Security built for sensitive work.

Desktop-first architecture

Belt's products are primarily desktop applications backed by hybrid cloud storage. Work happens close to where the data lives, reducing exposure and keeping sensitive workflows local by default.

Single-tenant isolation

Every customer's cloud database is single-tenant. Your data is not commingled in a shared multi-tenant database — it lives in an isolated environment dedicated to your organization, which simplifies isolation, residency, and clean off-boarding.

End-to-end encryption

Data is encrypted end to end, in transit (TLS) and at rest. Keys are managed with industry-standard practices, and encryption is applied across the storage and transport layers.

SSO with Google & Microsoft 365

Authenticate through your existing identity provider with single sign-on via Google and Microsoft 365 (OIDC/SAML). Belt never receives or stores your SSO passwords, and access follows your directory's provisioning and de-provisioning.

Local or cloud models — your choice

Run AI fully on-device with local models so prompts and content never leave your environment, or opt into cloud models when you want them. Administrators control which models are enabled, and can restrict sensitive workflows to local inference only.

Compliance & transparency

Belt aligns its controls to recognized frameworks and supports customer compliance programs.

• SOC 2 (Type II) control alignment
• GDPR & CCPA/CPRA readiness
• Transparent sub-processor list in our DPA
• No use of Customer Data to train models

Access & operations

• Least-privilege, need-to-know access controls
• Logging, monitoring, and alerting
• Vulnerability management and secure development
• Backups and resilience

Incident response

We maintain a documented incident response process and will notify affected customers without undue delay of any personal data breach, as described in our DPA.