Trust & Security

Security & Data Handling

How Primustech handles the current AiBE website, enquiry flow, and early security discussions.

Public website scopeDetailed reviews on requestRequest security review

Last updated: 6 April 2026

1. Scope of this page

This page explains the security measures around the public AiBE website and the current demo-request flow. It also outlines how Primustech approaches security conversations for AiBE projects. It is intended as a public overview, not as a certification claim or a substitute for project-specific architecture, contractual security terms, or deployment documents.

2. Security measures in the current website flow

TLS

HTTPS at the edge

The site is delivered through managed cloud infrastructure with HTTPS encryption between visitors and the application edge.

ENV

Secrets kept out of code

Notification credentials, analytics keys, and other operational secrets are stored in deployment configuration, not hard-coded into the application.

AUTH

Restricted dashboard access

The dashboard is not publicly open. Authorised access is protected by sign-in and a signed session cookie.

LOG

Lead event records

When enabled, inbound contact requests can be recorded with timestamps, submission source, and notification status to support follow-up and review.

EDGE

Managed cloud delivery

The current website uses managed cloud hosting, storage, and delivery services so the site can be operated consistently and securely.

CTRL

Deployment-specific controls

AiBE deployments can be scoped with identity, environment, data-access, and integration controls to suit the selected delivery model.

3. What we share publicly

No implied certification claims

AiBE is not presented on this public site as SOC 2-certified today. Rather than implying certifications we do not hold, we prefer to share clear, deployment-specific information covering architecture, data flow, supplier scope, access controls, and operational ownership when a review requires it.

  • No certification, audit, or compliance outcome should be inferred from this page unless stated explicitly in project materials.
  • Security evidence is shared per deployment, not as a one-size-fits-all marketing badge.
  • Hosting, model-provider, retention, and integration choices should be documented in customer-specific materials.
  • Procurement teams can request a scoped security review pack during the commercial process.

4. How website enquiries are handled

When a visitor submits a contact or demo request, it is processed server-side by the Next.js application. If storage is enabled, the request is written to a protected application database. If notification email is enabled, a summary can be sent through a managed email service to the configured recipient inbox. Optional webhooks can also be used for sales or operations handoff where needed.

5. AiBE customer data handling principles

AiBE is designed as a structured FM workflow system rather than a general public chatbot. In practice, that means implementations are expected to ground answers in approved customer documents, connected systems, and defined operational datasets rather than treating customer material as open training content.

  • Customer integrations are scoped explicitly during implementation.
  • Access should follow least-privilege principles appropriate to the deployment.
  • Production data use, retention, and model-provider choices should be documented in customer-specific materials.
  • Customer operational workflows should be reviewed before live automation or control actions are enabled.

6. Authentication, access, and approval models

The current dashboard is access-controlled and is not intended as a public interface. For customer deployments, identity and approval controls can be matched to the needs of the project, including SSO, role-based access, environment separation, and approval workflows.

  • SSO or corporate identity integration should be added where the deployment scope requires it.
  • Role-based access, approval checkpoints, and auditability should be in place before live actions are enabled.
  • Environment separation for pilot, UAT, and production should be included where required by the project.
  • Scoped connectors and least-privilege access to CMMS, BMS, IoT, or document repositories should be defined per deployment.

7. What a deployment security pack can cover

If a project needs a deeper security review, Primustech can provide a deployment-specific security pack tailored to the selected scope instead of a broad generic overview.

  • A high-level architecture and system-boundary summary.
  • A data-flow overview covering documents, systems, integrations, and notification paths.
  • Hosting, environment, and third-party supplier scope for the selected deployment model.
  • Identity, access, approval-flow, and operational ownership notes.
  • Logging, retention, notification, and escalation design where relevant.
  • Named security or operational contacts for commercial review.

8. Monitoring, incident handling, and change control

Operational issues are investigated through application logs, notification results, dashboard access checks, and provider-side observability tools. If a security issue or suspected data exposure is identified, Primustech will assess the impact, contain the issue, and notify affected parties where required by law or contract.

9. Third-party services used in this stack

The current site and reporting workflow may rely on selected third-party providers, including:

  • Managed cloud hosting, storage, and secret-management services for website delivery and data handling.
  • Managed email delivery services for transactional or notification email when enabled.
  • Analytics and search-reporting tools when dashboard reporting is configured.

10. Security contact

For security questions, due-diligence requests, or vulnerability reports, contact hello@aibe.now and we will route the request to the appropriate owner.

Need a security review pack?

We can provide a deployment-specific architecture summary, data-flow map, supplier scope, and access-control overview during procurement if your review requires it.

Request Security Pack