Security
Your data, protected by design
Enterprise-grade security for AI deployment
Deploying AI that accesses business knowledge requires trust. Bigboat.ai is built with security and privacy as foundational requirements, not optional features. Your data stays yours, protected by industry-standard practices and compliance-ready controls.
Protection
Data Protection
Encryption everywhere
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Your documents, conversations, and customer data are protected at every stage.
Isolated processing
Each organisation's data is logically isolated. Your knowledge base, conversation history, and analytics are separated from other customers.
Secure document handling
Uploaded documents are processed securely, with extracted content stored in encrypted vector databases. Original files can be retained or deleted based on your policy.
No training on your data
Your documents and conversations are never used to train AI models. Your proprietary information remains exclusively yours.
Control
Access Control
Role-based permissions
Define who can create agents, access conversations, modify knowledge, and view analytics. Granular controls match your organisational structure.
SSO integration
Connect to your identity provider for centralised authentication. Support for SAML and OAuth enables seamless, secure access management.
Department boundaries
Limit visibility to relevant teams. HR agents can be restricted to HR staff. Sales agents stay with sales teams. Data doesn't cross boundaries without explicit permission.
API security
Scoped API keys with rate limiting and detailed logging. Control what integrations can access and monitor their usage.
Compliance & Privacy
GDPR ready
Data subject access requests, right to deletion, and data portability are built into the platform. Meet GDPR obligations without custom development.
Data retention controls
Configure how long conversations and customer data are retained. Automatic purging ensures you don't hold data longer than necessary.
Audit logging
Comprehensive logs of system access, configuration changes, and data operations. Demonstrate compliance with detailed audit trails.
Data processing agreements
Standard DPAs available for enterprise customers. We're a data processor acting on your instructions, with clear contractual obligations.
Infrastructure Security
Cloud security
Hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certification. Regular penetration testing and vulnerability assessments.
Network protection
Web application firewalls, DDoS protection, and network segmentation protect against external threats.
Backup and recovery
Regular automated backups with tested recovery procedures. Your data is protected against loss and quickly recoverable if needed.
AI-Specific Security
Prompt injection protection
Input validation and output filtering protect against attempts to manipulate AI behaviour through malicious prompts.
Response boundaries
AI agents are constrained to answer from provided knowledge. They can't be tricked into revealing system information or generating harmful content.
Content filtering
Automated detection of inappropriate content in both inputs and outputs. Keyword flagging adds custom monitoring.
Human oversight
Conversation review, escalation triggers, and analytics provide human oversight of AI operations.
Transparency and trust
We believe security requires transparency. We're open about how we handle data, what AI providers we use, and how our systems work.
- Clear AI disclosure to end users
- Documented data flows
- Regular security updates
- Incident notification procedures
- Available security assessments
Enterprise options
Custom data residency
Choose where your data is stored and processed. EU, US, and other regional options available.
Dedicated infrastructure
For organisations requiring complete isolation, dedicated instances provide exclusive infrastructure.
Custom compliance
Work with our team to meet specific regulatory requirements for your industry or jurisdiction.
Common security questions
Is my data used to train AI models?
No. Your documents, conversations, and customer data are never used to train AI models. Your information is used only to provide responses within your organisation.
Where is data stored?
By default, data is stored in secure cloud infrastructure. Enterprise customers can specify data residency requirements for specific regions.
How long is data retained?
You control data retention. Configure how long conversations and customer profiles are kept. Data can be deleted on request at any time.
Can I get a security assessment?
Yes. We provide security documentation and can participate in vendor assessments for enterprise evaluations. Contact us to request materials.
Live Demo
See it work with
your own content
Upload a document and start asking questions immediately. The demo shows how answers reference your uploaded material instead of generating assumptions.