Back to BeezOS
BeezOS

Security

BeezOS handles real business data — financial records, customer contacts, team communications. We take that responsibility seriously. Here's exactly how we protect your data.

Encryption
  • All data is encrypted at rest using AES-256.
  • All data is encrypted in transit using TLS 1.2 or higher.
  • Passwords are hashed using bcrypt — we never store plaintext passwords.
  • Supabase Auth handles all authentication token management securely.
Access Control
  • Row-level security (RLS) is enforced at the database level on every table.
  • Every query is automatically scoped to the authenticated user's workspace.
  • No user can read, write, or delete data from another workspace — not even if they guess the ID.
  • Workspace invites use cryptographically random UUID tokens with 7-day expiry.
  • Email confirmation is required before account access is granted.
Infrastructure
  • Database and authentication are hosted on Supabase, which is SOC 2 Type II certified.
  • Application is hosted on Vercel, with global CDN and DDoS protection.
  • Data is stored in US-based data centers.
  • API keys and secrets are stored as environment variables — never in source code.
  • Vercel Analytics is used for performance monitoring — it is cookie-free and collects no personal identifiers.
AI Security (BeezBrain)
  • The Anthropic API key is stored server-side only — it is never exposed to the browser.
  • All BeezBrain requests are authenticated — unauthenticated requests are rejected.
  • Rate limiting is enforced: 5 AI messages/day on the free plan, 40/day on Pro.
  • AI context is capped at your 50 most recent transactions to minimize data exposure per request.
  • Your business data is never used to train AI models.
Application Security
  • All form inputs have length limits to prevent large-payload attacks.
  • No sensitive data is logged or exposed in browser consoles.
  • Environment variables follow the principle of least privilege.
  • Supabase anon key is intentionally public by design — all data protection is enforced through RLS policies, not key secrecy.
Data Privacy
  • We never sell, share, or trade your data with third parties.
  • We do not use your business data for advertising.
  • We do not integrate with any advertising networks or data brokers.
  • You can export your financial data via CSV from BeezBooks at any time.
  • You can request full account deletion by emailing contact@beezos.app.
Report a Security Issue

If you discover a security vulnerability in BeezOS, please report it responsibly to contact@beezos.app. We take all reports seriously and will respond within 48 hours.

Privacy PolicyTerms of Service© 2026 Beez Industries