πŸ›‘οΈ Security & Compliance

Enterprise-Grade Security, Built From Day One

BLEUM is built with security at its core. We implement industry-standard controls to protect your data and maintain compliance with privacy regulations worldwide.

πŸ‡ͺπŸ‡Ί
GDPR Compliant
EU Data Protection
πŸ‡ΊπŸ‡Έ
CCPA/CPRA Compliant
California Privacy Rights
πŸ”
SOC 2 Controls
Enterprise Security
πŸ”’
256-bit Encryption
AES-256 / TLS 1.3

Compliance Status

Our commitment to meeting and exceeding regulatory requirements

Framework
Description
Status
GDPR
General Data Protection Regulation - EU data subject rights including access, portability, and erasure
βœ“ Compliant
CCPA / CPRA
California Consumer Privacy Act - Right to know, delete, opt-out of sale, and non-discrimination
βœ“ Compliant
SOC 2 Type II
Service Organization Control - Security, availability, and confidentiality controls
Controls Implemented

Security Infrastructure

Multi-layered protection powered by AWS enterprise services

☁️

AWS Cloud Infrastructure

Hosted on AWS with multi-region deployment (US & EU)

πŸ”

Data Encryption

AES-256 at rest, TLS 1.3 in transit, KMS key management

πŸ›‘οΈ

Threat Detection

AWS GuardDuty for continuous threat monitoring

πŸ“

Audit Logging

CloudTrail audit logs retained for compliance

πŸ”‘

Secrets Management

AWS Secrets Manager with automatic rotation

🌐

Network Security

VPC isolation, security groups, no public DB access

πŸ‘€

Identity & Access

Role-based access control with MFA enforcement

πŸ“Š

Security Monitoring

AWS Security Hub for continuous compliance checks

Data Protection

Your data rights and how we protect your information

βœ“ What We Do

  • βœ“ Encrypt all data at rest and in transit
  • βœ“ Provide data export on request (GDPR Art. 20)
  • βœ“ Honor deletion requests within 30 days
  • βœ“ Support CCPA "Do Not Sell" opt-out
  • βœ“ Maintain comprehensive audit logs
  • βœ“ Automatically delete call data per retention policy
  • βœ“ Isolate customer data in multi-tenant architecture
  • βœ“ Regular security assessments and monitoring

βœ— What We Don't Do

  • βœ— Sell or share your data with third parties
  • βœ— Store voice recordings permanently
  • βœ— Access customer data without authorization
  • βœ— Train AI models on your specific call data
  • βœ— Store payment card numbers directly
  • βœ— Expose databases to the public internet

Security Features

Built-in protections for enterprise deployments

πŸ”

Authentication

Enterprise SSO support with SAML/OIDC, multi-factor authentication, and automatic session timeouts after 8 hours of inactivity.

πŸ‘₯

Access Control

Role-based permissions (Admin, Member), organization-scoped data isolation, and quarterly access reviews.

πŸ“‹

Audit Logging

Comprehensive audit trail of all administrative actions, authentication events, and data access with 2-year retention.

πŸ”„

Business Continuity

Automated daily backups, multi-region deployment options, and documented disaster recovery procedures.

🚨

Incident Response

24/7 security monitoring, defined incident severity levels, and customer notification procedures for data breaches.

πŸ“œ

Vendor Management

Security assessments for all sub-processors, data processing agreements, and annual vendor reviews.

Data Retention

Transparent policies on how long we keep your data

Data Type
Retention Period
Auto-Delete
Call Transcripts
90 days default (configurable)
βœ“ Yes
Call Metadata
90 days default (configurable)
βœ“ Yes
Voice Recordings
Not stored - processed in real-time only
N/A
Audit Logs
2 years for compliance
βœ“ Yes
Account Data
Account lifetime + 30 days after deletion
βœ“ Yes

Have Security Questions?

Our team is happy to discuss our security practices, provide documentation, or complete your security questionnaire.

Contact Security Team Start Free Trial
Last updated: February 2026