> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bondata.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# FAQ

> Common questions from security, procurement, and privacy reviewers.

<AccordionGroup>
  <Accordion title="How can I request your SOC 2 Type II report?">
    Our SOC 2 Type II report is available under NDA. Contact `security@bondata.ai` with your company name and use case and we'll share it.
  </Accordion>

  <Accordion title="Is my data used to train AI models?">
    No. BonData's contracts with Anthropic, OpenAI, and Google all prohibit the use of customer inputs or outputs for model training, in line with each provider's commercial API terms.
  </Accordion>

  <Accordion title="Where is customer data stored?">
    Cloud SaaS is hosted in the United States by default, with EU hosting available on customer request. Cloud-Prem deployments keep all customer data inside the customer's own AWS account, in the region the customer chooses.
  </Accordion>

  <Accordion title="Do you sign a Data Processing Agreement?">
    Yes. Our DPA, with the EU Standard Contractual Clauses incorporated, is available on request from `privacy@bondata.ai`.
  </Accordion>

  <Accordion title="Can I use my own encryption keys (BYOK)?">
    In Cloud-Prem, yes - customer-managed AWS KMS keys are supported for RDS, S3, EBS, and application-layer encryption. Cloud SaaS uses BonData-managed AWS KMS keys.
  </Accordion>

  <Accordion title="How is BonData's operator access to my data controlled?">
    All BonData operator access is SSO-gated, uses short-lived AssumeRole credentials, and is outbound-only from BonData's network. For **Cloud-Prem**, every operator action is recorded in your AWS CloudTrail under the operator's session name in real time. For **Cloud SaaS**, BonData retains internal CloudTrail and SSO logs; tenant-scoped operator-access extracts are available on request as part of enterprise-tier contracts.
  </Accordion>
</AccordionGroup>
