Security

Your contracts don’t train anyone’s model. Decisions don’t rest on one.

Beelor reviews contracts for operators without a general counsel. The risky part of putting an LLM near a contract is the LLM - so we use it to extract, then let deterministic code, a second model, and a human-in-the-loop decide what ships. Inference runs on Vertex AI inside your chosen region; nothing leaves it.

How we keep the AI in its lane

Five constraints, not one model.

Most AI legal tools wrap a single LLM call in a prompt and hope. Beelor treats the model as one component in a deterministic system. Decisions that matter are made by code.

Before a low-risk redline ships, a separate model re-reads the contract against every severity call. Disagreement vetoes the fast-path.

Decision pipeline5 stages
  1. 01
    Extract

    Counterparty text is fenced as data, not instructions.

    Vertex AI · Claude
  2. 02
    Validate

    Typed, bounded outputs. No prose parsed as a decision.

    JSON schema
  3. 03
    Score

    Severity, stance, change volume → deterministic score. Same inputs, same answer.

    0–100 formula
  4. 04
    Cross-check

    Re-reads every severity call. Disagreement vetoes the fast-path.

    Second model
  5. 05
    Lane

    Low auto-ships. Medium routes to you. High routes to a panel lawyer.

    Auto-approveYour callBeelor lawyer
Platform security
Encrypted, isolated, audited

Per-tenant encryption keys

Each tenant gets their own KMS key, rotated every 90 days. A bug in our code path can’t cross-decrypt another tenant.

Private VPC networking

Database reachable only from authorised services over a private network. No public IP exposure.

Tenant isolation, defence-in-depth

Permissions encoded in the session token, then re-checked at the database query layer.

Append-only audit log

Every step of every matter is timestamped and tied to an actor. The trail is one query away.

Where your contracts go, and where they don’t

Your data stays in your region.

Beelor runs on Google Cloud in the region you choose, EU or US. Inference uses Anthropic’s Claude models served through Vertex AI inside that same region - no calls leave it for the model.

Your contracts, redlines, and audit trail are runtime inputs only. They never become training material - for our models or anyone else’s.

Data pathEU or US
  1. 01
    Slack drop
    Your workspace
  2. 02
    Beelor app
    GCP · your region
  3. 03
    Vertex AI
    Claude on Vertex · no training, no retention
  4. 04
    Audit log
    Append-only · per-tenant
Subprocessors
  • GCPcompute, storage, KMS, Vertex AI inference
  • Slacknotifications and review handoff
  • No fine-tuning
  • No third-party sharing
  • No region egress
Compliance posture
Controls aligned with SOC 2 and CCPA
  • Data minimisation

    We store the contract, the extracted clauses, and the audit trail. Nothing else.

  • Export on request

    Customers can export their full tenant data, including the audit trail, at any time.

  • Deletion on request

    Customers can request deletion of their tenant data. Backups age out per the standard window.

Daily backups, point-in-time recovery on the production database.

Detailed control mappings and DPAs available under NDA. Email security@beelor.com.

Got a security questionnaire? Send it over.

We answer security and procurement questionnaires under NDA, including detailed control mappings, DPAs, and architecture diagrams.

Email securityHow it works