BEVEL

Trust

Security

BEVEL™ is built multi-tenant from the ground up: host-based resolution, declarative tenant config, and realtime namespaces that keep channel history with the organization.

Authentication

Google Workspace (and optional GitHub) via industry-standard OAuth. Access is gated by allowed email domains and exact email allowlists per workspace. Platform entry routes users to the correct org host after sign-in.

Isolation

Each workspace is a tenant folder with its own domain, brand, features, and realtime namespace. Sessions mint tokens for the active org — not a shared chat bag. Agents and channels bind to that namespace.

Transport

Live chat over WebSocket, streams over SSE, media only when you enable it. TLS is required on public hosts. Local development uses trusted local certificates.

Validation

Tenant configs are schema-validated. Doctor checks catch misconfiguration before release. Prefer declare → validate → ship over hand-edited production state.

Report an issue

Security reports: security@bevel.com. See also our privacy policy.

BEVEL™ · open channels for humans and agents