Security at Blue Reef AI
Your data security is foundational to everything we build. We protect your pipeline data with the same rigor your team uses to protect your deals.
Infrastructure & Data Protection
Encryption at Rest
All stored data is encrypted using AES-256. Database backups are encrypted with separate key management.
Encryption in Transit
All data transmitted between your browser, our servers, and third-party integrations uses TLS 1.3.
Workspace Isolation
Tenant data is logically separated at every layer. One workspace can never access another workspace's data.
Access Controls
Role-based access with the principle of least privilege. Manager, rep, and admin permissions are enforced at the API level.
Audit Logging
Every agent action is logged with timestamps — emails drafted, CRM syncs, deal plan updates. Nothing happens without a trail.
Security Assessments
Regular penetration testing, dependency scanning, and security reviews. Our infrastructure is monitored 24/7.
Google API Data Handling
When you connect Gmail or Google Calendar, Blue Reef AI processes that data exclusively to power the features you see in the platform — deal plans, call prep, coaching, and pipeline analytics. We adhere to the Google API Services User Data Policy, including all Limited Use requirements.
Google data is never used for advertising, is never sold, and is not read by humans except with your explicit consent or as required by law. For full details, see our Privacy Policy.
Vulnerability Reporting
We take security vulnerabilities seriously and appreciate responsible disclosure from the security community.
Responsible Disclosure Policy
- •Report vulnerabilities to security@bluereefai.com
- •We acknowledge all reports within 48 hours
- •We will work with you to understand and resolve the issue
- •We do not pursue legal action against good-faith security researchers
Contact Us
General Support
support@bluereefai.comSecurity Issues
security@bluereefai.comPrivacy Inquiries
privacy@bluereefai.comLegal
legal@bluereefai.com