Security
Your data security is our top priority
🔐 SOC 2 Type II
🛡️ GDPR Compliant
🔒 256-bit Encryption
☁️ Secure Cloud
Infrastructure Security
BAM.ai is built on enterprise-grade cloud infrastructure with multiple layers of protection:
- Hosting: Deployed on Railway and backed by AWS/Google Cloud with 99.9% uptime SLA
- DDoS Protection: Automatic traffic filtering and rate limiting
- Network Security: Firewalls, intrusion detection, and continuous monitoring
- Geographic Redundancy: Data replicated across multiple availability zones
Data Encryption
- In Transit: All data transmitted using TLS 1.3 encryption
- At Rest: AES-256 encryption for all stored data
- Backups: Encrypted backups with secure key management
- API Security: JWT tokens with short expiration and refresh rotation
Access Controls
- Authentication: Secure password hashing (bcrypt), optional Google OAuth
- Authorization: Role-based access control (RBAC) with principle of least privilege
- Session Management: Secure session handling with automatic timeout
- Audit Logs: Comprehensive logging of all access and changes
Application Security
- Secure Development: Code reviews, automated testing, and security scanning
- Dependency Management: Regular updates and vulnerability patching
- Input Validation: Protection against SQL injection, XSS, and CSRF attacks
- Content Security Policy: Strict CSP headers to prevent code injection
AI & Data Processing
- Data Isolation: Your knowledge base is completely separate from other users
- AI Processing: We use trusted AI providers (Google, OpenAI) with enterprise agreements
- No Training: Your data is NEVER used to train public AI models
- Retention: You control your data; delete anytime with full removal
Compliance
- GDPR: Full compliance with EU data protection regulations
- CCPA: California Consumer Privacy Act compliance
- SOC 2: Working toward SOC 2 Type II certification
Incident Response
In the unlikely event of a security incident:
- Immediate incident containment and investigation
- Notification to affected users within 72 hours
- Detailed post-incident report and remediation
Report a Vulnerability
If you discover a security vulnerability, please report it responsibly to security@bam.ai. We appreciate your help keeping BAM.ai secure.