Security is at the core of everything we do
Our commitment to security is woven into every aspect of our platform, from infrastructure to application design. We protect your operations with enterprise-grade security controls.
Certifications & Compliance
Independently Verified Security
Our security practices are validated by independent third-party auditors against rigorous industry standards.
SOC 2 Type II
Certified compliant with SOC 2 Type II standards for security, availability, and confidentiality. Annual audits by independent third-party auditors.
ISO 27001
Certified compliant with ISO 27001, the international standard for information security management systems (ISMS).
Certification reports available upon request for qualified prospects and customers.
AI Infrastructure
Bring Your Own LLM
Maintain complete control over your AI infrastructure. Bixie supports connecting your own Large Language Models, ensuring your data never leaves your security perimeter.
Whether you're running models on-premise, in your private cloud, or using enterprise agreements with AI providers, Bixie integrates seamlessly with your existing AI infrastructure.
Private Model Deployment
Connect to models running in your own infrastructure—Azure OpenAI, AWS Bedrock, Google Vertex AI, or self-hosted solutions.
Data Sovereignty
Your operational data stays within your control. No data is sent to third-party AI providers without your explicit configuration.
Model Flexibility
Choose the right model for each use case. Use different models for different agents based on performance, cost, or compliance requirements.
Supported LLM Providers
Azure OpenAI Service
Enterprise-grade OpenAI models in your Azure tenant
AWS Bedrock
Claude, Llama, and other models via AWS
Google Vertex AI
Gemini and PaLM models in Google Cloud
Self-Hosted Models
Llama, Mistral, or any OpenAI-compatible endpoint
Zero data retention: When using BYOLLM, Bixie acts as a secure proxy. We don't store prompts, responses, or any data processed by your models.
Data Protection
Comprehensive Data Security
We implement multi-layered data protection measures to ensure your information remains secure at every level of our infrastructure.
Data at Rest
All datastores containing customer data, including object storage and databases, are encrypted at rest using AES-256 encryption. Sensitive data is further protected with field-level encryption, ensuring confidentiality even within the storage layer.
Data in Transit
All data transmitted between systems, services, and users is encrypted using TLS 1.3. We enforce secure transmission for all communications, including APIs and internal service calls. HSTS is enabled to ensure the confidentiality and integrity of your data.
Secret Management
Encryption keys are managed via cloud Key Management System (KMS) backed by Hardware Security Modules (HSMs). Application secrets are encrypted and stored securely via Secrets Manager with strictly limited access controls.
Product Security
Rigorous Security Testing
Our product security measures ensure robust protection against potential threats and vulnerabilities through continuous testing.
Penetration Testing
We engage with leading penetration testing firms annually. All areas of the Bixie platform and cloud infrastructure are in-scope, with full source code available to testers for maximum coverage and effectiveness.
Vulnerability Scanning
Comprehensive vulnerability scanning at every stage of our SDLC: Static analysis (SAST), Software composition analysis (SCA), Dynamic analysis (DAST), network vulnerability scanning, and continuous external attack surface management (EASM).
Secure Development Lifecycle
Security is integrated into every phase of our development process. Code reviews, automated security testing, and security sign-off are required before any code reaches production.
Data Privacy
Your Data, Your Control
At Bixie, data privacy is a first-class priority. We strive to be trustworthy stewards of all sensitive data entrusted to us.
Privacy Principles
Bixie complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988, GDPR for European customers, and other applicable regional privacy regulations.
Regulatory Compliance
We proactively monitor and adapt to changes in privacy regulations and emerging compliance frameworks, ensuring our practices remain up-to-date and aligned with global standards.
Data Minimization
We only collect and retain data necessary for providing our services. Customer data is processed within defined boundaries and never used for purposes beyond the agreed scope.
Privacy Resources
Enterprise Security
Corporate Security Program
Our enterprise security program is designed to protect corporate assets and customer data across all operations.
Endpoint Protection
All corporate devices are centrally managed with MDM software and anti-malware protection. Endpoint security alerts are monitored 24/7/365 with enforced disk encryption, screen lock, and automatic software updates.
Secure Remote Access
Bixie secures remote access using identity-aware proxies with granular access control and strong authentication. Malware-blocking DNS servers protect employees while browsing.
Security Education
Comprehensive security training for all employees upon onboarding and annually. Engineers receive secure coding training, and regular threat briefings keep the team informed of security updates.
Identity & Access Management
We enforce phishing-resistant authentication using WebAuthn wherever possible. Employees are granted role-based access and automatically deprovisioned upon termination.
Vendor Security
Comprehensive, risk-based vendor security assessments evaluate access to sensitive data, production integration, and potential impact. Each vendor undergoes security control evaluation before approval.
Best Practices
Security Best Practices
Regular Audits
We conduct regular security audits and third-party assessments.
Continuous Monitoring
Our systems are monitored 24/7 for potential threats and anomalies.
Employee Training
All employees receive regular security awareness training.
Incident Response
We maintain a comprehensive incident response plan with defined SLAs.
Reporting Security Issues
If you discover a security vulnerability, please report it to our security team. We take all security reports seriously and will respond promptly. We appreciate responsible disclosure and will work with you to understand and address the issue.
support@team.bixie.aiBixie is committed to maintaining the highest standards of security and compliance. All products and services are subject to our comprehensive security controls, policies, and certifications. For questions about our security practices, please contact support@team.bixie.ai.