TRUSTSecurity, privacy & compliance

Built to pass your security review.

BentoCS stores some of the most sensitive data in your company — your customer list, ARR, and renewal risk. We treat it accordingly, with defense-in-depth security and strict multi-tenant isolation enforced at the database.

Request security pack Email security team

Certifications & attestations

SOC 2 Type II

In progress · 2026

GDPR

EU data residency

HIPAA

Not applicable · PHI prohibited

ISO 27001

In progress · Q4 2026

CCPA

California privacy

PCI DSS

Via Stripe

Four pillars

Defense in depth.

Every layer — from the Postgres row to the engineer’s laptop — is hardened, audited, and documented.

Infrastructure security

Hosted on Supabase (AWS us-east-1 / eu-west-1). All traffic TLS 1.3. VPC isolation, WAF, DDoS protection.

Access & identity

Google OAuth default. SAML SSO + SCIM provisioning on Enterprise. Role-based permissions audited per-action.

Data protection

AES-256 at rest, TLS 1.3 in transit. OAuth tokens encrypted in Supabase Vault. Daily encrypted backups with 30-day retention.

Operational security

Background checks on every employee. Annual pen tests. 24/7 monitoring with PagerDuty. Incident response SLA: 1 hour.

Multi-tenancy

Row-level isolation, enforced by Postgres.

Every tenant table carries an organization_id and a Row Level Security policy keyed to the authenticated session. Cross-tenant reads are physically impossible from the application layer — not just filtered, blocked at the database.

-- Every query, every table

CREATE POLICY tenant_isolation ON customers

USING (organization_id = auth.org_id());

✓ Verified by automated RLS tests on every deploy

Encryption

Encrypted everywhere.

TLS 1.3 in transit, AES-256 at rest. Per-tenant encryption keys rotated annually.

TLS 1.3 in transit

AES-256 at rest

Vault-encrypted secrets

HSM-backed keys

Audit log

Every change, attributed.

Immutable audit log for every data mutation — who, what, when, where from. Exportable to S3 on Enterprise.

maya@acme.comupdated health model2m ago

dan@acme.comexported accounts.csv14m ago

priya@acme.cominvited user1h ago

systemAPI key rotated3h ago

Identity

SSO, SCIM, and RBAC.

Google OAuth on every plan. SAML SSO via Okta, Azure AD, Jumpcloud and Auth0 on Enterprise — with SCIM provisioning and JIT user creation.

Okta

Azure AD

OneLogin

Jumpcloud

Backups & DR

15-min RPO, 1-hour RTO.

Continuous WAL backups with point-in-time recovery to any second in the last 30 days. Quarterly restore drills, logged in our control evidence pack.

15 min

RPO

1 hour

RTO

99.95%

SLA uptime

30 days

Retention

AI data handling

Your data never trains a model.

AI features (CSV mapping, QBR drafts, health summaries) use Claude via a zero-retention endpoint. No tenant data is logged, no models are fine-tuned on your customer records.

Zero-retention API with Anthropic

Per-tenant opt-out available

AI outputs logged in audit trail

PII redaction before model calls

Pen testing

Annual third-party tests.

Cure53 runs a full-stack penetration test every 12 months. Report available under NDA.

Disclosure

Coordinated disclosure.

Report vulnerabilities to security@bentocs.com. PGP key on file. Bounty program in private beta.

Subprocessors

Minimal, documented.

Six subprocessors. Full list with DPAs is public. Email notice 30 days before adding a new one.

Data residency

Keep your data where it belongs.

Choose your workspace region at setup. Your customer data, AI summaries, and backups never leave it. EU customers can pin to Frankfurt; regulated US customers to us-east-1.

us-east-1 (N. Virginia)

Default · GDPR ready

eu-west-1 (Ireland)

GDPR · data residency

eu-central-1 (Frankfurt)

GDPR · enterprise

APAC

ap-southeast-1 (Singapore)

Q3 2026

Live status

All systems operational.

99.97% · last 90 daysstatus.bentocs.com

API

99.99%

Web app

99.98%

Integrations sync

99.93%

AI services

99.91%

90 days agoToday

Subprocessors

Who we share data with — and why.

Six subprocessors, all with signed DPAs. We notify every customer by email 30 days before adding a new one.

Vendor	Purpose	Region	Category
Supabase	Managed Postgres · hosting	US, EU	Core DB
Amazon Web Services	Infrastructure · S3	US, EU	Backups & storage
Anthropic	AI inference (zero-retention)	US	AI features
Resend	Transactional email	US	Email delivery
PostHog	Product analytics (self-hosted)	EU	Analytics
Sentry	Error monitoring	US	Error telemetry

Security FAQ

For the security team.

SOC 2 Type II is in progress with a 2026 target — we're working with a Big-Four-standard auditor on Type I scoping. Until the report is issued, we share our control matrix, pen test letter, and business continuity plan under NDA via security@bentocs.com.

Pass your security review in a single call.

Our team has been on both sides of the security questionnaire. Bring yours — we’ll answer it live.

Visit trust portal Book a security review