Trust & security

Your book of relationships is the most sensitive thing you own.

Besmi holds who you know, what you’ve promised, and how you earn. We build for regulated work in mortgage, real estate, insurance, and wealth, where a data leak isn’t an inconvenience, it’s a violation. Here is exactly how the system protects you.

01

Isolated by the database

Every firm’s data is fenced off at the Postgres layer with row-level security, not by application logic that could be bypassed by a bug.

02

Accountable AI

The agent prepares; you decide. Every message and every data read it performs is written to an append-only, immutable audit log.

03

Built for regulated work

Designed around RESPA, TRID, and state suitability rules, with monitoring that watches for prohibited language and PII drift.

Isolation

One tenant can never see another’s data. Enforced by the database, not by hope.

Every record in Besmi carries the organization it belongs to. Postgres Row-Level Security evaluates that ownership on every single query, at the database layer, beneath the application entirely.

The practical consequence: even if application code had a bug, one firm still could not read another firm’s relationships. Isolation doesn’t depend on us writing perfect code. It depends on a policy the database refuses to violate.

-- policy on every table
CREATE POLICY "see own org only"
ON opportunities FOR SELECT
USING ( org_id = current_org() );
-- request for another org →
rows returned: 0
Identity & access

Getting in is deliberate. So is what you can reach once you’re there.

Besmi is invite-only, and every account is provisioned by a person, never self-serve. From there, authentication and permissions are layered so the wrong person, or the wrong scanner, can’t slip through.

Invite-only, never self-serve

Accounts are provisioned by a person through a controlled onboarding flow. A typo in an email can never quietly create an account.

Two-factor authentication

Support for authenticator apps, SMS codes, and one-time backup codes. High-assurance sessions gate the actions that need them.

Scanner-proof sign-in

A typed one-time code, alongside the link, so corporate link-scanners that pre-consume magic links can’t lock you out.

Role-based access

Owner, admin, producer, and viewer roles decide what each person can see and change, enforced on every query, not just hidden in the UI.

The agent

An AI that prepares, then leaves a record of everything it touched.

Our first principle is that the tool decides nothing for you. We hold ourselves to it with proof, not promises: every message the agent sends or receives, and every piece of data it reads, is written to an append-only audit log the moment it happens.

agent_audit_logappend-only
user_prompthash sha256:9f2c… · flags []
data_readcall_log · user_id=:uid · rows 7
rls_denialcross-org read · rows 0
pii_redactionpii_pattern_ssn · value never stored
agent_responsehash sha256:c41a… · flags []

Every read is logged

Not just what the agent said, but every table it queried and how many rows it saw, so its reach is always visible.

Redacted, never raw

Filter values are reduced to tokens and PII patterns are stripped before anything is stored. The audit log itself holds no sensitive data.

Immutable by design

No update, no delete, enforced by the database. The record of what happened cannot be quietly rewritten.

A monitor that watches

A governance sweep flags guarantee language, rate strings, and PII patterns, and hard-blocks a response before it ever reaches a client.

If the audit record can’t be written, the response is never shipped. No action leaves the system unaccounted for.

Data handling

We keep sensitive data as far from reach as the work allows.

·
Hashed before storage
Prompt and response content is SHA-256 hashed server-side, keeping raw text one layer further from the database.
·
PII defense-in-depth
Multiple layers detect and redact sensitive patterns; a detected leak is blocked and escalated the same hour.
·
Encrypted integration secrets
Credentials for connected systems are stored encrypted, never in plain text.
·
Least-privilege service roles
The audit writer can only insert. No browser session can reach it. Every role gets the narrowest access that works.
Retention

The audit trail deliberately outlives the content it describes.

So “what did the agent do” stays answerable long after the private conversation itself is gone.

Conversation content
The private surface
180 days
Audit metadata
The accountability trail
7 years
Compliance & practice

Built for industries that are audited for a living.

Mortgage carries RESPA and TRID. Insurance carries state suitability rules. Besmi’s compliance layer is designed around that reality, governed by a written policy the code enforces, with monitoring that watches the agent for prohibited language and PII drift.

Postgres row-level security on every table
TLS / HTTPS everywhere
Append-only, immutable audit trail
SHA-256 hashing before storage
Multi-factor authentication
Role-based access control
Encrypted integration secrets
Written, enforced compliance policy
Where we are

Honest about the stage we’re at.

Besmi is in private beta. Formal attestations like SOC 2 are on our roadmap as we grow into a broader customer base. We’d rather earn them properly than badge them early. What exists today is the architecture on this page, in production, from day one.

If you have compliance requirements specific to your firm, we’ll walk through them with you directly during onboarding.

Report a concern

Found something that looks wrong, or have a question about how your data is handled? We read every message and respond personally.

security@besmi.io
For account access issues, sign in or ask your workspace owner.

Trust is the product. The security is how we keep it.

If your work depends on relationships you can’t afford to lose, we built this for you. Let’s talk about your requirements.