betool betool

Security & compliance

The standard your auditorsexpect.

betool is built for environments where every access, every execution, every debit must be traceable, justifiable, and revocable.

Receive our security dossierRequest a demo

Principles

Four non-negotiables.

They apply to every line of code, every migration, every module.

Strict multi-tenancy

Each organization owns its data, pipelines, secrets, and LLM keys. No cache, no table, no file path is shared without an explicit flag.

Mandatory audit of cross-tenant access

Any read of user content by an agent belonging to another organization (e.g. platform operator) requires client-side opt-in, instantly revocable, logged on every access.

Cascading refusal if audit is unavailable

Strict policy: no read without a trace. If logging fails, the operation is refused. No window where an access would pass without an audit trail.

Model sovereignty (BYOK)

Your OpenAI, Anthropic, Cohere, Mistral API keys. Or private models (Ollama, vLLM) on your own infrastructure. Secrets never leave your perimeter.

Compliance

Frameworks & controls.

GDPR

Article 15 (right of access), article 17 (right to erasure), article 30 (records of processing). Exportable per organization.

Encryption

TLS 1.3 in transit. At-rest encryption on databases and object storage. Secrets managed via a dedicated vault (Vault / KMS depending on deployment).

EU hosting

Default cloud hosted in the European Union. On-premise or sovereign deployment (private client cloud) available on Enterprise.

ISO 27001

Certification in progress. Incident management and access review procedures in place.

SSO & provisioning

SSO via OIDC / SAML, SCIM provisioning, fine-grained roles per organization. Available on Enterprise.

Penetration testing

Annual pentests by an independent third party. Report provided to Enterprise clients under NDA upon request.

Technical guardrails

Integrity, with no blind spots.

The invariants below are enforced by the database and the runtime, not merely by convention.

  • No migration auto-applied at boot — every schema change goes through review.
  • Pre-deploy DB dumps with dedicated retention, tested restore.
  • Execution sandbox per organization: operators can only reach the resources you have explicitly wired.
  • Closed vocabulary for audited entities (CHECK constraints + application whitelist): no surprise entries in the audit log.
  • Pre-call refusal on insufficient balance — no side effects before a confirmed debit.
  • Invariant counters per exchange: no double-charge, uniqueness constraint at the database level.

Deployment

Sovereign by default.

Four deployment formats, from managed multi-tenant to air-gapped. Your hosting constraints drive the choice — not the other way around.

  • Managed multi-tenant (EU)

    betool cloud in the European Union. Strict per-organization isolation. Up and running in a matter of hours.

  • Private client cloud

    Dedicated instance on your cloud tenant (AWS, GCP, Azure, Scaleway, OVH). Network and secrets under your control.

  • On-premise

    Containerized images on your infrastructure. Updates via validated channel.

  • Air-gapped

    No outbound internet connectivity. Private LLM models required. Available on request.

A security question, an audit to prepare?

Our security dossier covers architecture, controls, incident management, and continuity.

Request the dossierRequest a demo