Trust

Security

Sydney hosting, per-tenant encryption keys, tenant isolation by default, and read-only AI on governed data layers.

Last updated · 16 July 2026
AUAll processing onshore in Sydney

Security commitment

Becide is designed for organisations that require strong data isolation, Australian residency, and traceable AI operations. This page summarises the architecture. Detailed responses are available for enterprise security reviews.

The six controls

Every deployment starts from these baselines. Enterprise reviews go deeper.

  1. 01

    Data residency

    Application, data lake, platform records, audit logs, AI inference, and auth — all in Australia.

  2. 02

    Encryption

    AES-256 at rest with per-client dedicated keys. TLS 1.2+ in transit. Becide never stores key material.

  3. 03

    Tenant isolation

    Every resource is scoped by organisation — storage, database keys, indices, and key references.

  4. 04

    Authentication

    Password policies, optional SSO, secure session cookies, JWT tenant claims resolved server-side.

  5. 05

    AI safety

    Read-only on approved layers. Every run has an ID with tools invoked and safety checks logged.

  6. 06

    Audit & monitoring

    Operational logs retained onshore. Alarms cover orchestrator errors, tool failure rates, and health.

Certifications and controls

What we can share now, and what enterprise reviews unlock.

  • APP-aligned architecture

    Built for Privacy Act 1988 (Cth) and Australian Privacy Principles compliance.

  • AWS Sydney (ap-southeast-2)

    Single-region deployment with tenant-scoped storage and search.

  • Per-client encryption keys

    Provisioned at onboarding, disabled on exit with mandatory destruction window.

  • Read-only AI tools

    The assistant cannot write to client archives or modify connector credentials.

  • Encrypted question records

    User questions are stored encrypted, never in plaintext logs. Models never see secrets.

  • Enterprise review packet

    Security questionnaires, architecture diagrams, and subprocessor lists on request under NDA.

Vulnerability & incident management

We apply security patches to managed infrastructure and review dependencies regularly. Security issues may be reported to hello@becide.com.

We maintain incident response procedures including breach assessment and client notification per our DPA and Privacy Policy.

Shared responsibility

Clients are responsible for user provisioning, connector credential rotation, and lawful use of data they upload. We secure the platform; clients govern what data they connect and who may access it.

We do not represent certifications we have not obtained. Enterprise customers may request security questionnaires, architecture diagrams, and subprocessor lists under NDA.

Preparing a security review?

We'll send the enterprise review packet, walk through the architecture, and answer the questions your team needs answered.