Procurement · Vendor review

FAQ for procurement and security review

Answers on retention, tenant isolation, encryption, support lifecycle, and pilot commercial boundaries. BeProof is pilot-ready — not Enterprise GA.

Quick reference

TopicPilot-readyPost-GA / on request
Data upstreamSigned metadata-only summariesSIEM streaming (M4)
Raw endpoint DB uploadNeverNever (architectural)
Tenant isolationPer-tenant scope + API RBACDedicated DB / region TBD
Upstream retention90 days defaultContract-custom
Admin authFirebase email/passwordSAML/OIDC enterprise IdP
Data residencyus-central1EU on requirement

Product scope

What is BeProof?

A local-first AI agent evidence plane for macOS. It evaluates Policy Pack rules on the endpoint and produces signed audit artifacts. It is not MDM, EDR, DLP, or SIEM.

Does BeProof replace our MDM or EDR?

No. MDM delivers install and org-policy overlay. EDR provides runtime protection. BeProof closes the AI-agent configuration, access, and evidence gap between them.

Can we run without sending data to BeProof cloud?

Yes — personal mode and managed local mode (MDM overlay without fleet enroll) stay on the endpoint. Managed fleet mode uploads signed, metadata-only summaries for org dashboard and review workflow.

Retention

What is retained on the Mac?

Local SQLite evidence, consent ledger, and signed exports remain on the endpoint until the user or IT removes them. Journal payloads are encrypted at rest (AES-256-GCM, Keychain-bound key); inventory tables are metadata-only but not encrypted in the current release.

What is retained in the control plane?

Tenant-scoped fleet summaries, device inventory, sanitized review queue items, and policy bundle metadata. Pilot default retention: 90 days, aligned with org-policy overlay retentionDays.

What is never retained upstream?

Raw SQLite databases, full audit reports (unless separately exported by user), raw credential locators, secret values, or verbatim home-directory paths.

Tenant isolation

How are tenants isolated?

Every record is scoped by tenantId. API requests require Firebase auth with org membership; cross-tenant access is denied. Device credentials bind to a single tenant at enrollment.

Do engineers need cloud accounts?

No. End users on Mac endpoints do not receive control plane accounts. Only fleet admins and security analysts use the admin console.

Is there a demo tenant?

Yes — Acme Corp showcase data for product walkthroughs. Design partners receive a dedicated tenant; demo data must not be used for compliance sign-off.

Encryption

Encryption in transit?

TLS 1.2+ for all API and admin UI traffic. Optional cloud connector calls use vendor HTTPS APIs.

Encryption at rest — endpoint?

Journal payloads: AES-256-GCM with Keychain-bound keys. Export signing: Ed25519. Inventory tables are metadata-only but not encrypted in the current release; tamper visibility via hash-chain journal.

Encryption at rest — cloud?

Cloud SQL uses Google Cloud platform encryption. Customer-managed keys (CMEK/BYOK) are not offered in pilot — available for enterprise evaluation post-GA if required.

Support lifecycle

What support is included in a design partner pilot?

30 days: tenant provisioning, shared Slack/email channel, weekly checkpoint, MDM guidance, bug triage, and day-30 exit scorecard. No 24/7 SLA.

How are security patches handled?

macOS app and CLI: fixes on the latest tagged release only. Managed endpoints receive updates via MDM PKG (in-app Sparkle disabled when org overlay is present).

What is not included in pilot?

Production SIEM integration, enterprise SAML/OIDC, custom SLAs, on-site deployment, and Endpoint Security live telemetry.

Vendor review

Subprocessors (pilot)?

Google Cloud (Cloud Run, Cloud SQL, Identity Platform), Vercel (admin UI hosting), Firebase (admin auth), GitHub (public release artifacts).

Compliance certifications?

Pre-GA — no SOC 2 Type II or ISO 27001 claim at pilot stage. See the compliance mapping pack and security whitepaper for control-theme mapping and security review detail.

How to report vulnerabilities?

Email 0xy9en@gmail.com — not public GitHub issues. Target acknowledgment: 3 business days. See Trust Center and SECURITY.md.

Do you train AI on customer data?

No.

Procurement checklist

  • Confirm operating mode: personal, managed local, or managed fleet
  • Confirm upstream data class acceptance (metadata-only summaries)
  • Confirm retention days (default 90) and purge expectations
  • Confirm tenant isolation (dedicated tenant for pilot)
  • Confirm admin auth model (Firebase pilot vs SAML requirement)
  • Confirm data residency (us-central1 acceptable?)
  • Confirm connector scope and vulnerability disclosure process

Evaluating a pilot?

See the 30-day design partner program for scope, success metrics, and onboarding. Full procurement detail is provided at kickoff.