Bluedot is designed to adhere to the strict guidelines set forth by the General Data Protection Regulation (GDPR). This includes ensuring that proper consent is obtained from users before collecting and processing their personal data, providing clear and transparent information about how their data is used, and allowing users to easily access and manage their personal information. Our product also includes robust security measures to protect user data from unauthorised access and breaches.
All data is encrypted in transit and at rest using industry-leading best practices. At rest, data is encrypted with 256-bit AES. In transit, our modern TLS cipher configuration prevents downgrade attacks.
Data Center and Network Security:
Bluedot hosts all its software in Amazon Web Services (AWS) facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 1-3, and ISO 27001. See Amazon’s compliance and security documents for more detailed information. 100 percent of Bluedot's primary application servers are located within Bluedot’s own virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between the servers.
All connections to Bluedot are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS. All customer data (including call recordings and transcripts) is encrypted at rest and in transit. We rely on AWS infrastructure to securely maintain our cryptographic encryption keys.
Bluedot is fully compliant with the California Consumer Privacy Act (CCPA), ensuring that our customers' personal data is securely handled and protected. We have implemented the necessary safeguards and protocols to ensure that all personal information is collected, used, and shared in accordance with the CCPA's requirements. Our customers can trust that their data is secure and that we are committed to upholding their privacy rights.
Identity and access management (beta)
You can ensure only the right people have access to your company's data in Bluedot with SAML single sign-on (SSO). Manage user accounts automatically with SCIM provisioning.
Security and Development Practices:
SOC 2 - Type 2 (external audit pending)
Bluedot is in the audit window for SOC 2 Type 2 compliance, attesting to the controls and governance we have in place in adherence to the Trust Service Principles established by the American Institute of Certified Public Accountants.