Security is not a feature. It's the foundation.

Every action Beato takes is drafted, reviewed, and approved by you. Your data is encrypted, isolated, and under your control.

Nothing executes without your approval.

Unlike other AI assistants that act autonomously, Beato drafts every action — emails, calendar invites, CRM updates — and presents them for your review. This isn't a setting you turn on. It's how the product works.

1

Draft

Beato prepares the action but does not execute.

2

Review

You see exactly what will happen before it happens.

3

Execute

Only after your explicit approval does the action run.

No email sends, no calendar changes, no CRM updates without your explicit sign-off. That's not a feature. It's the architecture.

Built secure from day one.

Data Encryption

AES-256 encryption at rest. TLS 1.3 in transit. All credentials and API tokens are encrypted before storage and never exposed to the client.

AES-256TLS 1.3Encrypted at Rest

Authentication

Supabase Auth with MFA support. OAuth 2.0 for app connections. Secure session management with automatic expiration.

Access Control

Role-based access control with permission middleware on every API route. Row-level security at the database level.

Audit Logging

Every action logged with user ID, timestamp, tool used, and result. Tamper-resistant. Exportable for compliance reviews.

Rate Limiting

266 of 267 API routes protected with preset-based rate limiting. Brute-force and abuse patterns are automatically blocked.

Where your data lives.

Hosting

Vercel edge compute and Supabase managed Postgres. Data hosted in US regions. No self-hosted infrastructure to maintain.

Tenant Isolation

Row-level security enforced at the database level. Each organization’s data is logically isolated from every other account.

Secrets Management

API keys and OAuth tokens encrypted with AES-256 before storage. Never exposed to the client. Managed via Composio with automatic rotation.

Where we stand.

Honest compliance claims. Here's our current status — no false certifications.

StandardStatusDetails
GDPRReadyData processing agreements available. EU data handling compliant.
SOC 2 Type IIIn ProgressAudit initiated. Expected completion Q3 2026.
HIPAANot ApplicableGlitch One is not designed for protected health information.
ISO 27001PlannedOn our roadmap for 2027.
CCPAReadyCalifornia consumer privacy rights supported.

Responsible AI by default.

No training on your data

Your conversations, documents, and actions are never used to train AI models. Period.

Model provider isolation

Prompts are sent for inference only. Not stored, not shared, not used for training by any provider.

Human-in-the-loop

Every sensitive action requires your explicit approval. Beato drafts. You decide.

Transparent tool use

Every tool call, API request, and action is logged with input and output. Nothing happens in the dark.

Additional security for teams.

Available on Teams and Enterprise plans.

  • SSO via SAML 2.0
  • SCIM user provisioning
  • Custom data retention policies
  • Dedicated account manager
  • Business Associate Agreement (BAA) available
  • Priority incident response

Report a vulnerability.

Found a vulnerability? We take security reports seriously. Contact us with details and we'll respond within 48 hours. We do not pursue legal action against good-faith security researchers.

security@glitchone.com

48-hour acknowledgment commitment.

Questions about security?

Our team is ready to discuss your specific requirements.