Enterprise

Autonomous retention. At enterprise scale.

BHASM runs retention end-to-end — one autonomous layer above the four outbound systems your stack already runs (CRM, ESP, outbound, CS). It knows what reached each customer, what didn’t, and where the domain risk sits.

How a recovery is counted — end to end
01
Send
BHASM drafts and sends. Decision passes the governance stack first.
02
Stamp
Every send carries a unique intervention ID in utm_content. No PII. No tag pollution.
03
Click
Customer engages. GA4 sees the stamp. The session is logged against the intervention.
04
Window
Purchase within 14 days — per customer, not per blast. The clock starts on the BHASM send, not on the parallel campaign.
05
Count
Counted as recovery. If a parallel campaign fired in the same window for the same customer, the recovery is excluded from the billable 3% — no double-attribution. Other campaigns run untouched.
Every intervention is queryable. Every recovery has a chain. Every excluded send has a documented reason. Outcome-aligned billing reads from the same audit log enterprise compliance teams audit.
Attribution methodology · what we count and what we don’t
Live today
14-day per-customer window from the BHASM send. Per-customer attribution via unique intervention UUID stamped in utm_content. Parallel campaigns in the same window are excluded from billable count. Every intervention chain is inspectable end-to-end.
Not yet shipped · on the roadmap
Cohort holdout A/B framework for outcome-aligned billing — the strict counterfactual proof that a recovery wouldn’t have happened without BHASM. Until shipped, billing is bounded by the per-customer exclusion logic above, not by holdout cohorts. Stated, not hidden.
Full methodology document on request: hello@bhasm.ai
Built for scale

Autonomous retention with the governance layer your stack already needed.

01 · Data infrastructure
Data warehouse integrations
Native connectors for Snowflake, Databricks, and custom APIs. Bring your own data architecture. BHASM governs on top of it. Bidirectional CRM sync: health state, timing windows, and send outcomes write back to HubSpot, Salesforce, Klaviyo, Pipedrive, Zoho, Shopify, and WooCommerce on every send and every weekly cycle.
02 · Customisation
Custom governance rules
Add organisation-specific veto rules and buyer archetypes beyond the 62 pre-calibrated industry profiles. Governance that fits your business, not the other way around.
03 · Compliance
Full audit export
Every urgency score, every governing decision, every outcome — exportable via API for compliance teams, legal review, and regulators. Scale and Performance tiers included.
04 · Operations
SLA-backed governance
Performance tier includes dedicated account management, uptime guarantees, and priority support. Governance runs whether you are watching or not.
Procurement-grade

Every question your security questionnaire will ask, already answered.

Twelve capabilities your security team will read line by line. Every one is real code on main. Not a roadmap promise. Not a slide.

Identity
SSO — SAML 2.0 + OIDC
Auto-provisioning by email domain. SP metadata endpoint at /api/auth/sso/saml/metadata.xml. Per-tenant IdP config with envelope-encrypted secrets.
Trial
Shadow Mode — 30-day observe phase
The engine scores every customer and logs every would-be decision — without sending a single message. Thirty days of audit-only proof before you commit to the first live send.
Evaluation
Sandbox tenant
Two hundred and fifty synthetic customers, real engine, zero risk to production data. Wire it into your evaluation in an hour. /api/sandbox/seed.
PII at rest
AES-256-GCM with per-tenant HKDF keys
Email + phone tokenised at ingest. Encrypted with subkeys derived from a master per tenant. Documented rotation procedure with a dual-key window for zero downtime.
Auditability
SIEM-ready audit log export
NDJSON stream of every governance event — admin logs, interventions, silence outcomes, PII access, RTBF propagations, shadow decisions. Tenant-scoped server-side. Splunk-ready.
Portability
Data export — GDPR Art.20 / DPDP Art.11
Your data is yours. Stream every table for your tenant in NDJSON. Your CFO never needs to ask if you can leave. JWT or API key.
Erasure
RTBF — cross-channel + upstream propagation
A single opt-out signal suppresses across BHASM AND propagates back to your connected platforms. Audit trail per provider stored on every propagation row.
Resilience
Atrophy guard — auto-escalate to humans
After three consecutive holds on the same customer, the engine fires a webhook to your designated Slack channel or CRM. Programmatic governance hands the relationship to a human.
Routing
Sub-domain class — transactional bypass
Invoices, password resets, and renewal notices always land — flagged as transactional, exempt from frequency cap. Marketing stays governed. Critical mail never gets held.
Assurance
Annual pen test + quarterly internal adversarial
External penetration test scheduled Q3 2026, concurrent with SOC 2 Type II kickoff. Quarterly automated adversarial RLS probe runs against production.
Response
72-hour SEV-1 incident response
Tiered playbook with regulator notification timelines for DPDP, GDPR, CCPA. SEV-1 acknowledged within 15 minutes, customer-facing status update within one hour.
Public surface
OpenAPI 3.0 reference
Public reference at /api/docs. SLA targets per tier with breach remedies documented for procurement.

Every claim above is verifiable in code. The end-to-end backend auditor runs in 3 seconds and catches a wiring gap before it ships. We run it on every commit.

Compliance & security

Regulatory confidence at every layer.

DPDP Act 2023 — full compliance with India’s Digital Personal Data Protection Act.
GDPR-aligned — DPAs available on request.
CCPA — consumer rights enforced at the engine layer.
AES-256 at rest. TLS 1.3 in transit.
Row-level data isolation. Your data is structurally invisible to every other tenant.
No raw PII sent to LLMs. Context anonymised before any external API call.
72-hour deletion policy for all personal data on request.
Data residency: US-East, EU-West, or Mumbai. Selectable at account level.
SOC 2 Type II audit: targeted Q3 2026. Security questionnaires and DPAs available on request — write to hello@bhasm.ai.
How enterprise uses BHASM

Four operational patterns. One governance layer.

01
Run governed reactivation on high-value silent segments without touching your primary ESP setup.
02
Add a protective governance layer on top of your existing ESP / CRM flows — vetoing sends that would damage domain health or relationships.
03
Generate compliance-ready audit reports for legal and finance teams on demand.
04
Recover significant revenue from accounts that went silent before renewal — with full attribution and outcome tracking.
Pricing

Performance tier recommended.

Base fee plus 3% of verified recovered revenue. 14-day per-customer attribution window. Parallel campaigns from your team run normally — customers who receive both BHASM and a parallel campaign in their window are excluded from the 3% billable count (no double-attribution). We earn only when you earn, and you keep every other channel.

Custom pricing available for multi-brand or high-volume deployments. Write to hello@bhasm.ai with your customer count and current stack.

Discuss custom pricing
What BHASM is not

Three categories we explicitly don’t compete in.

The fastest way to mis-scope an infrastructure layer is to confuse it with the tools it sits alongside. These three boundaries hold across every deployment we ship.

01 · Not an LLM-copy competitor

LLMs construct the raw text. BHASM acts as the traffic controller deciding if the execution window is structurally safe to open.

Your prompt-engineering and message-authoring tools stay in place. BHASM governs dispatch eligibility — never copy quality.

02 · Not an inline proxy

The engine runs asynchronously, parallel to your stack — never between your CRM and your ESP.

No single point of failure introduced by adoption. Zero latency overhead on your delivery rails. If BHASM is unreachable, your native send paths continue uninterrupted.

03 · Not a CRM or ESP replacement

Sits above your architecture as a validation layer.

Procurement cycles do not require infrastructure teardowns. Keep your existing CRM and ESP stack. We govern what fires through them — we don’t ask you to replace them.

Ready to govern your customer communications?

Write to the founder with current stack details. Replies within 24 hours with a proposed 30-minute architecture and compliance review and a no-cost pilot segment on a slice of real data.

Write to the founder →