Security & Compliance

    Last updated: June 26, 2026

    1. Infrastructure & Hosting

    CBlindspot.ai is hosted on enterprise-grade cloud infrastructure:

    • Application hosting: Vercel — global edge network with automatic SSL/TLS termination.
    • Database: MongoDB Atlas — fully managed, encrypted, with automatic backups and point-in-time recovery.
    • Cloud infrastructure: AWS — leveraging SOC 2, ISO 27001, and FedRAMP-certified data centers.
    • CDN & DDoS protection: Cloudflare enterprise-grade protection and caching.

    2. Data Protection

    • Encryption at rest: All data is encrypted using AES-256 encryption.
    • Encryption in transit: All communications are secured with TLS 1.3.
    • Data isolation: Each organization's data is logically isolated with strict access controls.
    • No AI training on your data: We never use your workflow data, stack configurations, or decisions to train AI models. Your data is yours.
    • Backup & recovery: Automated daily backups with geo-redundant storage and tested recovery procedures.

    3. Authentication & Access Control

    • Authentication: Email/password, social login (Microsoft, Google), passkeys, and two-factor authentication today; enterprise SAML 2.0 / OIDC single sign-on in development.
    • Two-Factor Authentication (2FA): TOTP-based 2FA available for all accounts.
    • Role-Based Access Control (RBAC): Granular permissions with admin, editor, and viewer roles.
    • Session management: Configurable session timeouts, concurrent session limits, and device tracking.
    • API security: API keys with scoped permissions and automatic rotation capabilities.

    4. AI & LLM Usage

    CBlindspot uses AI to power features like IRIS (our AI advisory layer) and workflow recommendations:

    • Model provider: Claude by Anthropic — chosen for its safety-first architecture and enterprise data handling policies.
    • Session-scoped processing: All AI interactions are session-scoped. Data is processed in real-time and not persisted by the model provider.
    • No model training: Your prompts, responses, and data are never used to train or fine-tune any AI models.
    • Transparency: AI-generated recommendations are clearly labeled. Every recommendation includes the data sources and reasoning used.
    • Human-in-the-loop: Critical decisions always require human approval. AI provides recommendations, not automated actions.

    5. Compliance

    • GDPR: Full compliance with the EU General Data Protection Regulation. Data Processing Agreements (DPA) available upon request.
    • SOC 2: Security controls implemented (security, availability, and confidentiality principles); a formal Type II audit/report is not yet pursued.
    • Data residency: EU data residency available for European customers. Data processing within EEA boundaries.

    6. Audit Trail

    Every action on the CBlindspot platform is logged with immutable timestamps:

    • Decision logging: Every comparison, scoring change, and vendor decision is recorded with user attribution.
    • Workflow history: Complete execution history for all automated workflows including inputs, outputs, and error states.
    • Access logs: Login events, data exports, and permission changes are tracked and available for review.
    • Immutable records: Audit logs cannot be modified or deleted, ensuring compliance with regulatory requirements.
    • Export capability: Audit logs can be exported in CSV and JSON formats for external compliance tools.

    7. Incident Response

    We maintain a documented incident response plan that includes:

    • 24-hour notification to affected customers for confirmed data breaches.
    • 72-hour notification to relevant supervisory authorities as required by GDPR.
    • Post-incident review and remediation reports shared with affected parties.

    8. Contact

    For security inquiries or to report a vulnerability: