Security

Security at Breez is enforced by architecture, not by promises. This page summarises how the product is built to be governed by the firms that deploy it.

Read-only until you say otherwise

Breez starts with zero write access. Every send, chase or calendar change is previewed and confirmed by you, until you grant “always allow” for one action type at a time.

Append-only audit log

Every action the agent takes is written to an append-only audit log before it is taken. Firms can export the log to their SIEM (Splunk or Microsoft Sentinel).

Personal-vault separation

Work and personal data live in separate vaults with separate encryption keys. On a firm plan, no administrator can read a member’s health or finance data — it is cryptographically out of reach.

Outbound DLP

PAN, Aadhaar and account-number patterns are detected on every agent-generated message and can be redacted, blocked or flagged according to firm policy.

Identity & access

• SSO via SAML and OIDC against Azure AD or Okta.
• SCIM provisioning and de-provisioning from your directory.
• Role-based action policies via the org policy engine.

Deployment options

• Shared SaaS in India (asia-south1).
• Dedicated VPC in your GCP or Azure project, your KMS keys.
• Bring your own LLM agreement.

Assurance

• VAPT testing before go-live.
• SOC 2 in progress.
• 99.5% uptime SLA on enterprise plans.
• Deletion with receipt within 72 hours, aligned with the DPDP Act.

Report a vulnerability

Email hello@aifoundryventures.com. We acknowledge reports within two business days.