Your data deserves the same care we give your business.
Beleav Assist works with sensitive client data every day — patient records, financials, contracts, customer lists. Here’s how we protect it.
Six commitments, every engagement.
Every team member signs a mutual non-disclosure agreement before they see a single client artifact. Per-client NDAs available on request.
Data in transit over TLS 1.2+. Data at rest with AES-256. Password vaults via 1Password Business or your provider — we never store credentials in plain text.
Assistants get only the access they need to do their work — nothing more. Access reviewed quarterly and revoked the day an engagement ends.
Every assistant works from a managed device with full-disk encryption, screen-lock policy, anti-malware, and remote-wipe capability.
Every login, file access, and credential check is logged. Available to clients on request as part of any quarterly review.
Healthcare clients can sign a Business Associate Agreement before any PHI is touched. We follow HIPAA Privacy and Security Rule guidance for all BAA-covered work.
The systems we use to do the work.
Updated quarterly. Clients are notified at least 30 days before any new sub-processor is added to a covered engagement.
| Provider | Purpose | Region |
|---|---|---|
| Google Workspace | Email, calendar, docs | US/EU |
| 1Password Business | Credential vaulting | Canada |
| Slack | Internal communication | US |
| Notion | Internal SOPs and runbooks | US |
| Cloudflare | DNS + WAF for client portals | Global |
| Zoom | Client video calls | US/EU |
What you can expect from us on day one.
- Background checks on every assistant before client work
- Annual security training, role-specific for healthcare and legal teams
- Incident response within 4 business hours of detection
- 30-day data return or destruction window after offboarding
- Annual penetration test on internal systems
- Vulnerability patches within SLA: critical < 7 days
Send a security questionnaire — we’ll respond within 5 business days.
We’re happy to walk through SIG, CAIQ, vendor risk assessments, or your own custom format. BAAs and DPAs available before any covered work begins.