How Caddi connects to your tools.
It connects over OAuth and SSO, runs under each user's own credentials, and moves work between the tools you already own.
- SOC 2 Type II
- Zero data retention
- OAuth + SSO
- Every action auditable
Connect once, teach it, then let it run.
Select a step to see what moves between your systems.
iManage
NetDocuments
Microsoft 365
SalesforceIT connects the firm's tools once over OAuth and SSO, in about five minutes.
- No usernames or passwords. Each user is redirected to OAuth to approve their own access.
- Caddi then runs under that user's own credentials and inherits the access IT already set.
- No new permission model, no new secrets. Prefer a dedicated Caddi user? That works too.
Where Caddi sits in your stack.
The facts your security review needs, and the questions worth answering before it begins. Data and Models (*) are the ones most teams dig into.
Cloud, over OAuth and SSO. IT connects the firm's tools once in about five minutes; each user then approves their own access. Caddi never asks for usernames or passwords.
No desktop agent. Recording runs as a Chrome extension, so locked-down setups like Citrix work, and where a system exposes no API Caddi automates the steps around it. It works with cloud-synced documents and mailboxes, never files sitting on someone's desktop.
Caddi inherits the permissions of the user who built the flow and runs under their existing access. No new permission model and no service-account secrets to manage. Enterprises that prefer it can assign a dedicated Caddi user instead.
Middleware, not a data store for your client records. The artifacts it does keep, the workflow recordings, the generated automation code, and the audit logs, are documented in the Trust Center, with where they live and how long they are kept.
OpenAI, Anthropic, and Google, selected per task, each under zero-data-retention terms with abuse monitoring. Bring your own API keys if you prefer.
Every API call and action is logged across every system Caddi touches: who it ran as, what it touched, and what it produced. All exportable for audit and internal review.
Enterprise-grade security, control, and reliability.
Built for regulated, high-trust environments.
Caddi maintains SOC 2 Type II compliance for security, availability, and confidentiality, attested by an independent auditor.
Every model call runs under enterprise zero-data-retention agreements with all AI vendors, OpenAI, Anthropic, and Google. No customer data is ever used to train a model.
All data is encrypted in transit and at rest using industry-standard protocols, with continuous penetration testing by independent security firms.
Works across 75+ integrations.
iManage, NetDocuments, Salesforce, Microsoft 365, Clio, Relativity, and the list goes on. If your team uses it, Caddi can run the work inside it.



























Most of your security review, answered up front.
SOC 2 attestation, data residency, where recordings are stored, and whether client data leaves your tenant, all surfaced up front in the Trust Center.