BlueAI Chat BlueAIChat ← Back to Home
Security & Compliance

Your Data, Secured in India

Enterprise-grade encryption, Azure Central India hosting, and strict access controls. Your business data never leaves the country.

Data Residency — Azure Central India

All customer data — chat conversations, knowledge bases, lead information, and analytics — is hosted exclusively on Microsoft Azure's Central India region (Pune). Your data never leaves India, ensuring compliance with local data sovereignty requirements.

Encryption

At Rest

All data stored in Azure PostgreSQL and Azure Storage is encrypted using AES-256 encryption. Database backups are also encrypted at rest.

In Transit

All communications use TLS 1.2+ encryption. API endpoints, dashboard access, and widget communications are served exclusively over HTTPS.

Infrastructure

Cloud ProviderMicrosoft Azure
RegionCentral India (Pune)
DatabaseAzure PostgreSQL Flexible Server (encrypted)
ApplicationAzure Container Apps (isolated workloads)
Static AssetsAzure Static Web Apps with global CDN
File StorageAzure File Share (encrypted at rest)

Access Controls

  • Tenant Isolation: Every customer's data is isolated using PostgreSQL Row-Level Security (RLS). One tenant can never access another's data.
  • Role-Based Access: Granular RBAC with roles — Owner, Team Member, Agency Owner — each with scoped permissions.
  • Secure Authentication: Passwords hashed with bcrypt. JWT tokens for API authentication with automatic expiry.
  • API Key Security: Widget API keys are unique per bot. Rate limiting (300 requests/minute) prevents abuse.
  • Audit Logging: All admin actions are logged with timestamps, user identity, and action details.

AI Safety & Guardrails

Scope Boundaries

AI responses are strictly limited to your knowledge base content. The bot refuses off-topic questions and never uses general training data.

Content Guardrails

Configurable restricted topics, custom fallback messages, and human escalation triggers ensure your bot stays on-brand.

No Data Training

Your uploaded documents and chat data are never used to train AI models. Your business data remains exclusively yours.

Prompt Injection Protection

Built-in defenses against jailbreak attempts and prompt injection attacks to prevent misuse of your chatbot.

Compliance

DPDP Act (India)

BlueAI Chat is designed to support compliance with India's Digital Personal Data Protection Act. Users can access, correct, and delete their personal data. See our Privacy Policy for details.

Data Retention

Chat history and analytics are retained as long as the account is active. Upon cancellation, data is deleted within 30 days.

Payment Security

All payments are processed by Stripe, a PCI DSS Level 1 certified payment processor. BlueAI Chat never stores credit card numbers.

Security Questions?

For security-related enquiries or to report a vulnerability, contact us at:

er_sudhanshusaxena@yahoo.com