Security & data posture
Bespoke Seb is built so a luxury house can put an AI associate in front of customers without losing control — it can't invent a product, a price, or a promise, and every sensitive action is logged. Here is exactly what's in place, and what's on the way.
Built secure by design
The associate can only surface pieces a live catalogue query returned in that conversation. Prices and policies come only from your systems — it cannot invent a product, a price, or a promise.
Catalogue and knowledge changes are staged for review and reach shoppers only on your sign-off. Nothing goes live automatically.
A hash-chained, per-tenant log of administrative, publish/approve, and SSO actions — visible to your Owners and verifiable end to end.
Owner, Marketing, Service desk, IT and Website-owner roles, each scoped server-side. Every record is keyed to one brand; no tenant can read another's data.
Per-tenant SSO with just-in-time provisioning and role mapping, behind a signed-assertion sign-in. Native SAML/OIDC connectors are next on the same seam.
Region-pinnable hosting with EU data residency available for European brands. Bespoke Seb acts as a GDPR data processor, with a DPA on request.
Conversations are sent to our model provider only to generate the reply, under API terms that exclude training. Bespoke Seb builds no cross-brand shopper profiles.
TLS for all shopper, API and dashboard traffic; storage on encrypted volumes. Checkout stays on your site, so no payment-card data ever touches Bespoke Seb (PCI out of scope).
Shoppers are told they're speaking with an AI associate. Per-brand blocked topics and a brand-anchored boundary keep it on your world.
Talk to us
We'll share the full security brief, a data-flow walkthrough, and a DPA.
Bespoke S