Data security and reliability

When you hand business-critical processes to an AI, you need to know it's secure, and you need to be able to see exactly what it did. Bex is built on enterprise cloud infrastructure with a unique advantage: because everything it does is conducted over email, you get a complete, tamper-resistant audit trail by default.

Jump to:

Harmonic Mean runs Bex on enterprise-grade cloud infrastructure with industry-standard protections: encryption in transit and at rest, network isolation, regular security audits, and strict access controls on our side. When Bex communicates with your systems of record (Procore, Autodesk Construction Cloud, ProjectSight, and others), it does so through the same authenticated APIs those platforms provide to any enterprise integration. No special network configurations, no VPN tunnels, no open ports on your side. Your IT team's existing security posture stays intact.

Bex's foundation runs across two cloud providers: application hosting on Google Cloud, durable data on Microsoft Azure. A compromise of one doesn't compromise everything. All long-lived secrets live in Google Cloud Secret Manager and are injected at runtime, never baked into images. DMARC, SPF, and DKIM are checked on every inbound email; failures stop processing and escalate.

Each customer is a separate tenant. Tenant configuration—sender allowlists, module activation flags, branding, language toggles, escalation contacts, integration credentials—is held in immutable Python dataclasses, and lower environments are suffix-isolated so production data never gets cross-contaminated.

Our full cybersecurity stance, including OWASP Top 10 posture, is available upon request. Data is never used to train AI models—the only third parties we send data to are our AI model providers, and their terms of service prevent training on customer data.

This is where Bex's architecture gives you something most AI tools can't: complete visibility into every action it takes.

Because Bex operates through email, every interaction is automatically recorded in your organization's email system. Every document Bex receives, every approval request it sends, every response from a reviewer, every confirmation of data committed to your system of record lives in an email thread that your team can search, review, and archive using the tools they already have. Threading is preserved with In-Reply-To headers, so conversations group correctly in every mail client.

There's no separate audit log to consult, no proprietary dashboard to learn, and no vendor lock-in on your compliance data. If a question ever arises about what Bex did with a particular document, the answer is sitting in your inbox. Your compliance and legal teams can verify Bex's actions using the same email discovery tools they use for everything else.

For high-stakes extraction (notably Bex Liens), the audit trail goes deeper still. Bex runs multiple AI passes per document and votes per field, preserving the per-field consensus log (unanimous / majority / disputed) on every record. Critical fields require consensus or Bex refuses to commit and escalates the document for human review. It's the difference between "AI got it 95% right" and "AI either got it right, or told you it didn't."

For organizations in regulated industries or those subject to audits, this kind of built-in traceability is invaluable, and it comes at no extra effort.

AI systems that store large volumes of customer data create risk. The more data that sits in a vendor's environment, the larger the potential impact of a breach.

Bex is designed to minimize this exposure. Because the email trail lives in your organization's email infrastructure (not ours), Bex doesn't need to maintain long-term copies of your documents or extracted data. It processes what it receives, commits the results to your system of record, and moves on.

By default, Bex never retains proprietary working data longer than 30 days—and the retention window is configurable per module. Your data stays in systems you control. As noted above, data is never used to train AI models.

As we discuss in our integration article, Bex's email-based architecture provides natural access control. Only emails from your organization's allowlisted domains can trigger data creation. There are no Bex-specific user accounts or credentials to manage, which eliminates an entire category of security risk (password reuse, credential stuffing, forgotten deprovisioning).

When a team member leaves your organization and their email account is deactivated, their ability to interact with Bex ends immediately. No offboarding ticket required.

Where web access is needed—for example the Lien Notice Viewer or QA tool, or the Project Risk dashboard—Bex uses a magic-PIN login tied to the same allowlisted email addresses. (The PIN alphabet even excludes glyphs that read as profanity in either English or Spanish—a small detail, but indicative of how seriously Bex takes its bilingual users.)

All LLMs can make mistakes, but Harmonic Mean has developed multilayer safeguards against hallucination (confident mistakes) and jailbreaking (end-user attempts to thwart guardrails). For high-stakes work, multi-pass consensus voting catches errors no single pass would. The open audit trail of email means you'll never wonder what Bex said, and when it comes to the why, our dedicated customer success management team is with you every step of the way, monitoring and tweaking to ensure the best results.

As an email-based system, Bex is inherently observable in a way that standard applications can't be, and you get an audit trail you can see. Built across Google Cloud and Microsoft Azure with secrets isolated, tenants isolated, and inbound mail authenticated, it follows enterprise-level security practices. And an aggressive, configurable data retention policy means Bex doesn't store your proprietary data for long.