Find answers to common questions about WaverSec Protect.
WaverSec Protect is an AI-powered email security tool that prevents misdirected emails, sensitive data leaks, and compliance violations before they're sent. It works inside your email client in real time.
WaverSec Protect scans your emails as you compose them — checking recipients, content, and attachments against your organization's policies. It flags risks like wrong recipients or sensitive data before you hit send.
Most core processing happens locally on your device. When optional cloud AI is enabled, only the context needed for that analysis is sent to the configured provider. WaverSec Protect is designed not to retain email content, recipients, or attachments in its application databases as normal service records. Operational data like configuration settings, API usage metrics, and optional product analytics if you enable them are still stored to run the service.
Microsoft Outlook via Office 365 Add-in is available now. Google Workspace integration is coming soon.
Installation takes minutes. Download your organization's Outlook manifest from the admin dashboard and deploy via Microsoft 365 Admin Center. Google Workspace deployment is coming soon.
WaverSec Protect is built in the EU with GDPR compliance as a foundation. It is designed not to retain email content, recipients, or attachments in its application databases as normal service records. Configuration and usage data required to operate the service is still stored and is handled under our Privacy Policy, customer agreement, and applicable retention obligations.
The core layers (Policy, DLP, and ML/NLP) provide comprehensive protection on-device and on-prem. Cloud-based AI/LLM models (third-party, tuned for WaverSec Protect) add deeper context as an additional layer under admin control.
From the admin dashboard, you can adjust severity levels for individual policies and refine detection rules. Available detection layers depend on your plan. Changes apply immediately to all users in your environment.
Yes. Administrators control which detection policies are active, how scanners are configured, and how the cloud-based AI/LLM layer is used. Settings are managed per environment, allowing different configurations across teams or departments.
Yes. The core detection engine will be identical across both platforms. When Gmail support launches, it will provide the same policies, DLP detectors, and ML/NLP scanners. The user interface will be adapted for each email client while maintaining consistent protection.
Allow lists bypass security checks for trusted email addresses and domains. Deny lists block known threats with configurable severity levels. Both can be managed per environment through the admin dashboard.
WaverSec Protect stores API usage metrics to operate the service. Optional product analytics can also be enabled to help improve the product. No email content, recipients, or attachments are included in analytics data.
The Policy Engine and DLP Engine use deterministic heuristics with checksum validation to reduce false positives. ML/NLP models are tuned for high precision, and cloud-based AI/LLM analysis provides explainable reasoning for edge cases.
Yes. Administrators choose which policies are active, adjust severity levels, and set custom thresholds. Available policies, DLP detectors, scanners, and AI models depend on your plan. The Business plan includes access to all 47 policies and every detection layer.
No. Policy and DLP run on-device and ML/NLP runs on-prem with sub-second latency. Analysis happens in real-time as you type, not when you click send.
The Policy Engine uses deterministic heuristics—explicit patterns that either match or don't. ML/NLP models analyze context and meaning, catching subtle mismatches (like discussing "Project Alpha" while emailing "Project Beta" team members) that heuristics can't detect.
When used, cloud-based AI/LLM models (third-party, tuned for WaverSec Protect) provide deeper contextual reasoning for ambiguous cases. Results appear in the warning panel with clear explanations under admin control.
Each layer focuses on different aspects of your email. The Policy Engine checks recipient patterns and metadata. DLP scans content for PII and financial data. ML/NLP analyzes subject and body for entity and topic matching. Cloud-based AI/LLM models provide semantic understanding across all available context.
WaverSec Protect works with all Microsoft 365 Business and Enterprise plans that support Office Add-ins. This includes Business Basic, Business Standard, Business Premium, E3, E5, and F1/F3 frontline worker plans.
Google Workspace support is coming soon. We will share compatibility updates as it becomes available.
From downloading your manifest to having protection active takes minutes. Centralized Deployment through Microsoft 365 Admin Center automatically pushes the add-in to all users—no individual installation needed.
Choose the manifest enforcement mode per domain: Taskpane Only, Prompt User (warn before send), Soft Block (warn with override), or Block (prevent send). Each mode controls how the add-in responds to detected risks.
No. With Centralized Deployment, administrators push the add-in to users automatically. The protection appears in their email client without any action required from end users.
Yes. Microsoft 365 Centralized Deployment supports user, group, and organization-wide targeting. You can pilot with a small group before rolling out to your entire organization.
With Centralized Deployment, administrators control the add-in. Users cannot remove protection deployed by their organization. If needed, administrators can remove or reassign the add-in through the admin center.
Core policy and DLP checks run on-device. Additional scanners can run in the customer environment, and optional cloud AI can be enabled for deeper analysis. WaverSec Protect is designed so message bodies, recipient lists, and attachment files are not retained in its application databases as normal service records.
WaverSec Protect is designed not to keep attachment files in its application databases as part of normal operation. The service still stores operational data such as accounts, configuration, usage records, and billing references.
Policy and DLP engines run locally on the device. Additional scanners can run in the customer environment. Optional cloud AI features are separate and customer-controlled. Operational account, config, usage, and billing data are retained to run the service.
Yes. Cloud AI/LLM models are an optional additional layer under admin control. On-device policies and DLP detectors, combined with customer-side scanners, can still provide strong protection without that layer.
Landing-site analytics are presented through a consent banner where required. Optional product analytics in the admin dashboard and Outlook add-in are disabled by default and can be managed by an organization administrator through the admin dashboard's Optional product analytics setting. The Outlook add-in follows that organization setting. Operational usage and security records needed to run WaverSec Protect are still collected regardless.
Deleting your organization removes the associated configuration, usage records, and subscription links in the current service design. Account deletion removes the linked admin account as well. Some records can still be retained longer if needed for legal, tax, or security reasons.
Misdirected email is the #1 reported data security incident type. In Q1 2024, 18% of all 2,970 incidents reported to the UK ICO were emails sent to the wrong recipient — a 21% increase from Q1 2023.
73% of data security incidents reported to the ICO are non-cyber — caused by human error, not hackers. Misdirected emails consistently rank as the single most common incident type, ahead of phishing and ransomware.
73% of employees are aware of security policies, but only 52% actually adhere to them. 54% say they make more email mistakes when busy or overwhelmed, and 38% don't fully understand their organization's email security policies.
No. Only 34% of outbound email incidents are formally reported — the majority go undetected. 33% of employees have sent wrong attachments and 32% have sent emails to the wrong recipient without reporting it.
Traditional DLP takes an average of 18 months to deploy and find value. Only 41% of IT security practitioners say current DLP solutions effectively prevent misdirected email data loss.
66% of IT leaders admit that outbound mistakes cause more data loss than inbound attacks. Yet 47% still cite inbound threats like phishing as their primary concern — leaving outbound risk under-addressed.
Yes. The ICO reported a 21% increase in data security incidents from Q1 2023 to Q1 2024, and misdirected email rose from 18% to 21% of all incidents between Q1 and Q4 2024. In the Netherlands, 85% of data breaches in 2024 were caused by human email errors.
60% of employees report using workarounds to bypass security policies. Among frequent mistake-makers, policy confusion climbs to 52%. Even though 73% of employees are aware of policies, only 52% actually adhere to them.
Training still matters. WaverSec Protect reinforces policy at compose-time, when people are under pressure and most likely to make outbound email mistakes.
It can cover a large part of outbound email risk on its own, and it also fits well alongside broader DLP programs. The key difference is that WaverSec Protect adds pre-send, user-facing protection where email mistakes actually happen.
WaverSec Protect does not retain email content, recipients, or attachments. Core detection runs on-device and on-prem, and cloud AI/LLM analysis is stateless and optional for edge cases.
Yes. Teams can start with lighter enforcement like Taskpane only or Prompt user, then move to Soft block or Block as confidence and policy maturity increase.
Rollout is designed to take minutes, not months. Download the manifest, deploy it through Microsoft 365, and start with a pilot group before expanding further.
Users see the issue in the add-in with severity and explanation. Depending on policy, they can remove the flagged recipient or attachment, acknowledge the warning, or be blocked from sending until it is fixed.