How your connected data stays private

Connecting QuickBooks, a business mailbox, a calendar, or a shared folder means handing Verinode a look at some of the most sensitive information in the business: the books, carrier and adjuster co…

10 min read·Updated July 13, 2026
On this page

Why this article exists

Connecting QuickBooks, a business mailbox, a calendar, or a shared folder means handing Verinode a look at some of the most sensitive information in the business: the books, carrier and adjuster correspondence, meeting activity, customer and team details. Verinode is an independent data trust and AI Co-COO, not a carrier tool and not something that resells what you send it. Every wizard in Connect restates the same five-part promise in its own words, and this article pulls that promise into one place so you can see it applied consistently across every connection type instead of hunting for it wizard by wizard.

The five parts, in the order they show up on the page:

  1. Read-only access. Nothing Verinode connects to can be written to, moved, or deleted.
  2. You choose what we read. A folder, a label, a single Google Drive folder, a specific meeting. You draw the boundary, not Verinode.
  3. Encrypted at rest, under a key scoped to you. Your identifying data is not sitting in a shared pool with every other operator's.
  4. Never sold to carriers. Not a policy footnote, a line repeated in the actual consent checkbox you tick before connecting.
  5. One-click disconnect. Revoking access is a single click, and it takes effect immediately.

Where you see this promise

Open Connect from the sidebar (/connect). Click the Integrations card to open the Integrations hub, the surface for every direct, provider-level connection: QuickBooks Online, Microsoft 365, Gmail, Microsoft 365 Calendar, Google Calendar, and the Verinode Notetaker. At the top of that panel, under the "Connect your tools." headline, a row of three pill labels always appears:

  • Read-only access
  • You choose what we read
  • Encrypted at rest

That strip is not a one-time onboarding message. It sits above the tile grid every time you open the hub, and each provider's own setup wizard restates the same commitments in language specific to what that provider actually touches. The same five-part promise carries over to the two connection paths that live outside the Integrations hub: Connect a shared folder, further down the Connect page under Add a source, and Set up Flow on any tool card, where a human, not an API, is doing the pulling.

Read-only access, connection by connection

Nothing described below can send an email, move a calendar event, write a journal entry, delete a file, or change anything in the tool it connects to. Verinode reads; it does not act on your behalf inside these systems.

| Connection | What it reads | What it can never do | |---|---|---| | QuickBooks Online | Invoices, receivables, payments | Write to your books | | Microsoft 365 (mailbox) | Business mail in the folder you scope | Send, delete, or modify anything in your mailbox | | Gmail (mailbox) | Business mail in the label you scope | Send, delete, or modify anything in your mailbox | | Microsoft 365 Calendar | Meeting times and titles | Create, move, or change any event | | Google Calendar | Meeting times and titles | Create, move, or change any event | | Verinode Notetaker | Meetings it is added to | Read your wider calendar or account | | Shared folder (Google Drive) | Files in the one folder you share | See anything else on your drive |

The QuickBooks explainer states it plainly the moment you open that tile: "We never write to QuickBooks, and your financials are never sold to carriers." The mailbox wizard is just as direct: "It is strictly read-only. We never send, delete, or change anything in your mailbox." The calendar wizard mirrors it for meetings: "We never add, move, or change anything on your calendar." The Notetaker explainer covers the recording path the same way, reading only the meetings it joins, "never your wider account."

You choose what we read: scope is yours to draw

This is the part operators usually ask about first, because a mailbox or a hard drive holds a lot more than business records. Every connection that could plausibly over-read is built so you draw the line, not Verinode.

Mailbox connections (Microsoft 365, Gmail). Before you connect, the wizard walks you through creating a dedicated folder or label, for example "Verinode," and a rule that automatically routes carrier, TPA, and vendor mail into it. You then point the connection at that exact folder or label, and Verinode reads only what carries it, nothing else in the mailbox. If you leave the scope field blank, Verinode reads the whole mailbox, but even then it still only processes messages carrying a business attachment or coming from a known carrier, TPA, or vendor, never personal mail either way. If you want tighter control still, the wizard suggests connecting a dedicated mailbox, such as claims@yourcompany.com, instead of a personal inbox, so only that mailbox's folder or label is ever in scope.

You cannot connect a mailbox without agreeing to a specific consent statement first. The checkbox reads back exactly what you are about to authorize, echoing the folder or label name you typed:

"I understand Verinode will read [app] mail in my '[folder/label]' [folder/label], on a read-only basis, encrypted under a key scoped to me and never sold to carriers, and that I can disconnect in one click at any time."

The Connect button stays disabled until that box is checked.

Shared folder. You share exactly one Google Drive folder, Viewer-only, with the Verinode service account, and Verinode reads what lands in that folder and nothing else on your drive. See connecting a shared folder for the two-step handshake that proves you control the folder, not just its web link.

Verinode Notetaker. You decide which meetings it joins. It is added per meeting, joins under a visible name so the room always knows it is there, and reads only that one meeting, never a standing recording of everything on your calendar.

Flow-assigned tools (no direct connection). For a tool with no API to connect to, such as Xactimate or a desktop accounting package, you choose the cadence data comes in on (Monthly, Quarterly, Weekly, or One time) and who pulls it, either yourself or a data contributor. Nothing about a Flow assignment reads anything automatically; a human still exports and uploads or forwards the file. See setting up Flow for a tool for the full walkthrough.

Tip

If you are not sure how narrow to scope a mailbox connection, start narrow. A dedicated "Verinode" folder with a routing rule is easy to widen later; a mailbox connected with no scope at all cannot be tightened without disconnecting and reconnecting.

Encrypted at rest, under a key scoped to you

The identifying parts of what flows in through any of these connections, customer and adjuster names, claim details, street addresses, free-text notes, are column-encrypted under your own Vault Key, not a key shared across every operator on the platform. Your dollar figures, dates, and reference numbers live in a database that is yours alone. No other operator, and no carrier, can read either.

Verinode's automated systems can decrypt your data to do the work you actually asked for, running extraction on a forwarded invoice, matching a vendor, feeding a benchmark, including background processing that runs while you are offline. No Verinode employee browses or exports it through any tool the company operates, and every one of those automated accesses is logged for you to see. This is deliberately not a claim that Verinode is technically locked out of your data; it is a claim that access is scoped, automated, and auditable. The full mechanics, including how to reveal your own Vault Key, live in your Vault Key: how invoice data is encrypted.

Meeting titles read by a connected calendar are encrypted the same way: "Meeting titles are encrypted at rest," the calendar wizard states, alongside the same commitment that nothing is sold to carriers.

Never sold to carriers

This line is not a footnote buried in a policy page. It is written into the actual consent you tick, wizard by wizard:

  • Mailbox: the consent checkbox itself: "...encrypted under a key scoped to me and never sold to carriers..."
  • Calendar: "Meeting titles are encrypted at rest. We never request permission to create or change events, and your data is never sold to carriers."
  • Verinode Notetaker: "Recordings are encrypted, never sold to carriers."
  • QuickBooks: "We never write to QuickBooks, and your financials are never sold to carriers."
  • Shared folder: "As with every source that feeds Verinode, this data is never sold to carriers."

This holds for the anonymized side of the platform too. Peer benchmarks are built from aggregated, hashed contributions across a group of operators large enough that no single contributor can be identified, never from a named operator's raw figures, and never handed to a carrier as raw or attributable data.

Note

Verinode is governed as an independent data trust, not owned or aligned with any single operator, carrier, or vendor. The commitment above is what makes that independence worth something in practice: the same "never sold to carriers" line applies whether the connection is QuickBooks, a mailbox, a calendar, a shared folder, or a Flow-delegated upload.

One-click disconnect

Every connection type ends the same way: one click, immediate effect, and your already-ingested data stays put. Disconnecting stops Verinode from reading a source going forward; it does not delete anything already pulled in.

  • QuickBooks: confirms first, "Disconnect QuickBooks? Verinode will stop reading your books and remove the stored connection. Your existing data stays," then a single Disconnect button ends the live sync.
  • Mailbox: confirms, "Disconnect this mailbox? Verinode will stop reading it," and access is revoked the moment you confirm.
  • Calendar: confirms, "Disconnect this calendar? Verinode will stop reading it."
  • Shared folder: each connected folder shows a Disconnect text control on its row. Clicking it revokes the connection immediately and the row disappears. Disconnecting in Verinode does not automatically unshare the folder on the Google side; if you want to fully close it off, also remove the Verinode service account from the folder's share settings in Google Drive.
  • Flow-assigned tools: Turn off on the tool's Flow card dismisses the assignment. It stops reminding whoever was pulling the data; it does not touch anything already uploaded, and you can set the Flow back up any time.
  • Verinode Notetaker: there is nothing to disconnect per meeting, since it is not a standing connection. It simply is not added to a meeting you do not invite it to.

Heads up

Disconnecting a provider stops future reads. It is not a data-deletion request. If you need previously ingested data corrected or removed, that is a separate action, not something one-click disconnect covers.

Data contributors never see your numbers

Flow lets you hand a tool's recurring export to a teammate instead of doing it yourself. That teammate, called a data contributor, gets their own free Verinode login so their uploads are attributed to them specifically. Verinode is explicit about the boundary the moment you invite one:

"This emails [name] an invite to create a free Verinode login. Once they accept, they can upload the data you ask for and it's tracked to them. They never see your numbers, benchmarks, or decisions."

A data contributor's account can push data in. It cannot see your margin figures, your peer benchmarks, or the decisions Verinode surfaces to you. Delegating the busywork of an export never means delegating visibility into the business.

What happens if a source isn't available yet

Some connections are still rolling out. Gmail, for example, stays pilot-only because Google requires an annual third-party security review (CASA) of any app that reads Gmail; Microsoft 365 has no equivalent review and connects today. A tile that is not yet available reads Coming soon, and the wizard tells you the fallback in the meantime, usually forwarding an email or connecting a shared folder. None of these gaps are silent: every tile states plainly what to do until the direct connection ships.

Best-practice example

An operator wants QuickBooks and their Outlook mail flowing in, but is cautious about a mailbox connection specifically because their inbox holds personal correspondence alongside carrier threads. They connect QuickBooks first, a single OAuth popup, read-only, done in under a minute. For Outlook, they create a folder named "Verinode" and a rule that routes carrier, TPA, and vendor senders into it, then point the mailbox wizard at that exact folder name and check the consent box before connecting. From that point on, Verinode reads only the "Verinode" folder, never the rest of the inbox. A few months later, when they change accounting software, they disconnect the old QuickBooks connection with one click; the invoices and payments already read stay exactly where they are in Margin and Cash Flow, only the live sync stops.

Data sources

  1. 1.Trust strip and consent language shown in the Integrations hub and each provider wizard. Verinode platform.
  2. 2.Vault Key encryption scope and audit-log commitments. Verinode data-use policy.
Was this helpful?