Security
Last updated May 27, 2026
Hosting and infrastructure
Bina runs on established, industry-standard cloud providers rather than self-managed hardware — spanning application hosting, a managed database, and object storage for media and generated assets. Each provider maintains its own independent security program and physical-datacenter controls.
Encryption
- In transit: all traffic to and from Bina is encrypted over TLS (HTTPS).
- At rest: data stored in our database and object storage is encrypted at rest by the underlying provider.
Tenant isolation
Bina is multi-tenant. Every customer record is scoped to a company, and access is enforced at the database layer with row-level security policies — not only in application code. A query can only return rows the authenticated user's company is entitled to. This is a non-negotiable rule for every table that holds customer data.
Access controls and authentication
- Authentication is handled by a managed identity provider; passwords are never stored in plaintext.
- Access within a workspace is role-based (owner, admin, member), and administrative actions are restricted to an explicit allowlist.
- Internal access to production systems follows least-privilege principles and is limited to the personnel who require it.
How we handle your data
We do not sell your data, and we do not share it with third parties for their own purposes. Your operational recordings, documents, and generated content are used to deliver the service to you. We use a small set of subprocessors strictly to operate the platform on your behalf.
Subprocessors
We rely on a small set of established, industry-standard subprocessors to operate Bina. We intentionally do not name specific vendors on this public page; we engage providers across the following categories:
- Cloud hosting and infrastructure
- Managed database, authentication, and storage
- Object storage for media and generated assets
- Large language model (LLM) inference — Bina is model-agnostic and routes to the most suitable model rather than depending on any single provider
- Speech-to-text / transcription
- Payment processing
- Transactional email
- Product analytics
Every subprocessor is engaged under contractual confidentiality and data-protection obligations and processes data solely to operate the platform on our behalf. A current, named list is available to customers under NDA on request — email security@getbina.ai.
Monitoring and vulnerability management
We keep dependencies current, review code before it ships, and monitor our systems for errors and anomalous activity. Security-relevant issues are triaged and remediated on a priority basis.
Data retention and deletion
We retain customer data for as long as your account is active or as needed to provide the service. On request or account closure, we delete or anonymize customer data within a reasonable period, except where retention is required by law.
Incident response
We maintain an internal process for investigating and responding to security incidents. In the event of a breach affecting your data, we will notify affected customers without undue delay and consistent with applicable law.
Compliance posture
Bina is an early-stage platform and is actively maturing its formal compliance program. We design our controls with frameworks such as SOC 2 and GDPR in mind. Where we have not yet completed a formal certification or audit, we will say so plainly rather than imply otherwise.
Reporting a vulnerability
If you believe you have found a security issue, please email security@getbina.ai. We welcome responsible disclosure and will work with you to validate and address legitimate reports.