Security & Trust
Security is the foundation of the BeX Enterprise AI platform, not a feature bolted on afterwards. CoolRIOTS builds for the highest-stakes security reviews in regulated industries — governance, auditability, and data residency are designed in from day one. This page summarises our posture; deeper documentation and current audit reports are available under NDA.
Compliance status
We are actively pursuing formal certification. Current status:
| Framework | Status |
|---|---|
| SOC 2 Type II | In progress · targeted 2026 |
| ISO/IEC 27001 | In progress · targeted 2026 |
| GDPR | Compliance in progress |
| PDPA (Singapore / Malaysia) | Compliant |
Certification status is updated here as milestones are reached. For the current status letter or auditor details, contact security@coolriots.com.
Architecture & data handling
The BeX platform is engineered so that sensitive data stays under your control:
- Data residency. Your data stays in your environment. BeX deploys to public cloud, private cloud, on-premise, and edge under the Universal Deployment Architecture.
- Air-gap capable. Fully on-premise, zero-external-egress deployments are supported for the most sensitive environments.
- Zero-trust architecture. Identity-first access on every service boundary.
- Role-based access control. RBAC governs every agent action.
- Immutable audit trail. Every agent decision is logged and reviewable.
- Human-in-the-loop. Governance guardrails and approvals where they matter, automated everywhere else.
This website
coolriots.com is a static site served from Cloudflare's global edge. It enforces HTTPS with HSTS, a strict Content-Security-Policy, and standard hardening headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy). The contact form is protected by Cloudflare Turnstile and verified server-side. The site is additionally protected by Cloudflare's WAF and bot mitigation. See our Privacy Policy for how form and analytics data is handled.
Responsible disclosure
We welcome reports from the security community. If you believe you have found a vulnerability, please email security@coolriots.com with details and steps to reproduce. Please give us reasonable time to remediate before any public disclosure. We will acknowledge your report and keep you informed of our progress.
Contact
Security & trust enquiries: security@coolriots.com
CoolRIOTS Pte Ltd · 9 North Buona Vista Drive #02-01, Singapore 138588
