> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bondata.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Trust

> Security, compliance, and data protection documentation for the BonData platform.

BonData is built so the customers we serve, including those in regulated industries, can adopt the platform without compromising on security, privacy, or data residency. This page summarizes the frameworks BonData operates against, the third parties that process data on our behalf, and the policy documents that govern the relationship.

Enterprise and regulated-industry customers deploy single-tenant: [Dedicated Cloud](/platform/deployment-scenarios/dedicated-cloud), a dedicated environment that BonData operates, or [Cloud-Prem on AWS](/platform/deployment-scenarios/cloud-prem-aws), which runs inside the customer's own AWS account. [Cloud SaaS](/platform/deployment-scenarios/cloud-saas) is intended for proofs of concept and lower-tier packages.

For the controls behind each framework, see [Compliance](/platform/compliance). For how data flows through the platform, see [Application architecture](/platform/application-architecture).

## Compliance

<Columns cols={3}>
  <Card title="SOC 2 Type II" icon="lock">
    Certified. Audited controls for security, availability, and confidentiality. Report available under NDA via `security@bondata.ai`.
  </Card>

  <Card title="ISO 27001" icon="certificate">
    Certified. Certificate available under NDA via `security@bondata.ai`.
  </Card>

  <Card title="GDPR" icon="shield">
    EU General Data Protection Regulation. DPA with EU Standard Contractual Clauses available.
  </Card>
</Columns>

## Subprocessors

BonData uses the following subprocessors to deliver the platform. Each is bound by a written data-processing agreement and is engaged only for the purpose described.

|                             | Subprocessor              | Purpose                                                                                                                                                                                                             | Location                      |
| --------------------------- | ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- |
| <Icon icon="aws" />         | Amazon Web Services (AWS) | Cloud infrastructure: EKS, RDS, S3, Amazon MQ, Secrets Manager, KMS, CloudFront, Athena, Glue, Redshift, CloudWatch                                                                                                 | United States (EU on request) |
| <Icon icon="cloudflare" />  | Cloudflare                | DNS, TLS termination, web application firewall, DDoS protection, Cloudflare Tunnel                                                                                                                                  | Global edge network           |
| <Icon icon="fingerprint" /> | Descope                   | Identity provider: authentication, SSO federation, SCIM, MFA, session management                                                                                                                                    | United States                 |
| <Icon icon="sparkles" />    | Anthropic                 | Large language model provider (Claude). Inputs and outputs not used for training under Anthropic Commercial Terms.                                                                                                  | United States                 |
| <Icon icon="brain" />       | OpenAI                    | Large language model provider and default text embeddings (`text-embedding-3-small`). API usage; not used for training. Enterprise customers can switch embeddings to AWS Bedrock Titan in their Cloud-Prem region. | United States                 |
| <Icon icon="google" />      | Google                    | Large language model provider (Gemini). API usage; not used for training.                                                                                                                                           | United States                 |
| <Icon icon="cube" />        | e2b                       | Sandboxed code execution in ephemeral Firecracker microVMs. Receives the generated code and input variables passed by the workflow node. Compliance posture at [trust.e2b.dev](https://trust.e2b.dev).              | United States                 |
| <Icon icon="chart-line" />  | New Relic                 | Log aggregation and platform metrics                                                                                                                                                                                | United States                 |
| <Icon icon="bug" />         | Sentry                    | Application error tracking with PII filtering enabled                                                                                                                                                               | United States                 |

For Cloud-Prem deployments, AWS, Cloudflare, and Descope are still in scope; the remaining subprocessors are engaged only when the corresponding feature (a given AI model, code execution, hosted observability) is enabled by the customer.

## Resources

<CardGroup cols={2}>
  <Card title="Status Page" icon="signal" href="https://status.bondata.ai">
    Real-time platform availability, incident history, and scheduled maintenance.
  </Card>

  <Card title="Privacy Policy" icon="file-shield" href="/platform/privacy-policy">
    How BonData collects, uses, and protects personal data.
  </Card>

  <Card title="Terms of Use" icon="file-contract" href="/platform/terms-of-use">
    The contract that governs use of the BonData platform.
  </Card>
</CardGroup>

For SOC 2 Type II reports, Data Processing Agreements, security questionnaires, or penetration test summaries, contact `security@bondata.ai`.

<Card title="Ready to evaluate BonData for your enterprise?" icon="comments" href="mailto:support@bondata.ai">
  Contact us to discuss your security, residency, and compliance requirements and scope the right deployment for your organization. We work with each enterprise to tailor the engagement.
</Card>
