Invite-onlyRequest access
Paylo.one · Management OS

A private management operating system for high-context leaders.

Paylo.one consolidates the channels you already run on and turns them into a high-signal Daily Memo, suggested actions held for your approval, and a private diary that keeps your context on the record. It links every signal to the people behind it, and you stay in control of what each source monitors. One calm operating layer for decisions, signals, and execution.

Request accessView catalogue
  • 01Consolidates fragmented channels into one operating layer
  • 02Generates a source-referenced Daily Memo every morning
  • 03Links every signal to the people behind your decisions and risks
  • 04Suggests actions and holds them for your approval
  • 05Gets sharper as you correct, link, and refine it
Fragmented channelsOne operating layer
EMAIL & MS 365CALENDARWHATSAPPGITHUBNOTIONOBSIDIANDaily Memo

Many inputs, one calm operating surface. Every line resolves to a single, source-referenced brief.

Built for

Operators who carry consequential decisions and cannot afford to lose context across fragmented channels.

  • C-suite executives
  • Founders
  • CTOs
  • COOs
  • Managers
  • Fractional executives
  • Senior operators
Product

Four surfaces. One operating layer.

Management OS is organised around how leaders actually work: what to know, who is involved, what to do, and what to remember. The surfaces are Briefing, Actions, Diary, and People.

01

Briefing

Your Daily Memo: a calm, one-page brief assembled each morning from your own connected channels.

Why it matters

It answers what matters today, what changed, what needs a decision, and what cannot slip, before the day starts pulling at you.

What it handles

Email, calendar, code, documents, and messages, ranked by consequence rather than chronology and linked to the people they involve.

How you operate better

You open one surface instead of ten, and you read it in two minutes with every claim traceable to its source.

02

Actions

A short queue of suggested actions extracted from your context, each with its rationale and source.

Why it matters

Commitments, asks, and deadlines surface as candidates. Nothing is created or sent on your behalf.

What it handles

Follow-ups owed, replies awaited, decisions pending, and commitments ageing across every connected source.

How you operate better

You approve, edit, defer, or dismiss. The system prepares the work; you remain the one who acts.

03

Diary

A private thinking space for reflections, decisions, and rationale, captured in text or voice.

Why it matters

The reasoning behind a decision usually evaporates. The Diary keeps it next to the context that prompted it.

What it handles

Private notes and voice memos, transcribed, and linked by deliberate choice to briefings, actions, and items.

How you operate better

Private by default. Nothing is fed to the system's intelligence unless you explicitly opt in.

04

People

A directory of the people behind your work, with every email, message, and pull request linked to the right person across channels.

Why it matters

Information is fragmented, but the people are constant. Knowing who is connected to which decisions, risks, and follow-ups is what makes a brief relationship-aware instead of a flat summary.

What it handles

Cross-source identities (email, WhatsApp, Teams, GitHub, Notion), correlated signals, and the actions and projects each person touches.

How you operate better

You confirm or correct who is who. The system proposes links with a confidence score and never merges people on its own.

The Daily Memo

Every morning, know what matters, what changed, and what needs approval.

The Daily Memo is the wedge. It is assembled on schedule and on demand from your connected channels, ranked by consequence, and written to be read in two minutes. It opens with the people behind today's activity, correlated across your channels and ranked by the importance you set, so the brief is relationship-aware, not a flat summary. It is the first thing you read and the reason you return.

The trust contract

Every insight carries a source reference: the system it came from, the specific item, a timestamp, a confidence value, and an excerpt or deep link. If an insight cannot be attributed, it is not shown. Low-confidence insights are labelled, never dressed up as fact.

Catalogue

A catalogue of governed services, not a feature list.

Management OS is assembled from 26 services across five layers. Each is governed, tenant-isolated, and source-referenced by design. Availability is marked plainly: what ships first, what is set up with you, and what comes later.

Operating surfaces

The surfaces you work from every day.

Briefing Engine

Briefing Service

Assembles, ranks, and serves your source-referenced Daily Memo on schedule and on demand.

MVPIncluded

You start the day from one calm, two-minute brief instead of ten open tabs.

Action Review

Action Extraction Service

Detects candidate actions from your context and runs the approve, edit, defer, dismiss lifecycle.

MVPIncluded

Commitments and follow-ups stop slipping, and nothing is ever actioned without you.

Diary

Diary Service

Private text and voice journaling with transcription and deliberate linking to your context.

MVPIncluded

The reasoning behind your decisions stays on the record, private by default.

Context and connections

How your fragmented channels become one operating context.

Source Connections

Source Connection Service

Connect and configure external sources, choose exactly what each one monitors, and set a storage policy.

MVPIncluded

Gmail, Google Calendar, GitHub (by selected repository), Notion, Obsidian, and file upload in the first release, with more to follow.

Context Ingestion

Ingestion Service

Pulls and receives items from connected sources reliably, with durable retries.

MVPIncluded

Your context stays current without you copying anything across.

Normalisation

Normalisation Service

Converts heterogeneous items into one common shape and prepares summaries.

MVPIncluded

Email, code, and documents become comparable, searchable, briefable context.

Knowledge Store

Knowledge Store Service

The canonical, queryable store of your normalised items, summaries, and embeddings.

MVPIncluded

A private system of record for your operating context, governed by your retention policy.

Search and Retrieval

Search and Retrieval Service

Semantic and keyword retrieval across your context, powering memos and the command palette.

MVPIncluded

Find any decision, thread, or document by meaning, not just exact words.

Advanced Integrations

Source Connection Service (phased)

MS 365 mail, plus phased Teams and Outlook, with documented fallbacks.

Assisted OnboardingOnboarding

Bring the rest of your communication surface into the operating layer as it lands.

WhatsApp Monitoring

WhatsApp Session Service

A tenant-scoped WhatsApp session, onboarded by QR, designed to monitor only the people or chats you approve.

Assisted OnboardingOnboarding

Signal from the conversations that matter, never your whole account. The legal and platform approach is validated before any real session is enabled.

People, correlation, and refinement

The relationship layer that links information to the people behind it, and gets sharper as you correct it.

People Context

People Context Service

A tenant-scoped directory of people with their cross-source identities, tags, and relationships.

MVPIncluded

Know who is connected to which decisions, risks, and follow-ups, with every channel resolved to one person.

Information Correlation

Information Correlation Service

Resolves incoming items to known people by their verified identities, with confidence and confirmable suggestions.

MVPIncluded

Your memo and actions become relationship-aware. The system proposes links and you confirm them; it never merges people on its own.

Refinement Rules

Refinement Rules Service

Turns your corrections, links, and dismissals into explicit, inspectable rules that shape triage and the memo.

LaterIncluded

The system grows more useful as you correct it, through rules you can see and change, never hidden learning.

Intelligence and model governance

The governed layer behind every AI insight, never a chatbot bolted on.

System Modules

Agent Orchestration Service

Runs the embedded agents durably: Daily Memo, action extraction, priority, risk, and attribution.

MVPIncluded

Intelligence is part of the operating system, invoked on a trigger, not a chat window.

Model Governance Layer

Model Gateway Service

The single, policy-enforced front door to all inference, with routing, validation, and audit.

MVPIncluded

Every model call is entitled, logged, source-referenced, and isolated to your tenant.

Model Catalogue

Model Catalogue Service

Registry of available models across Paylo-hosted, external, and tenant-owned providers.

MVPIncluded

The right model for each task, with cost and data-handling profiles made explicit.

Model Entitlements

Model Entitlement Service

Controls which models and tasks each workspace may use, and under which limits.

MVPIncluded

Access is deny-by-default and governed by your plan, never over-broad.

Prompt Versioning

Prompt Versioning Service

Versions prompt templates, parameters, and output schemas for reproducibility and audit.

MVPIncluded

How an insight was produced is recorded and reproducible, not a black box.

Usage and Cost Controls

Model Usage and Cost Service

Tracks tokens, latency, and cost per workspace, and enforces a model usage allowance.

MVPUsage-based

Inference stays governed and predictable, with a clear allowance on every plan.

Private Inference Runtime

Inference Runtime Service

A private vLLM runtime and tenant-routed models, behind the same governed gateway.

EnterpriseEnterprise

Keep inference off shared infrastructure when your organisation requires it.

Tool Gateway

Tool Gateway Service

A single, tenant-aware front door designed for governed agent tool access over the Model Context Protocol.

Assisted OnboardingOnboarding

When agents reach for external tools, every call is designed to be entitled, approval-gated, and audited, never run directly.

MCP Server Registry

MCP Server Registry Service

The registry that supports the architecture for which MCP servers and tools exist, with capability, risk class, and approval metadata.

Assisted OnboardingOnboarding

Nothing is callable unless it is registered and active, keeping the tool surface deliberate and reviewable.

Identity, trust, and operations

The institutional layer that makes the operating system safe to rely on.

Workspace and Tenant Isolation

Identity and Tenant Service

Authenticates you and enforces tenant context, subdomains, and roles on every request.

MVPIncluded

Your operating layer is yours alone, isolated at the data layer.

Audit and Source Traceability

Audit and Source Traceability Service

Source references for every AI claim plus a tenant-scoped, append-only audit log.

MVPIncluded

Trust is visible and verifiable, with export and deletion evidence on hand.

Quiet Notifications

Notification Service

High-signal nudges, primarily your briefing-ready cue, with no manufactured urgency.

MVPIncluded

The system speaks only when not speaking would be irresponsible.

Billing and Access

Billing Service

Invite-linked paid activation, subscription state, and entitlement, tied to your workspace.

MVPOnboarding

Deliberate, invite-only access with paid onboarding, never a public free-for-all.

Pricing

Priced for individuals, set up for operators.

Access is invite-only at every tier. Pricing is indicative while the product is in private beta and is shown as a starting point, not a final rate card.

Invite-onlyPaid onboardingMonthly subscriptionUsage-based model allowanceCustom enterprise pricing
INVITE-ONLY

Private Operator

For individual leaders.

From $49
per month, billed monthly. Invite-only.

A single-user operating layer with the Daily Memo at its core.

  • Single-user workspace
  • Personal subdomain
  • Daily Memo
  • Actions
  • Diary
  • Core integrations
  • Source references on every insight
  • Basic retention controls
Request access
PAID ONBOARDING

Executive OS

For high-context leaders who want deeper setup and support.

From $149
per month, plus paid onboarding. Invite-only.

Everything in Private Operator, set up with you and tuned to how you operate.

  • Everything in Private Operator
  • Paid, hands-on onboarding
  • Advanced integrations
  • Extended retention controls
  • Higher source volume
  • Priority memo generation
  • Model usage allowance
  • Workflow automation
  • Tenant-isolated tool layer
  • Controlled agent tool access, set up with you
  • Periodic review sessions
Request access
CUSTOM PRICING

Enterprise / Private Deployment

For organisations needing stronger controls.

Custom
annual agreement. Security review included.

Private inference and custom controls for regulated and security-led organisations.

  • Custom tenant controls
  • Advanced audit
  • Private model routing
  • vLLM / private inference options
  • Advanced MCP governance
  • Private tenant tool deployment
  • Extended tool invocation audit logs
  • SSO / SAML (later)
  • Custom domains (later)
  • Custom retention policies
  • Dedicated support
  • Security review
Talk to us
What is included at each tier
CapabilityPrivate OperatorExecutive OSEnterprise / Private Deployment
Daily MemoPriorityPriority
Actions
Diary
IntegrationsCoreAdvancedAdvanced
Personal subdomainCustom (later)
Source references
Data retention controlsBasicExtendedCustom
Model gateway access
Paylo-hosted model accessStandardAllowanceAllowance
Private inference option
Audit trailStandardStandardAdvanced
Tenant-isolated tool layerControlledAdvanced
Controlled agent tool accessAssisted setupAdvanced
MCP governanceAssisted setupAdvanced
Private tenant tool deployment
Tool invocation audit logsStandardExtended
Onboarding supportSelf-servePaid onboardingDedicated
Support levelStandardPriorityDedicated
Operating model

How the operating layer runs.

Context flows in from your sources, is linked to the people it involves, resolves into a memo and suggested actions, and grows sharper as you correct it. Three rules never bend.

01

Connect sources

Authorise the channels you run on, choose what each one monitors, and set a storage policy for each.

02

Ingest and normalise

Items are pulled in and resolved into one common shape, tenant-isolated throughout.

03

Correlate to people

Each item is linked to the person it involves, by their verified identities, with uncertain matches held for your confirmation.

04

Generate the Daily Memo

A source-referenced, relationship-aware brief is assembled on your schedule and on demand.

05

Suggest actions

Candidate actions are extracted with rationale and held for your approval.

06

Capture diary memory

Reflections and decisions are recorded privately and linked by choice.

07

Refine as you correct

Your corrections, links, dismissals, and confirmations become explicit rules, so the system grows sharper without hidden learning.

Approval-gated

Actions require your approval

Paylo.one never sends, posts, comments, merges, or schedules on your behalf. It prepares the work; you execute it.

Source-referenced

Every insight cites its source

AI output is grounded in your own items. If a claim cannot be attributed to a source, it is withheld rather than shown.

Explicit

It learns from your corrections, not in the dark

The system improves through explicit, inspectable rules you can see and change. There is no hidden model personalisation and no silent learning.

Trust and security

Built for the discretion the role demands.

This system holds an operator's most sensitive context. Trust is treated as a feature, not a footnote. Every pillar below is explained for the person relying on it, not only the people building it.

Tenant isolation

Your workspace is isolated from every other tenant at the data layer. There is no shared context and no cross-tenant retrieval.

A subdomain per tenant

Each operator runs on their own subdomain, for example bernard.paylo.one, resolved server-side and never trusted from the client.

Passkey-ready authentication

Authentication is designed for passkeys: phishing-resistant sign-in with no shared password to steal, and every session resolved to the right tenant.

Source references for every insight

AI insights are traceable to the exact item, system, timestamp, and confidence behind them. Unattributable claims are withheld.

You control storage

Set a storage policy per source: keep raw and summaries, summaries only, or no raw retention at all. Summaries are kept; raw is held only for a bounded audit window and then purged. Your data, your terms.

Relationship context stays yours

People, their cross-source identities, and private notes are tenant-scoped and never matched or shared across tenants. The system proposes links with a confidence score and you confirm them; it never merges people on its own.

WhatsApp by approved people only

WhatsApp runs in a tenant-scoped session designed to monitor only the people or chats you approve, never your whole account. The legal and platform approach is validated before any real session is enabled.

Explicit refinement, not hidden learning

Paylo.one grows more useful as you correct, link, and refine it, through inspectable rules you control. There is no hidden model fine-tuning and no silent personalisation.

Human approval before action

No action is created or sent until you confirm it. There are no autonomous external actions in the product.

A governed Model Gateway

All inference flows through a single, policy-enforced gateway. Provider keys are never exposed, and every call is entitled and logged.

Controlled tool access

When the system uses external tools, calls are designed to run through a single governed layer, the Tool Gateway, built around the Model Context Protocol (MCP). Each call is tenant-scoped and entitled, anything consequential is held for your approval, and tool results are treated as untrusted input.

Private inference, on the roadmap

A private inference runtime and tenant-routed models let regulated organisations keep inference off shared infrastructure.

Audit and source traceability

A tenant-scoped, append-only audit trail records actions, decisions, and access, with export and deletion evidence.

Tool governance

Designed for governed tool access, not open-ended automation.

When agents need to reach beyond your context, Paylo.one is designed around the Model Context Protocol (MCP). Every tool call is built to pass through one governed layer, the Tool Gateway, and never an MCP server directly. This capability is scaffolded today and switched on through assisted onboarding, not enabled by default.

One governed front door

The Tool Gateway is designed as the single, tenant-aware access layer for tools. Agents ask it to run a named tool; routing, policy, credential handling, and audit stay in one place.

MCP servers stay swappable

MCP servers are the tool runtimes behind the gateway. The MCP Server Registry supports the architecture for which servers and tools exist, with capability and risk metadata, and nothing runs unless it is registered and active.

Approval before consequence

Read-only tools gather context under audit. Anything that writes or acts is approval-gated by design, consistent with the rule that nothing acts on your behalf without you.

Tool output is untrusted

Results are treated as data, never instructions. They are schema-validated and sanitised before they reach the model, and never auto-trigger another tool call.

Scaffolded and spec'd today. Write-capable tools and private tenant tool deployment are available through assisted onboarding and enterprise agreements.
Access

Paylo.one Management OS is currently invite-only.

Access is granted by invitation, with paid onboarding for serious operators. If your context has outgrown notes and dashboards, request an invitation and we will be in touch.

Request accessView catalogue

Private beta. No public waitlist. Onboarding is deliberate and hands-on.