<aside> 💡 botBrains exclusively uses service providers with EU data regions 🇪🇺, keeps all infrastructure in Germany 🇩🇪 and has contractual agreements with all service providers. LLM providers are contractually prohibited from retaining data or using data to train models.
</aside>
botBrains is committed to the highest standards of data security, particularly concerning the handling and protection of customer data. This document outlines our key practices and policies that enforce data security, including our methods for access control, data localization, and data processing agreements (DPAs) with our subprocessors.
botBrains stores and processes all customer data within Germany, utilizing data centers located in Frankfurt and Nuremberg. These locations are chosen for their robust infrastructure and stringent data protection laws, aligning with Germany's Federal Data Protection Act and the broader EU GDPR regulations. This ensures that all data handled by botBrains remains within the EU's legal jurisdiction, minimizing legal and practical risks associated with data sovereignty.
botBrains secures customer data using AES-256 encryption, the industry standard for encrypting data at rest. This security measure ensures that all stored data remains protected. Additionally, all data transmitted between end-customers and botBrains servers, as well as communications within the botBrains internal network, are safeguarded with TLS encryption. This level of encryption is also applied at the database level, providing a comprehensive security framework for both data at rest and in transit.
Access to sensitive data and systems at botBrains is strictly regulated through Identity Provider (IdP) services. These services manage user identities and enforce robust authentication and authorization strategies to ensure that only authorized personnel have access to specific sets of data. This approach is integral to preventing unauthorized access and maintaining the integrity of customer data.
To further safeguard customer data, botBrains maintains Data Processing Agreements (DPAs) with all its subprocessors. These agreements ensure that our partners also adhere to stringent data protection standards and operate exclusively within EU data regions. These DPAs define the terms for processing, handling, and securing data, ensuring that subprocessors meet the same high standards that botBrains upholds.
Regarding our interactions with Large Language Model (LLM) providers, botBrains takes additional steps to protect data integrity and ownership. Specifically, no customer data is retained on the processors' machines. This policy ensures that data used in operations with LLMs remains transient and is not used for training or improving these models. This practice not only protects our customers' data from unauthorized use but also reinforces their ownership and control over their data.
botBrains is transparent about its data handling and security practices. Customers who have entered into a Data Processing Agreement with us have their data ownership rights explicitly preserved. This means that all data processed by botBrains is handled in a way that respects and prioritizes customer rights, including the right to access, rectify, and request the deletion of their data.
Through these stringent and proactive measures, botBrains ensures that customer data is not only secure but also handled in compliance with the highest regulatory standards. Our commitment to data sovereignty, secure processing, and transparency forms the cornerstone of our trustworthiness as a provider of AI-powered chatbot solutions.
For more detailed information or specific inquiries regarding our data security practices, customers are encouraged to contact our data protection officer at [email protected].