At BeeMeAi, we take the protection of customer data extremely seriously. This Security Policy describes the organizational and technical measures BeeMeAi implements platform-wide, designed to prevent unauthorized access, use, alteration, or disclosure of customer data.
Your data is encrypted end-to-end. All data in transit uses TLS 1.3. All data at rest is encrypted with AES-256. We do not store credit card information directly.
BeeMeAi services operate on Amazon Web Services (AWS), Cloudflare, Railway, and Vercel. As you continue to learn more about BeeMeAi, we recommend you also review our Terms of Use and Privacy Policy.
Incident Response Plan
- We have implemented a formal procedure for security events and educated all staff on our policies.
- When security events are detected, they are escalated and our team is assembled to rapidly address the event.
- After a security event is fixed, we write a post-mortem analysis reviewed across the team with action items to improve detection and prevention.
Build Process Automation
- We have functioning, frequently used automation to safely and reliably roll out changes to our application and platform within minutes.
- We deploy code many times a day, giving us high confidence that security fixes can ship quickly when required.
Authentication
- Two-factor authentication (2FA) and strong password policies are enforced on GitHub, AWS, Cloudflare, and Vercel.
- User authentication is handled through secure providers supporting email/password and OAuth (Google).
Infrastructure
- All services run in the cloud — BeeMeAi does not operate its own routers, load balancers, DNS servers, or physical servers.
- Services and data are hosted in Railway and AWS facilities protected by their security teams.
- Application delivery is protected by Vercel.
- Object storage uses Cloudflare with enterprise-grade security.
Application Monitoring
- We use application monitoring tools to quickly identify and resolve incidents.
- All access to BeeMeAi applications is logged.
- Actions taken on production consoles or in the BeeMeAi application are logged.
- BeeMeAi data is primarily hosted in Railway and AWS facilities in Europe.
- Customer data is stored in databases with strict access controls.
- Customer documents and files are stored in cloud object storage with encryption at rest.
- Each system used to process customer data is adequately configured and patched using commercially-reasonable methods according to industry-recognized hardening standards.
- BeeMeAi engages certain subprocessors (AWS, Railway, Cloudflare, Vercel, OpenAI) to process customer data.
- BeeMeAi is served 100% over HTTPS.
- All data sent to or from BeeMeAi is encrypted in transit using TLS 1.3 with 256-bit encryption.
- Our API and application endpoints are TLS/SSL only.
- We encrypt all sensitive data using an industry-standard AES-256 encryption algorithm.
All payment instrument processing for the purchase of BeeMeAi services is performed by Stripe, a PCI DSS Level 1 certified payment processor. BeeMeAi does not store or process credit card information directly.
We utilize OpenAI's GPT models for AI-powered features. Customer data sent to these services is:
- Transmitted over encrypted connections
- Not used to train AI models (per our agreements with AI providers)
- Subject to the privacy and security policies of these providers
- Processed in compliance with GDPR and other data protection regulations
- Managing your own user account on BeeMeAi.
- Protecting your account and credentials by securing your email.
- Compliance with the Terms of Use agreement with BeeMeAi, including with respect to compliance with laws.
- Promptly notify BeeMeAi if a user credential has been compromised or if you suspect suspicious activities that could negatively impact the security of BeeMeAi or your account.
- You may not perform any security penetration tests or security assessment activities without the express advance written consent of BeeMeAi.
BeeMeAi is committed to maintaining compliance with relevant security and privacy standards:
- GDPR (General Data Protection Regulation) compliant
- Working towards SOC 2 Type II certification
- SSL encrypted — all data in transit protected
We continuously monitor and update our security measures. For the latest information about our security practices or to report a vulnerability, please contact us at info@beemeai.com.
Last updated: August 5, 2025
© 2025 BeeMeAi. All rights reserved.
← Back to BeeMeAi