At Bluedot we are committed to protecting the confidentiality, integrity, and availability of your data at all times. Bluedot uses enterprise-grade security practices to keep your data safe and secure. You can access our Terms of Service here, and our Privacy policy here.

GDPR Compliant:
Bluedot is designed to adhere to the strict guidelines set forth by the General Data Protection Regulation (GDPR). This includes ensuring that proper consent is obtained from users before collecting and processing their personal data, providing clear and transparent information about how their data is used, and allowing users to easily access and manage their personal information. Our product also includes robust security measures to protect user data from unauthorised access and breaches.

All data is encrypted in transit and at rest using industry-leading best practices. At rest, data is encrypted with 256-bit AES. In transit, our modern TLS cipher configuration prevents downgrade attacks.

Data Center and Network Security:
Bluedot hosts all its software in Amazon Web Services (AWS) facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 1-3, and ISO 27001. See Amazon’s compliance and security documents for more detailed information. 100 percent of Bluedot's primary application servers are located within Bluedot’s own virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between the servers.

Data Security:
All connections to Bluedot are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS. All customer data (including call recordings and transcripts) is encrypted at rest and in transit. We rely on AWS infrastructure to securely maintain our cryptographic encryption keys.

Bluedot is fully compliant with the California Consumer Privacy Act (CCPA), ensuring that our customers' personal data is securely handled and protected. We have implemented the necessary safeguards and protocols to ensure that all personal information is collected, used, and shared in accordance with the CCPA's requirements. Our customers can trust that their data is secure and that we are committed to upholding their privacy rights.

Identity and access management (beta)
You can ensure only the right people have access to your company's data in Bluedot with SAML single sign-on (SSO). Manage user accounts automatically with SCIM provisioning.

Security and Development Practices:

  • Design of all new product functionality is reviewed for security impact, with Bluedot conducting mandatory code reviews for all changes to the code. Bluedot development and testing environments are separate from its production environment. All code development is done through a standard process.
  • Vulnerability Disclosure Process – Bluedot considers privacy and security to be core functions of our platform. Earning and keeping the trust of our customers is our top priority; therefore, we hold ourselves to the highest privacy and security standards. If you have discovered a security or privacy issue that you believe we should know about, we would be eager to hear from you.

SOC 2 - Type 2 (external audit pending)
Bluedot is in the audit window for SOC 2 Type 2 compliance, attesting to the controls and governance we have in place in adherence to the Trust Service Principles established by the American Institute of Certified Public Accountants.