Security

Your data security is our top priority. Here's how we protect your information.

Our Security Principles

OAuth 2.0 Authentication

We use industry-standard OAuth 2.0 for all integrations. We never see, store, or have access to your passwords. You authorize directly with each service.

Encryption at Rest

All OAuth tokens and credentials are encrypted using AES-256 encryption before being stored. Encryption keys are managed securely and rotated regularly.

No Business Data Storage

We don't store your business data. When you ask AI to read your emails or CRM, the data flows through Bellink but is never persisted. We're a pass-through layer.

Secure Infrastructure

Hosted on enterprise-grade cloud infrastructure with automatic security updates, DDoS protection, and 24/7 monitoring.

Access Control

  • Revoke Access Anytime

    Disconnect any integration instantly from your dashboard. Tokens are immediately invalidated.

  • Minimal Permissions

    We only request the permissions necessary for each integration to function. No excessive access.

  • API Key Security

    Your MCP API keys can be regenerated at any time. Old keys are immediately invalidated.

  • Activity Logging

    All actions are logged so you can audit what AI has done with your connected tools.

Token Lifecycle

1

You authorize via OAuth 2.0 on the provider's site

2

We receive an access token and refresh token

3

Tokens are encrypted with AES-256 before storage

4

Access tokens are automatically refreshed when expired

5

On disconnect, all tokens are permanently deleted

Compliance

GDPR Ready

We're designed with GDPR principles in mind. Data minimization, purpose limitation, and user control are built into our architecture.

Data Processing Agreement

Enterprise customers can request a DPA for compliance requirements.View DPA →

Security Questions?

We're happy to answer any security questions you have.

Contact Security Team