How Caddi connects to your tools.

It connects over OAuth and SSO, runs under each user's own credentials, and moves work between the tools you already own.

  • SOC 2 Type II
  • Zero data retention
  • OAuth + SSO
  • Every action auditable
01How it works

Connect once, teach it, then let it run.

Select a step to see what moves between your systems.

Your tools
iManage
NetDocuments
Microsoft 365
Salesforce
Relativity
SharePoint
OAuth + SSO
Inherits your access
CaddiCaddiRuns under your credentials

IT connects the firm's tools once over OAuth and SSO, in about five minutes.

  • No usernames or passwords. Each user is redirected to OAuth to approve their own access.
  • Caddi then runs under that user's own credentials and inherits the access IT already set.
  • No new permission model, no new secrets. Prefer a dedicated Caddi user? That works too.
02Architecture

Where Caddi sits in your stack.

The facts your security review needs, and the questions worth answering before it begins. Data and Models (*) are the ones most teams dig into.

Cloud, over OAuth and SSO. IT connects the firm's tools once in about five minutes; each user then approves their own access. Caddi never asks for usernames or passwords.

No desktop agent. Recording runs as a Chrome extension, so locked-down setups like Citrix work, and where a system exposes no API Caddi automates the steps around it. It works with cloud-synced documents and mailboxes, never files sitting on someone's desktop.

Caddi inherits the permissions of the user who built the flow and runs under their existing access. No new permission model and no service-account secrets to manage. Enterprises that prefer it can assign a dedicated Caddi user instead.

Every API call and action is logged across every system Caddi touches: who it ran as, what it touched, and what it produced. All exportable for audit and internal review.

03Security & controls

Enterprise-grade security, control, and reliability.

Built for regulated, high-trust environments.

SOC 2 Type II certified

Caddi maintains SOC 2 Type II compliance for security, availability, and confidentiality, attested by an independent auditor.

Zero data retention, no training

Every model call runs under enterprise zero-data-retention agreements with all AI vendors, OpenAI, Anthropic, and Google. No customer data is ever used to train a model.

Encrypted end to end

All data is encrypted in transit and at rest using industry-standard protocols, with continuous penetration testing by independent security firms.

04Integrations

Works across 75+ integrations.

iManage, NetDocuments, Salesforce, Microsoft 365, Clio, Relativity, and the list goes on. If your team uses it, Caddi can run the work inside it.

Most of your security review, answered up front.

SOC 2 attestation, data residency, where recordings are stored, and whether client data leaves your tenant, all surfaced up front in the Trust Center.