Security is not a feature. It's the foundation.
Every action Beato takes is drafted, reviewed, and approved by you. Your data is encrypted, isolated, and under your control.
Nothing executes without your approval.
Unlike other AI assistants that act autonomously, Beato drafts every action — emails, calendar invites, CRM updates — and presents them for your review. This isn't a setting you turn on. It's how the product works.
Draft
Beato prepares the action but does not execute.
Review
You see exactly what will happen before it happens.
Execute
Only after your explicit approval does the action run.
Draft
Beato prepares the action but does not execute.
Review
You see exactly what will happen before it happens.
Execute
Only after your explicit approval does the action run.
No email sends, no calendar changes, no CRM updates without your explicit sign-off. That's not a feature. It's the architecture.
Built secure from day one.
Data Encryption
AES-256 encryption at rest. TLS 1.3 in transit. All credentials and API tokens are encrypted before storage and never exposed to the client.
Authentication
Supabase Auth with MFA support. OAuth 2.0 for app connections. Secure session management with automatic expiration.
Access Control
Role-based access control with permission middleware on every API route. Row-level security at the database level.
Audit Logging
Every action logged with user ID, timestamp, tool used, and result. Tamper-resistant. Exportable for compliance reviews.
Rate Limiting
266 of 267 API routes protected with preset-based rate limiting. Brute-force and abuse patterns are automatically blocked.
Where your data lives.
Hosting
Vercel edge compute and Supabase managed Postgres. Data hosted in US regions. No self-hosted infrastructure to maintain.
Tenant Isolation
Row-level security enforced at the database level. Each organization’s data is logically isolated from every other account.
Secrets Management
API keys and OAuth tokens encrypted with AES-256 before storage. Never exposed to the client. Managed via Composio with automatic rotation.
Where we stand.
Honest compliance claims. Here's our current status — no false certifications.
| Standard | Status | Details |
|---|---|---|
| GDPR | Ready | Data processing agreements available. EU data handling compliant. |
| SOC 2 Type II | In Progress | Audit initiated. Expected completion Q3 2026. |
| HIPAA | Not Applicable | Glitch One is not designed for protected health information. |
| ISO 27001 | Planned | On our roadmap for 2027. |
| CCPA | Ready | California consumer privacy rights supported. |
Responsible AI by default.
No training on your data
Your conversations, documents, and actions are never used to train AI models. Period.
Model provider isolation
Prompts are sent for inference only. Not stored, not shared, not used for training by any provider.
Human-in-the-loop
Every sensitive action requires your explicit approval. Beato drafts. You decide.
Transparent tool use
Every tool call, API request, and action is logged with input and output. Nothing happens in the dark.
Additional security for teams.
Available on Teams and Enterprise plans.
- SSO via SAML 2.0
- SCIM user provisioning
- Custom data retention policies
- Dedicated account manager
- Business Associate Agreement (BAA) available
- Priority incident response
Report a vulnerability.
Found a vulnerability? We take security reports seriously. Contact us with details and we'll respond within 48 hours. We do not pursue legal action against good-faith security researchers.
security@glitchone.com48-hour acknowledgment commitment.
Questions about security?
Our team is ready to discuss your specific requirements.