bCloud AI

Request a demo
Get started

Welcome to the bCloud AI Trust Center

At bCloud AI, search is more than a feature — it’s a mission-critical service. Every product we build starts with one principle: how do we protect what matters most? Security isn’t an add-on. It’s built into every layer.
Get a Demo

You can trust us with your data

From architecture to user interface, security and privacy are designed in from the very first line of code — never bolted on as an afterthought.

Your data belongs to you

You are never the product — and neither are your users. You always know exactly where your data resides and what it is processed for. Our services never track your users beyond what you explicitly configure. User identity remains entirely under your control.

Security by design

We incorporate security and privacy considerations from the initial design phase of every new service and capability. It’s not a checkbox exercise at the end of development — it’s a foundational principle that shapes every architectural decision we make.

Full transparency

We maintain open communication about our security practices, certifications, incident response procedures, and data processing activities. Our security team is accessible directly — no layers of support tickets, no deflection.

How we protect your data

Infrastructure security

bCloud AI maintains geographically distributed data centres across multiple regions, with all production data stored in physically secure facilities. Our infrastructure is designed to eliminate single points of failure and minimise the impact of environmental risks.
  • All data centres comply with or exceed SOC 2 security requirements
  • CCTV surveillance, on-site security personnel, and key card access
  • Redundant power, cooling, and network connectivity
  • AES-256 encryption for data at rest across all storage systems

Access control & privilege management

bCloud AI operates on a strict least-privilege access model. Our internal data access processes are designed to prevent unauthorised persons or systems from accessing infrastructure used to process personal data.
  • Centralised access management system for all production servers
  • SSO, LDAP, and SSH certificate-based authentication
  • Role-based access control (RBAC) with granular permissions
  • Access policies audited regularly by independent third-party auditors
  • SAML SSO and two-factor authentication for all dashboard accounts

Encryption & data protection

All data transmitted to and from bCloud AI is encrypted using industry-standard protocols. We enforce encryption at every stage of the data lifecycle — in transit, at rest, and during processing.
  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for all data at rest
  • API keys encrypted and stored securely with hardware security modules
  • Customer data logically segregated in the cloud with strict isolation

Continuous security testing

All data transmitted to and from bCloud AI is encrypted using industry-standard protocols. We enforce encryption at every stage of the data lifecycle — in transit, at rest, and during processing.
  • Continuous vulnerability scanning across all production systems
  • Regular third-party penetration testing by accredited firms
  • Public bug bounty programme to incentivise responsible disclosure
  • Mandatory security training for all employees at onboarding
  • Background checks conducted for all personnel to the extent permitted

Compliant. Secure. Award-winning.

Secure and reliable so every customer can run at scale.

Data privacy commitments

We believe privacy is a fundamental right. Here’s how we honour that principle across every aspect of our platform.

No user tracking

Our services do not track your end users beyond what you explicitly configure. We never sell, share, or monetise user data. User identity and behavioural data remain entirely under your control at all times.

Data minimisation

We apply data minimisation techniques across all services, collecting and processing only the minimum data necessary to deliver the functionality you've configured.

Data residency control

Choose where your data is processed and stored. With data centres spanning multiple regions, you can select the geographic location that meets your regulatory and compliance requirements.

Sub-processor oversight

We conduct thorough security and privacy audits of all sub-processors prior to onboarding, ensuring they maintain adequate security practices and data protection standards aligned with our own commitments.

AI model security & governance

How we protect AI models and your data within them

bCloud AI enforces robust privacy protections through strict compliance with global data privacy regulations, including GDPR. We apply data minimisation techniques and pseudonymisation to ensure that personally identifiable information (PII) is removed or anonymised before being used in any AI training or fine-tuning processes.

AI models are secured through AES-256 encryption for both data in transit and at rest, with strict role-based access control (RBAC) and least-privilege principles governing access to sensitive data. Customer data is logically segregated, and models are trained in isolation. All security protocols are regularly audited against industry-leading standards including SOC 2, ISO 27001, and ISO 27017.

bCloud AI leverages a range of AI technologies — from proven, well-established approaches like collaborative filtering and regression models to state-of-the-art large language models. Deep learning models are pre-trained by trusted providers. Depending on specific customer requirements, models may be fine-tuned for higher quality and relevance in specialised domains such as eCommerce.

Shared responsibility model

Security is a shared effort. Here’s how responsibility is divided between bCloud AI and your team.

bCloud AI is responsible for

  • Securing physical and virtual infrastructure end-to-end
  • Maintaining compliance with SOC 2, ISO 27001, ISO 27017, and GDPR
  • Implementing API keys with access control lists (ACL) and 2FA
  • Providing SAML SSO and AES-256 encryption for Enterprise customers
  • Ensuring sub-processors follow equivalent security standards
  • Delivering continuous security training to all employees
  • Storing and encrypting your API keys securely
  • Maintaining and patching open-source API clients and UI libraries

bCloud AI is responsible for

  • Securing physical and virtual infrastructure end-to-end
  • Maintaining compliance with SOC 2, ISO 27001, ISO 27017, and GDPR
  • Implementing API keys with access control lists (ACL) and 2FA
  • Providing SAML SSO and AES-256 encryption for Enterprise customers
  • Ensuring sub-processors follow equivalent security standards
  • Delivering continuous security training to all employees
  • Storing and encrypting your API keys securely
  • Maintaining and patching open-source API clients and UI libraries

Speak directly with our security team

Have questions about our security practices, certifications, or data handling? Our dedicated security team is available to discuss your specific requirements.

Contact security@bcloud.ai

Trust Center FAQs

Where is my data stored?
bCloud AI operates data centres across 17 geographic regions with 70+ facilities worldwide. You choose where your data is processed and stored at the time of account setup. All data centres comply with or exceed SOC 2 security requirements and are equipped with physical security measures including CCTV, on-site personnel, and key card access control systems
bCloud AI uses your subscriber data — such as search queries and user events — to fine-tune models specifically for your use case, delivering more relevant results and recommendations. However, we enforce strict privacy protections: PII is removed or anonymised before any training process, models are trained in isolation, and customer data is never shared across accounts. Your data is never sold or used for purposes beyond delivering your configured services.
We secure AI models through robust encryption (AES-256 for data at rest and in transit), strict role-based access control with least-privilege principles, logical data segregation in the cloud, and isolated model training environments. All security protocols undergo regular auditing against SOC 2, ISO 27001, and ISO 27017 standards.
Yes. bCloud AI is fully compliant with the EU General Data Protection Regulation. We offer Data Processing Agreements (DPA) to all customers, support Standard Contractual Clauses (SCC) for cross-border data transfers, apply data minimisation and pseudonymisation techniques, and provide data residency controls that let you choose where your data is processed and stored.
bCloud AI maintains SOC 2 Type II and SOC 3 audit reports, ISO/IEC 27001:2013 and ISO/IEC 27017:2015 certifications, CSA STAR Registry listing, and GDPR compliance. These certifications are updated regularly and available for review by customers upon request. Our security measures are continuously evaluated and improved to meet or exceed the requirements of these standards.
Yes. The SOC 2 Type II report is a confidential document available for review by customers and prospective customers under NDA. Contact your bCloud AI representative or our security team at security@bcloud.ai to request access. The SOC 3 report is publicly available and provides a general overview of our control environment.
bCloud AI maintains a documented incident response plan that covers detection, containment, investigation, notification, and remediation. In the event of a confirmed data breach involving customer data, we will notify affected customers promptly in accordance with applicable legal requirements, including GDPR’s 72-hour notification obligation. Our security team conducts post-incident reviews to identify root causes and implement preventive measures.

Empower anyone to build exceptional Search & Discovery

Get a demo
Scroll to Top