Multi-tenant by default. Single-tenant when you ask.
Logical isolation by workspace ID, encryption at every layer, regional residency. Single-tenant deployments available on Enterprise.
Berry runs on a multi-tenant architecture by default: every request is scoped to a workspace ID at the edge, and database queries are gated by row-level security policies that enforce that scope. Tenants cannot see each other’s data even in the event of an application-layer bug.
Enterprise customers can opt into single-tenant deployments — dedicated database, dedicated agent runtime — in either eu-central-1 or me-south-1. The control plane stays shared.
Encrypted in transit. Encrypted at rest. Regional.
- In transit — TLS 1.3 only, with HSTS preloaded. We don’t accept TLS 1.0/1.1 or weak ciphers.
- At rest — AES-256 via AWS KMS / GCP CMEK. Customer-managed keys available on Enterprise.
- Residency — eu-central-1 (Frankfurt) and me-south-1 (Bahrain). Workspace data does not leave its region.
- Backups — Daily snapshots, 30-day retention, encrypted with the same KMS keys.
Least-privilege, audit-logged, break-glass surfaced.
No engineer has standing production access. Access is brokered through just-in-time approval flows tied to specific tickets, with maximum 4-hour TTL and full session recording.
Break-glass events — the rare cases where on-call engineers need raw read access to debug an incident — are logged in our SOC system and surfaced inside your workspace within 24 hours, with the engineer name, ticket reference, and data scope.
Customer-side: SSO (SAML, OIDC) is included on every paid plan. SCIM provisioning and IP allow-listing on Growth and above.
Each agent runs in its own sandbox.
Berry’s agents execute in ephemeral, network-isolated runtimes. An agent can only reach the integrations you OAuth’d, with the scopes you granted, and only for the workspace that invoked it. Outbound network calls are filtered by an allow-list per integration.
Prompt injection attacks — where a hostile webpage or email tries to hijack an agent — are mitigated by content-security boundaries, output validators, and a hard rule that agents cannot transfer customer data outside the workspace boundary, full stop.
If something happens, we see it.
- Application logs centralized in Datadog (12-month retention).
- Audit logs retained 12 months and exportable on Enterprise.
- Real-time anomaly detection on agent behavior and outbound volumes.
- Quarterly third-party penetration tests; latest report Q4 2025 (clean, available under NDA).
When something goes wrong, this is what happens.
Detect → triage → contain → notify → post-mortem. We commit to customer notification within 72 hours of confirming a breach affecting your data.
Our incident response runbook follows the NIST 800-61 lifecycle. Sev-1 incidents trigger an on-call page within 5 minutes, an internal status page is live within 15, and a public status update at status.getberry.ai within 30. Customers whose data is involved are notified within 72 hours.
A public post-mortem — root cause, timeline, what we’re changing — is published within 14 days for any customer-affecting Sev-1.
Uptime targets.
- Starter / Growth — 99.9% monthly uptime target. No service credits.
- Enterprise — 99.95% monthly uptime, with service credits at 99.9% (10%), 99.5% (25%), and below 99% (50%).
- Excludes scheduled maintenance (announced 7 days in advance) and force-majeure events.
Frameworks and certs.
Pre-filled SIG Lite, CAIQ, and a vendor security questionnaire are available on request to security@getberry.ai.
Everyone who touches your data.
The current list, versioned. We notify customers 30 days before adding a new subprocessor.
| Subprocessor | Purpose | Region | Since |
|---|---|---|---|
| AWS | Primary infrastructure (compute, storage, KMS) | eu-central-1, me-south-1 | 2024 |
| GCP | Agent runtime, BigQuery analytics | europe-west3 | 2024 |
| SendGrid | Outbound email delivery | EU | 2024 |
| Postmark | Transactional email (system notifications) | EU | 2024 |
| Datadog | Application monitoring & log aggregation | EU | 2024 |
| Stripe | Billing & payment processing | Global | 2024 |
| OpenAI | Foundation model inference (zero-retention contract) | US (DPA + zero retention) | 2024 |
| Anthropic | Foundation model inference (zero-retention contract) | US (DPA + zero retention) | 2024 |
Found a vulnerability? Thank you.
Email security@getberry.ai with details. We acknowledge within 24 hours, fix critical issues within 7 days, and credit you publicly (with permission) on our hall of fame.
We don’t pursue legal action against good-faith researchers operating within our scope. Out-of-scope: social engineering, physical attacks on our offices, anything affecting another customer’s data without consent.