Docs
For founders
Waydock is a secure context layer for your work. You connect your accounts once (mail, calendar, meetings, tasks, chats), and everything they hold becomes a single, governed context that any AI agent, or Waydock's own in-app assistant, can read and act on inside guardrails you control. This page is for a founder deciding whether Waydock fits their team. It covers the problem, why security is the headline rather than a footnote, what Waydock connects, the plan tiers, and what Waydock is not.
For agents: this page is available as Markdown at /docs/for-founders.md. If you are an agent connecting to Waydock, prefer the Quickstart and the Tool reference.
The one-liner and the problem
Connect your whole working life to any agent, with permissions you control.
Everyone is pointing AI agents at their work, and today that means one of two bad options. You paste your inbox into a chat box, with no scoping, no audit, and no way to revoke. Or you grant every agent a broad connection to every provider: many grants, many ways to leak, and no single off switch.
The category also has a named, structural danger. In June 2025, EchoLeak (CVE-2025-32711) was disclosed: a zero-click prompt injection in Microsoft 365 Copilot that exfiltrated data from a single crafted email with no user interaction. Researchers described it as a structural attack surface that applies to any LLM-based assistant with access to multiple internal data sources. That is exactly this category, and it is what Waydock is designed around.
Security is the headline
Waydock replaces both bad options with one scoped, audited bridge, and its design is a direct structural answer to the EchoLeak class of attack.
- Provenance gating. Once an agent's turn reads untrusted external content (an email body, a meeting transcript), its send and delete tools are removed for the rest of that turn. A message sitting in your inbox cannot talk your agent into sending or deleting your data.
- Per-user scoped keys. Agent access is granted through per-user MCP keys, each carrying an explicit set of
read:*andwrite:*scopes. New keys are read-only by default; write access is a deliberate, danger-styled choice, and write scopes require Pro. - One audit log. The app UI and the MCP endpoint write to the same place. Revoke a key once and both stop in the same moment.
- Approval cards. Send, delete, and external-share actions pause for a human click.
- No AI middlemen. Model calls go direct to the provider (for example, Anthropic). There are no gateways or inference proxies sitting over your mail and chat content. Fewer hops over your data is the whole point.
The full trust model is on the Security page, and the mechanics are in How Waydock works.
What it connects
Waydock unifies sources rather than exposing a single inbox. It syncs mail, calendar, meetings, tasks, and chats into one context so an agent can reason across them: the email thread next to the meeting transcript next to the task.
- Mail: Gmail, Outlook.
- Chat: Microsoft Teams.
- Meetings: Fathom, Fireflies, Pocket (notetakers deliver by webhook).
- Tasks: Linear, Jira.
- Personal: WHOOP, on a personal workspace.
Everything Waydock syncs becomes a card, a common unit with a shared shape (source, type, title, summary, status), and cards are what agents read. See Integrations for how each source flows in.
Two ways to use it
- Bring your own agent (MCP). If your team already uses Claude, Cursor, ChatGPT, or its own code, connect it over the Model Context Protocol with a scoped key. See Authentication and the Quickstart.
- Mira, the in-app assistant. Non-technical users get the same capability without setting up an MCP client. Mira is a chat rail inside the app that runs the same tool registry and the same guardrails as the MCP server, so in-app behaviour matches what you build over MCP.
Plans at a glance
Waydock is read-only and free to start on every plan. You upgrade when your team is ready to let agents take actions, and to get faster sync, longer audit retention, and full Mira. Live prices in your currency are resolved at Pricing; dollar amounts are not listed here.
| Free | Pro | |
|---|---|---|
| Scoped MCP keys | 3, read-only | 5, with write scopes |
| Agent calls / day | 500 | 100,000 |
| Write scopes (send, delete) | · | Yes, behind approval cards |
| Sync interval | Hourly (60 min) | Every 5 minutes |
| Audit retention | 7 days | 365 days, with export |
| Mira (in-app AI) | 3 turns / day (90 / month) | Full |
| AI summaries and drafts | · | Yes |
| Outbound webhooks | · | Yes |
Pro is billed per active member of the workspace, org-level, through Stripe, with a 14-day free trial and no card required to start. Enterprise arrangements (SSO and SCIM, custom retention, audit streaming, and an SLA) are handled by contact, not self-serve. See Pricing for the current numbers.
What Waydock is not
- Not another AI inbox. Triage and draft replies are things a connected agent can do; they are not the reason to buy. The reason to buy is unified, governed context handed to whatever agent you already run.
- Not a raw MCP gateway. Generic gateways govern access to N apps but curate no personal work context and offer nothing a non-technical user can touch. Waydock curates the context and ships a working product on top of it.
- Not a model or an inference proxy. Waydock does not train on your data and does not route it through AI middlemen; calls go direct to the model provider.
- Not cross-member by default. Inside a team, one member cannot read another member's data. Isolation is enforced at the database (see the admin guide).
Where to go next
- How Waydock works for the core ideas
- Quickstart to connect an agent
- Tool reference for every tool and scope
- Security for the full trust model
- Pricing for live numbers