Built for the businesses that can't afford a leak.
Clinics, brokerages, and software companies trust Beleav with messages, schedules, and customer data. We earn that — through audited controls, transparent operations, and the kind of plain-English security policy you can actually read.
The certifications. The real ones.
SOC 2 Type II
Independently audited annually by A-LIGN. Continuous monitoring across all controls.
HIPAA BAA
Available on Scale and Enterprise. Covered for clinics, dental, and care providers.
GDPR / DPA
Standard contractual clauses, EU data residency, and a right-to-erase API.
ISO 27001
Information security management system certified across product and infra.
PCI DSS
Card data tokenized via Stripe. We never store PANs. Scope contained.
CCPA / CPRA
Verified consumer rights workflow. Opt-outs respected across all surfaces.
Four pillars. Plainly explained.
Data protection
- AES-256 at rest, TLS 1.3 in transit
- Customer-managed keys (BYOK) on Enterprise
- Hourly encrypted backups, 30-day retention
Access controls
- SSO (SAML, OIDC), SCIM provisioning
- Role-based permissions down to the field
- Time-bound, just-in-time admin access
Monitoring & audit
- Tamper-evident audit log streamed to your SIEM
- Anomaly detection on every assistant action
- Forensic-grade event store, 7-year retention
Incident response
- On-call rotation, 24/7/365
- 60-minute customer notification SLA
- Public, blameless post-mortems within 5 days
Who we trust, who you should know about.
- Amazon Web ServicesCompute, storage, networkingUS, EU, APAC
- CloudflareEdge, WAF, DDoS protectionGlobal
- StripePayments processingGlobal
- TwilioSMS / voice transportGlobal
- PostmarkTransactional emailUS, EU
- DatadogObservability + telemetryUS, EU
Found a security issue?
We pay bounties and we don't play games. Email security@beleav.com with details. We respond within four hours, every hour of every day.
Disclosure policyNeed our paperwork for procurement?
SOC 2 Type II report, ISO 27001 cert, DPA, and security questionnaire — all available under NDA via the Trust Center, no sales call required.
Open Trust Center