Trust & Security

Last updated: May 11, 2026

Belume holds sensitive data on behalf of ultrasound studios — customer contact details, pregnancy-related dates, ultrasound videos, and 8K photo renderings. This page describes how we protect that data, the infrastructure we run on, and what we don’t claim. The goal is to give you enough to make an informed decision and to give your legal or security reviewer something concrete to read.

Infrastructure

Belume runs on managed cloud infrastructure. We don’t operate our own servers or data centers.

  • Application hosting and compute: Amazon Web Services (AWS), in U.S. regions. AWS holds SOC 1, SOC 2, SOC 3, ISO 27001, PCI-DSS, and HIPAA-eligible certifications at the infrastructure layer.
  • Database: PostgreSQL on AWS, with point-in-time recovery enabled.
  • Media storage: Amazon S3 with default server-side encryption (AES-256). Access is restricted to authenticated requests scoped to a single studio.
  • AI rendering: AWS Lambda. The 8K photo rendering suite runs entirely inside our AWS account — no customer image is ever sent to a third-party AI provider.
  • Edge and DDoS protection: Cloudflare sits in front of every Belume domain.

Encryption

  • In transit: TLS 1.2 or higher for all connections, enforced at Cloudflare and at AWS. HTTP requests are redirected to HTTPS.
  • At rest: AES-256 encryption for database storage, backups, and S3 media objects (AWS-managed keys).
  • Card data: Belume never stores full card numbers or CVCs. Payments are tokenized by Stripe and handled inside Stripe’s PCI-DSS Level 1 environment. We only see the last four digits and card brand.

Authentication and access control

  • Authentication is handled by Clerk. Passwords are hashed and stored by Clerk; Belume never sees password material. Clerk supports multi-factor authentication, and we recommend every studio enable it.
  • Roles and seats: studios assign roles to staff (e.g., admin vs. staff). Permissions are enforced server-side on every request.
  • Least privilege internally: production database and S3 access is limited to the keys and services that need it. Direct human access to customer data is used only for troubleshooting and is logged.

Data isolation and ownership

  • Multi-tenant isolation: every record in the database is scoped to its owning studio. API requests are validated against the authenticated studio context before any read or write.
  • Studio owns its data. For data a studio collects about its customers, the studio is the data controller; Belume is the data processor. Studios can export their data at any time and can delete customer records on request.
  • We don’t train on your data. Belume does not use studio or customer data to train AI models, sell to third parties, or share with advertisers.

Backups and disaster recovery

  • Database backups: automated daily snapshots plus point-in-time recovery from AWS-managed PostgreSQL. Backups are retained for up to 90 days.
  • Media storage: S3 provides 99.999999999% (11 nines) object durability across multiple availability zones by default.
  • Recovery: our recovery process is to restore the most recent snapshot or point-in-time recovery target. We don’t publish hard RPO/RTO targets at our current scale, and we’ll update this page if and when we do.

Incident response

If we discover an incident affecting Belume customer data, we will:

  • Investigate the scope and root cause
  • Contain the incident and preserve evidence
  • Notify affected studios without unreasonable delay, with details of what happened, what data was involved, and what we’re doing about it
  • Provide guidance studios need to inform their own customers, where applicable

Vulnerability disclosure

If you believe you’ve found a security issue in Belume, please report it to support@belume.io with the subject “Security disclosure.” Please don’t publicly disclose the issue until we’ve had a reasonable opportunity to investigate and address it. We acknowledge good-faith reports and will keep you updated on progress.

Sub-processors

The following vendors process information on Belume’s behalf. Each is contractually bound to use information only to provide their service to us. The current list:

  • Amazon Web Services — hosting, database, media storage, AI rendering compute
  • Cloudflare — content delivery, DDoS protection, web analytics
  • Clerk — authentication and account management
  • Stripe — payment processing
  • Twilio — SMS delivery
  • SendGrid — transactional email

See the Privacy Policy for what each vendor handles.

Compliance scope — what we claim, and what we don’t

We’d rather be honest about scope than oversell. Here’s the current state.

What we do

  • Operate on cloud infrastructure that holds top-tier security certifications (AWS, Cloudflare, Clerk, Stripe)
  • Encrypt data in transit and at rest
  • Isolate studio data at the database level on every request
  • Process payments through a PCI-DSS Level 1 provider (Stripe) without touching card data ourselves
  • Use MFA-capable authentication (Clerk) and recommend it for all studios

What we don’t claim

  • Belume is not SOC 2 audited. Our infrastructure providers are, but Belume itself has not undergone a SOC 2 audit. Most independent studio customers don’t require it; we’ll pursue it if our customer mix changes.
  • Belume is not a HIPAA covered entity or business associate. Keepsake and elective ultrasound is a non-diagnostic, non-medical service under U.S. law, so HIPAA does not apply to the studios we serve. We do not sign Business Associate Agreements (BAAs).
  • We don’t make availability or uptime guarantees beyond commercially reasonable effort. We’ll publish a status page and SLA when we’re ready to stand behind one.

Contact

Security or privacy questions? Reach us at support@belume.io.

Be one of our first studios.

Belume is in pilot and free while we get it right. Join the waitlist and we’ll reach out as spots open, or book a walkthrough to see it first.

Join the waitlist