Security & Trust

Trust is a receipt,
not a promise.

We don't ask you to take our word for it. Every dollar we spend on your behalf, every change we ship into your codebase, and every piece of data you hand us is accounted for, verified, and yours to inspect. Here is exactly how.

Your money

Compute runs at cost, on your keys or ours, with a receipt for every dollar. We never profit from the meter, so our incentive is to spend less of your money, not more.

Your code

Every change is verified before it's called done, with a trail from the ask to the merge. You review what shipped and why, not a black box that says "trust me."

Your data

Your code and your business context stay yours. Bring your own model keys and your own infrastructure, and nothing leaves your control that you didn't send.

Cost integrity

A receipt for every dollar.

Most AI tools mark up the tokens they resell you, then hide the meter. Webel does the opposite. Compute is billed at cost, and the ledger is the product, not a line item we'd rather you didn't read.

  • Zero markup. You pay what the model vendor charges, to the token. We make our margin on the platform, never on your compute.
  • Your keys or ours. Bring your own model provider keys and pay the vendor directly, or use ours and pay at cost. Either way the number is the number.
  • Itemized, not estimated. Spend is tracked per task and per change, so a surprising bill is a thing you can open and understand, not a mystery you dispute.
Change integrity

Nothing ships unverified.

An agent that writes code you can't trust just moved the problem. Webel treats every change as a claim that has to be proven before it counts as done, and keeps the evidence attached to it.

  • Verified before done. Changes are checked against what you asked for before they're presented as complete. "Done" means demonstrated, not asserted.
  • Provenance from ask to merge. Every change carries a trail: the request that prompted it, the work that produced it, and the checks it passed. You can always answer "why is this here?"
  • You hold the merge. Agents propose; people decide what lands. The workflow is built for review, not for handing over the keys and hoping.
Data & access

Your keys, your code, your call.

Your codebase is the most sensitive thing you'll hand a tool like this. Webel is built so that staying in control is the default path, not a locked enterprise upgrade.

  • Bring your own everything. Your own model keys and your own infrastructure are supported from day one, not gated behind a sales call. Self-hosting is the baseline, not the premium tier.
  • Passkey-first sign-in. Accounts use WebAuthn passkeys by default, phishing-resistant and password-free, with a one-time email link as a fallback.
  • Above any one vendor. Your business context lives in one graph that Webel owns end to end, so no single model provider sees or holds the whole picture.
Building toward the formal bar: as Webel grows we are working toward third-party security attestation (SOC 2) and will publish reports here as they land. In the meantime, the mechanisms above are the ones you can inspect today, and we'd rather tell you what's true now than badge what isn't.

Found something? Tell us.

If you believe you've found a security issue in any Webel product, we want to hear from you before anyone else does. Email us with the details and we'll get back to you quickly. We won't pursue good-faith researchers who report responsibly.