A closer look at the controls behind the Trust Center. This page describes what each control does and how it works, in plain terms.
Access to BlueTower is protected by layered authentication. Privileged roles cannot sign in until multi-factor authentication is enrolled, and repeated failures lock the account.
Data is encrypted in transit and at rest, and application secrets get an additional layer of field-level encryption.
Sensitive actions are recorded in an audit trail designed to detect tampering, and security signals are surfaced in real time.
Customers stay in control of their data, with self-service rights and enforced retention limits.
AI assists with reviewing SOC reports, but a person is always in control, and personal data is minimised before any text leaves our systems.
The platform runs on hardened, least-privilege infrastructure with defensive controls around uploads and tenant isolation.
If you believe you have found a security issue, we want to hear from you. We investigate every report and will keep you updated.
Email our security team with details and steps to reproduce. Please do not share the issue publicly until we have resolved it.