolated tenant. No model training across customers — ever.
Immutable send log
Every Approve & Send is signed, timestamped, and exportable to your SIEM in CSV or JSON.
Review-first by design
PilotMail drafts and surfaces — it never autonomously sends. You hold the command key.
Deployment options
Multi-tenant SaaS, dedicated VPC, or single-tenant deployment available on Enterprise.
Access controls
Role-based access (owner / admin / member). SSO / SAML and SCIM on Enterprise plans.
Zero autonomous action. The pilot structures and drafts — you retain the command key.
PilotMail is built around a strict review-first archetype. Every output is reversible, every send is auditable, every model decision is explainable.
- 01
Pipeline Ingestion
Secure OAuth into your inbox graph. Threads, calendars, and contact graphs sync read-only into an isolated workspace tenant.
- 02
Context & Persona Synthesis
Your voice, tone, and counter-party history are modeled in-tenant. No cross-customer training. Ever.
- 03
Interactive Draft Presentation
Drafts are surfaced in the Reply Queue with structured rationale. You can edit, regenerate, or discard — drafts never leave the queue without you.
- 04
Human Approval & Audited Send Log
Only your tap on Approve & Send dispatches. Every send is signed, timestamped, and exportable to your SIEM.