Trust
Security
BEVEL™ is built multi-tenant from the ground up: host-based resolution, declarative tenant config, and realtime namespaces that keep channel history with the organization.
Authentication
Google Workspace (and optional GitHub) via industry-standard OAuth. Access is gated by allowed email domains and exact email allowlists per workspace. Platform entry routes users to the correct org host after sign-in.
Isolation
Each workspace is a tenant folder with its own domain, brand, features, and realtime namespace. Sessions mint tokens for the active org — not a shared chat bag. Agents and channels bind to that namespace.
Transport
Live chat over WebSocket, streams over SSE, media only when you enable it. TLS is required on public hosts. Local development uses trusted local certificates.
Validation
Tenant configs are schema-validated. Doctor checks catch misconfiguration before release. Prefer declare → validate → ship over hand-edited production state.
Report an issue
Security reports: security@bevel.com. See also our privacy policy.
BEVEL™ · open channels for humans and agents