We hold our security to the same standards our clients are held to
Compliance teams can't deploy a platform they can't defend to their own regulators. Full security documentation — SOC 2 report, ISO certificates with scope statements, penetration-test summary, sub-processor list and standard DPA — is available in the Behavox Trust Center under NDA.
Certifications & attestations
- SOC 2 Type II
Independently audited; report (scope and period) available via the Trust Center under NDA.
- ISO/IEC 27001
Certified — information security management.
- ISO/IEC 42001:2023
Certified (Nov 2025) — AI Management System (AIMS).
- FedRAMP
Runs on Google Cloud's FedRAMP-authorized platform.
How your data is handled
- Frontier models run in-tenant, via private endpoints
With zero data retention; customer data does not leave your environment.
- No training on customer data
Your data is never used to train or fine-tune models.
- Single-tenant by default
Isolated cloud project per customer, customer-held KMS keys, choice of data-residency region.
- Enterprise authentication
SSO, SAML and Active Directory, with detailed user logs.
Independent validation & mapped frameworks
Behavox maintains an independently validated third-party cyber-risk profile via CyberGRX / ProcessUnity, which we can share in lieu of a bespoke security questionnaire. The assessment is derived from NIST SP 800-53 and ISO/IEC 27001 control families.
- Mapped / self-assessed against
NIST 800-53 Rev. 5 · CSA-CCM · MITRE ATT&CK · NYDFS Cybersecurity Regulation (23 NYCRR 500).
- Regulatory compliance
GDPR · CCPA · DORA.
See it on your own data
Book a 30-minute session tailored to your firm's risk, channels and regulatory footprint.
Request a Demo