Isolated by the database
Every firm’s data is fenced off at the Postgres layer with row-level security, not by application logic that could be bypassed by a bug.
Besmi holds who you know, what you’ve promised, and how you earn. We build for regulated work in mortgage, real estate, insurance, and wealth, where a data leak isn’t an inconvenience, it’s a violation. Here is exactly how the system protects you.
Every firm’s data is fenced off at the Postgres layer with row-level security, not by application logic that could be bypassed by a bug.
The agent prepares; you decide. Every message and every data read it performs is written to an append-only, immutable audit log.
Designed around RESPA, TRID, and state suitability rules, with monitoring that watches for prohibited language and PII drift.
Every record in Besmi carries the organization it belongs to. Postgres Row-Level Security evaluates that ownership on every single query, at the database layer, beneath the application entirely.
The practical consequence: even if application code had a bug, one firm still could not read another firm’s relationships. Isolation doesn’t depend on us writing perfect code. It depends on a policy the database refuses to violate.
Besmi is invite-only, and every account is provisioned by a person, never self-serve. From there, authentication and permissions are layered so the wrong person, or the wrong scanner, can’t slip through.
Accounts are provisioned by a person through a controlled onboarding flow. A typo in an email can never quietly create an account.
Support for authenticator apps, SMS codes, and one-time backup codes. High-assurance sessions gate the actions that need them.
A typed one-time code, alongside the link, so corporate link-scanners that pre-consume magic links can’t lock you out.
Owner, admin, producer, and viewer roles decide what each person can see and change, enforced on every query, not just hidden in the UI.
Our first principle is that the tool decides nothing for you. We hold ourselves to it with proof, not promises: every message the agent sends or receives, and every piece of data it reads, is written to an append-only audit log the moment it happens.
Not just what the agent said, but every table it queried and how many rows it saw, so its reach is always visible.
Filter values are reduced to tokens and PII patterns are stripped before anything is stored. The audit log itself holds no sensitive data.
No update, no delete, enforced by the database. The record of what happened cannot be quietly rewritten.
A governance sweep flags guarantee language, rate strings, and PII patterns, and hard-blocks a response before it ever reaches a client.
If the audit record can’t be written, the response is never shipped. No action leaves the system unaccounted for.
So “what did the agent do” stays answerable long after the private conversation itself is gone.
Mortgage carries RESPA and TRID. Insurance carries state suitability rules. Besmi’s compliance layer is designed around that reality, governed by a written policy the code enforces, with monitoring that watches the agent for prohibited language and PII drift.
Besmi is in private beta. Formal attestations like SOC 2 are on our roadmap as we grow into a broader customer base. We’d rather earn them properly than badge them early. What exists today is the architecture on this page, in production, from day one.
If you have compliance requirements specific to your firm, we’ll walk through them with you directly during onboarding.
Found something that looks wrong, or have a question about how your data is handled? We read every message and respond personally.
security@besmi.ioIf your work depends on relationships you can’t afford to lose, we built this for you. Let’s talk about your requirements.