Octave is a go-to-market context layer. It structures your GTM strategy (personas, segments, use cases, messaging) and connects to your existing sales systems so AI agents produce accurate, on-brand produce up to date, accurate, and grounded outputs.
Visit trust.octavehq.com for real-time reports, policies, and security control status, powered by Vanta.
Our team
Founded in 2022, Octave was built by a team with deep roots in trust and security engineering.
Co-founder and CTO Julian Tempelsman built anti-fraud and anti-abuse systems at Google — across Gmail, Google Wallet, and Google Drive — before founding Smyte, the trust-and-safety platform that protected companies including Zendesk, Quora, GoFundMe, and TaskRabbit. Smyte was acquired by Twitter in 2018, where Julian went on to lead engineering teams.
Smyte is also where Julian and Zach Vidibor, Octave co-founder and CEO, began their partnership. The broader engineering team brings experience from companies like Apple, Sony, and General Motors. That security-first engineering culture shapes how Octave is designed, built, and operated today.
Deployment model — no model training
Octave is a managed SaaS layer that sits between your systems of record and your AI tools. Nothing is installed in your environment, no code is hosted on your infrastructure, and your systems connect through scoped, revocable OAuth integrations.
- No training. We never use your data to train models, and your data always remains your property under our Terms of Service and DPA.
- Model agnostic. Octave is model-agnostic and works with AI platforms you've already approved (e.g., Claude, ChatGPT) via API and MCP. However, you do not need to use Octave with an AI platform; you can call Octave directly or use it with other agentic platforms.
- Sub-processors: Review them on our trust portal at trust.octavehq.com/subprocessors.
- Human-in-the-loop for self-learning features. Octave's optional learning loop can analyze market signals and suggest updates to your GTM library. Your team reviews and approves changes before anything is applied. The system doesn't rewrite your Octave library autonomously.
What data Octave touches — and what it doesn't
Octave can connect to your go-to-market systems, such as your CRM (Salesforce, HubSpot), call intelligence platform (e.g., Gong), and data warehouses where you provide access. It does not connect to production infrastructure or clinical systems with protected information.
Octave reads what you share to detect patterns in your customers’ language, and creates insights and suggestions for how to keep your go-to-market messaging and strategy up to date. It does not provide next-step recommendations about specific deals.
- Field-level scoping. During integration setup, you select exactly which objects and fields Octave can read, across both standard and custom types (e.g., Accounts, Opportunities, Contacts, deal stage). Sensitive object fields can simply be excluded.
- Read-only by default. CRM integrations are scoped to read access. Write access can be enabled at setup, or stay fully disabled.
- Scoped call ingestion. You control which call recordings are shared with Octave via your recorder's webhook configuration. Octave has built-in mechanisms to ensure that it only analyzes commercially oriented conversations (like sales calls), not internal-facing discussions. The purpose is to more accurately extract GTM insights — personas, objections, competitors, outcomes — for conve. If you want to scrub sensitive data, you can do so at the call recorder level.
Compliance and assurance
- SOC 2 audited. Octave's controls for security, availability, and confidentiality are independently audited. Reports and supporting documentation are available under NDA through our trust portal: trust.octavehq.com.
- Trust portal. The portal includes our Information Security Policy, Personnel Security Policy, Acceptable Use Policy, full controls list, and a security FAQ — everything needed to complete a vendor review.
- Data Processing Agreement. A standard DPA (with Standard Contractual Clauses for international transfers) is published at octavehq.com/dpa. Our sub-processor list is public at octavehq.com/sub-processors, with 15 days' advance written notice before any new sub-processor is engaged. Customers hold contractual audit and information rights.
- Retention, deletion, and incidents. Data retention, deletion on termination, and security-incident obligations are defined contractually in our DPA and privacy policy.
Access and identity
- SSO supported. Octave supports single sign-on with your identity provider; setup is initiated on request.
- Encrypted credentials. Authentication tokens are stored encrypted; data is protected in transit and at rest.
- Unlimited seats, controlled access. Pricing is not per-seat, so access can be granted broadly while remaining governed by your identity provider.
How we support your review
Security reviews shouldn't slow your pilot down. We routinely:
- Provide SOC 2 reports, policies, and completed questionnaires under NDA.
- Accept reasonable redlines and special terms on our order form to avoid a custom MSA cycle.
- Onboard in parallel without live integrations: your team builds and validates the Octave library using public information from your website — and, optionally, content you provide us directly — while your security review of live integrations proceeds. No data source is connected until you approve it.
Any questions or requests: support@octavehq.com
