Bluur®
The Art of Intelligent
Anonymity
Bluur® App
Try Bluur

Welcome to Bluur® Trust Center!

Table of Contents

Overview

At Bluur®, trust is the foundation of everything we do. Our Trust Center is your centralized resource for understanding how we secure your data, ensure compliance, maintain system reliability, and uphold transparency across all aspects of our platform.

Compliance

ISO 27001:2022
ISO/IEC 27017:2015
ISO/IEC 27018:2019
ISO/IEC 27032:2012
HIPAA
SOC 2 Type II
Texas Risk and Authorization Management Program (TX-RAMP)
GDPR Compliance
CCPA
Bluur security certificate View
Data Security
Data Encrypted In-Transit
Password Encryption
View all Data Security controls
Infrastructure Security
Physical Access Control
Multi-tenant Architecture
View 2 more Infrastructure Security controls
Application and Development Security
Change Management
Penetration Testing
View 1 more Application Security controls

Subprocessors

View all subprocessors ›

Resources

Compliance
Bluur® application security certificate

Controls

Data Security

Control Status
Data Encrypted In-Transit Data in-transit is encrypted using TLS 1.3
Password Encryption User account passwords are encrypted and hashed with a SHA-256 algorithm.

Infrastructure Security

Control Status
Physical Access Control - Data Center Bluur® operates on OVHcloud data center infrastructure that meets strict regulatory and industry requirements. This means our customers' data is processed in an environment compliant with international standards for security, privacy, and availability.
Multi-tenant Architecture BTC operates on a multi-tenant architecture, where customer environments are logically isolated to ensure data privacy and security.
Availability and Redundancy Designed with high availability and redundancy in mind to ensure service continuity and minimal downtime, the Bluur® platform is hosted in an OVHcloud data center located in Ożarów Mazowiecki (Kazimierza Kamińskiego 6, 05-850 Ożarów Mazowiecki, Poland). The facility is operated by OVHcloud sp. z o.o. and holds, among others, ISO 27001, ISO 27017, ISO 27018, ISO 27701 certifications, as well as SOC 1/2/3 standards (status as of 13.11.2025).

Bluur® uses load balancing modules to efficiently distribute traffic, optimize performance, and maintain service stability under varying loads. Redundant systems and infrastructure minimize the impact of potential failures. Together, these measures create a resilient platform customers can rely on, ensuring uninterrupted access and consistent performance.
Vulnerability Scans BTC performs continuous vulnerability scanning to identify and remediate security issues.

Application and Development Security

Control Status
Change Management BTC follows a structured change management process ensuring all updates, configurations, and changes to its production and corporate environments are reviewed, tested and securely implemented to minimize risk and uphold security integrity.
Penetration Testing BTC conducts annual applicative penetration testing through an independent third-party provider.
Environment Separation BTC’s infrastructure is segmented into distinct environments for development, production and QA operations, minimizing risk and limiting access between environments.

AI Security 

Control Status
AI Model Architecture Bluur® utilizes a frozen artificial intelligence model trained by BTC. Data classification is fully automated, operating with a classification accuracy of 95.3%. This architecture provides high-speed processing without user intervention.
Data Privacy & Training The system does not learn on documents provided by customers. No customer data is collected, saved, or used for further training of the models, ensuring total data sovereignty.
Data Isolation Each tenant’s knowledge base, logs, and configurations are stored in a dedicated database. This architecture ensures strict cross-tenant isolation and prevents any unauthorized data visibility.
Model Updates Optimized versions of the model are released periodically through official system updates after rigorous internal testing by BTC.
Risk Management Bluur® is designed to process documents based on predefined classification logic. Because the model is "frozen," its behavior is predictable and eliminates the risk of "model drift" or unauthorized autonomous learning.
Audit & Transparency All automated classification actions are recorded within the anonymization history, providing full traceability of which documents are classified with AI.

Privacy

Control Status
GDPR BTC is committed to protecting the privacy of its customers and, where applicable, complies with the EU General Data Protection Regulation (GDPR).
Data Processing Addendum BTC’s comprehensive Data Processing Agreement (DPA) sets forth the obligations and conditions related to the processing of personal data. Our DPA is available here. To request a signed DPA, please contact: [email protected]
Data Protection Officer (DPO) BTC has an appointed DPO that can be contacted by e-mailing: [email protected]
Data Removal Requests Should a customer ever decide to delete their BTC account, they may do so by emailing [email protected]. Once an account is terminated, any association between the account and stored personal data will no longer be accessible through the account.
Subprocessors BTC may engage with third-party data processors to support the delivery of services to customers. These sub-processors may have access to customer-provided personal data solely for the purpose of performing their contracted responsibilities.
See the full list of sub-processors.
Privacy Policy BTC’s Privacy Policy outlines how we collect, use, store, and protect personal data in accordance with applicable privacy laws and regulations. It reflects our commitment to transparency, user rights, and responsible data handling practices.

Product Security

Control Status
Password Complexity When registering at https://app.bluur.ai/, users are required to set a password that complies with a defined security policy. The password must be at least 8 characters long and include at least one uppercase and one lowercase letter (A-Z, a-z), at least one digit (0-9), and at least one special character such as @ # $ % ! ?.
Multi-Factor Authentication BTC mandates Multi-Factor Authentication (MFA) to provide an added layer of security and protect user accounts from unauthorized access.
X

Corporate Security

Control Status
Data Loss Prevention BTC leverages Full Endpoint Protection to guard against advanced threats aimed at employee endpoints. All devices are continuously monitored for suspicious behavior, enabling rapid detection and containment of potential incidents. These advanced security measures help preserve the integrity of BTC systems and protect sensitive data throughout the organization.
Principle of Least Privilege BTC enforces Role-Based Access Control to ensure that employees have access only to the resources necessary for their job functions. Access rights are granted based on the principle of least privilege, minimizing exposure to sensitive systems and data.
Physical Access Control BTC implements strict physical access controls to safeguard its offices.
Workstation Encryption All corporate workstations at BTC are fully encrypted to protect sensitive data and prevent unauthorized access.

Subprocessors

OVHcloud
OVHcloud sp. z o.o.
Cloud infrastructure and data centre provider. Responsible for hosting, availability, physical and network security of the environment in which Bluur® operates.
Stripe
Stripe
Electronic payment operator. Used for payment and settlement processing. Bluur® does not process or store payment card data.
Google
Google Workspace
Used to handle system logins, secure user accounts, and support processes related to authentication and access security.
Microsoft Entra
Microsoft Entra ID
Identity and authentication management service. Used in login processes, identity integration and system access security.

Questions and answers

AI Security

No. Your information is never used to train external or internal models.

Yes, all automated classification, also actions are recorded within the anonymization history, providing traceability of which documents are classified with AI.

Infrastructure & Data Isolation

No. Each customer has their own separate database in the OVHcloud cloud environment.

Yes, all automated classification, also actions are recorded within the anonymization history, providing traceability of which documents are classified with AI.

Encryption & System Security

Data in-transit is encrypted using TLS 1.3, whereas user account passwords are encrypted and hashed with a SHA-256 algorithm.

Data protection in Bluur® is based on a combination of technical and organisational security measures and regular security audits. Data is transmitted in encrypted form, logically separated between customers and processed in a certified cloud infrastructure. The security of the system is additionally verified through independent vulnerability and penetration tests

Auditing & Reporting

Yes. Audit logs are available only to users with appropriate permissions granted in the system. The scope of visible data depends on the user’s role. Also, Bluur® provides a history of anonymization where users can find who redacted documents and when.

If a customer suspects a security vulnerability or notices a potential security-related issue in BTC services, they can report it directly to the support team by sending an email to [email protected]. BTC supports responsible vulnerability disclosure and follows a structured process for receiving, analyzing, and handling

security reports. Each report is verified, and if an issue is confirmed, appropriate remediation actions are taken.

Data Privacy

Access to customer data is strictly limited to authorised personnel of BTC who need this data solely for the purpose of customer service, service maintenance or the fulfilment of legal obligations. Access is granted in accordance with the principle of minimum privileges and is subject to control.

Customers can independently update their personal data, such as contact details, billing information, or login-related data, directly in the Bluur® account settings. If additional corrections are required or if there are any questions regarding the processing of personal data, customers can contact BTC directly at: [email protected]

The current list of subprocessors used within the Bluur® is available in the Subprocessors section