🎉 Şu anda kapalı beta sürecindeyiz.Erken erişim programına katıl ›
Ana SayfaGüvenlik
Every agent you hire passes our rigorous security clearance. Your data is encrypted, isolated, and never used for model training. Enterprise-grade protection, regardless of your plan.
SOC 2 Type II
Audited
GDPR
Compliant
ISO 27001
Certified
99.9% Uptime
SLA Backed
Security isn't a feature. It's our foundation. Every layer of the Botonom platform is designed with defense in depth.
All data is encrypted at rest with AES-256 and in transit with TLS 1.3. Database fields containing sensitive information use application-level encryption with customer-specific keys.
Role-based access control with granular permissions. Every agent action, every user login, every configuration change: logged and auditable.
Each workspace operates in a logically isolated environment. Your agents, conversations, and data are completely separated from other customers.
Comprehensive logging of every action across your workspace. Who did what, when, and from where, searchable and exportable for compliance reviews.
Our agents meet the highest standards. Request audit reports, DPAs, and compliance documentation at any time.
Independently audited for security, availability, and confidentiality. Our SOC 2 report is available to customers and prospects under NDA.
Full compliance with the EU General Data Protection Regulation. Data Processing Agreements (DPA) available for all customers.
Compliant with the California Consumer Privacy Act. We support data access, deletion, and portability requests.
Our information security management system meets the international standard for protecting sensitive data systematically.
Your AI agents run on infrastructure designed for reliability, performance, and security. Multi-region deployment ensures low latency and high availability worldwide.
Hosted on AWS with multi-region availability. Auto-scaling ensures your agents perform under any load.
All data replicated across multiple availability zones with automated backups every 6 hours.
RTO of 4 hours and RPO of 1 hour. Tested quarterly with full failover exercises and documented runbooks.
Backed by a contractual SLA with service credits. Real-time status monitoring at status.botonom.com.
Multi-layer DDoS mitigation with rate limiting, traffic analysis, and automatic threat response.
Automated alerting and on-call engineering teams monitor infrastructure health around the clock.
Our commitment to responsible AI goes beyond compliance. These principles are built into every agent, every feature, every decision.
Your conversations, documents, and business data are never used to train our AI models. Your data is yours, period.
Every decision your AI agent makes is logged and explainable. No black boxes. You always know what happened and why.
Configure how long data is retained in your workspace. Set automatic deletion policies or export everything at any time.
Agents can be configured to escalate sensitive decisions to human operators. You control the autonomy level.
Security isn't a one-time checkbox. Our operations team runs on a disciplined cadence of testing, auditing, and improvement.
Automated SAST/DAST scans on every deployment
Automated checks for known CVEs in all packages
Review and revoke unnecessary permissions
Third-party pen test with full remediation cycle
Independent audit of controls and processes
For organizations that need advanced controls, dedicated infrastructure, and hands-on compliance support. Available on our Enterprise plan.
Talk to SalesSingle Sign-On (SSO)
Okta, Azure AD, Google Workspace, custom SAML
SCIM Provisioning
Automated user lifecycle management
Custom DPA
Tailored Data Processing Agreement for your legal team
IP Allowlisting
Restrict access to approved network ranges
Dedicated Infrastructure
Isolated compute and storage on request
Penetration Testing
Annual third-party pen tests; reports available under NDA
Custom Data Residency
Choose where your data is stored: US, EU, or APAC
Vendor Security Questionnaire
Pre-filled SIG/CAIQ available on request
All data is stored in AWS data centers. By default, data resides in US-East (Virginia). Enterprise customers can choose EU (Frankfurt) or APAC (Sydney) residency.
No. We never use customer data, conversations, or uploaded documents to train, fine-tune, or improve our AI models. Your data is used solely to provide the service you've configured.
Every agent action is logged in an immutable audit trail. You can review, undo, or escalate any action. Agents can be configured with confidence thresholds that trigger human review for uncertain decisions.
Yes. Our SOC 2 Type II report is available to customers and qualified prospects under a standard NDA. Contact our security team or your account manager to request a copy.
We maintain a responsible disclosure program. Please report vulnerabilities to security@botonom.com. We acknowledge reports within 24 hours and aim to resolve critical issues within 72 hours.
Yes. Enterprise customers can deploy Botonom on their own infrastructure: AWS, Azure, GCP, or bare-metal. This includes air-gapped environments for maximum data sovereignty.
Our security team is happy to answer your questions, walk through our practices, or provide compliance documentation for your review.