Security & Trust
BlackBoiler protects customer contract data using enterprise-grade cloud infrastructure, encryption, access controls, customer data isolation, monitoring, and audited security practices.
Compliance
BlackBoiler is SOC 2 Type II certified. The report may be available to qualified prospective customers upon request.
Data Protection
Customer data is encrypted in transit and at rest. BlackBoiler uses access controls and customer-specific isolation measures to protect customer data.
AI and Customer Data
Customer data is not used to train models shared with other customers. Customer-created edits, rules, and playbook configurations may be retained and used to support that customer's own use of BlackBoiler.
Need more?
For enterprise security reviews, contact support@blackboiler.com or your BlackBoiler representative.
Security FAQ
BlackBoiler helps customers review and mark up contracts more efficiently. Because our platform may process sensitive contract documents, redlines, playbooks, and related business information, security and data protection are core parts of how we operate.
BlackBoiler is built on cloud infrastructure designed for security, scalability, and availability. We use encryption, access controls, customer data isolation, monitoring, and audited security practices to help protect customer information.
How does BlackBoiler protect customer data?
BlackBoiler uses a layered security approach that includes encryption, access controls, monitoring, customer data isolation, and secure cloud infrastructure. Customer data is protected using technical and administrative safeguards designed to prevent unauthorized access, disclosure, or misuse.
Where is BlackBoiler hosted?
BlackBoiler is hosted in Amazon Web Services. Our production, staging, and development infrastructure is hosted in AWS.
Is customer data encrypted?
Yes. Customer data is encrypted in transit and at rest. Data in transit is protected using TLS, and data at rest is encrypted using industry-standard encryption.
How does BlackBoiler keep customer data separate?
BlackBoiler uses customer-specific isolation measures to help keep customer data separate. Enterprise deployments may include dedicated customer instances and customer-specific data separation controls.
Is BlackBoiler SOC 2 certified?
Yes. BlackBoiler is SOC 2 Type II certified. Qualified prospective customers may request BlackBoiler's SOC 2 report through the sales or security review process.
Does BlackBoiler use customer data to train AI models shared with other customers?
No. BlackBoiler does not use customer data to train models shared with other customers. Customer data remains dedicated to that customer's use of BlackBoiler.
How does BlackBoiler use customer-created edits, rules, and playbooks?
BlackBoiler may retain customer-created edits, redlines, playbook positions, rules, prompts, workflows, and related configurations to support, configure, and improve that customer's own use of the platform.
Who owns customer documents, playbooks, and outputs?
Customers retain ownership of their documents, data, redlines, playbooks, and related customer content. BlackBoiler uses customer data only as needed to provide, support, secure, maintain, improve, and operate the services.
Who can access customer data?
Access to customer data is limited to authorized users and required BlackBoiler personnel who need access to provide, support, secure, or maintain the services. BlackBoiler uses access controls and logging to help manage and monitor access.
Does BlackBoiler support MFA or SSO?
BlackBoiler supports authentication controls for customer access. Certain authentication features, including SSO and other advanced access controls, may depend on the customer's subscription plan or enterprise configuration.
How long does BlackBoiler retain customer data?
BlackBoiler retains customer data for the duration of the customer relationship unless otherwise agreed. Customer data may be deleted upon contract end or earlier upon customer request, subject to applicable legal, security, backup, and operational requirements.
Can customers request deletion of their data?
Yes. Customers may request deletion of their data. BlackBoiler will process deletion requests in accordance with applicable agreements, legal requirements, and operational practices.
Does BlackBoiler back up customer data?
Yes. BlackBoiler maintains backup practices designed to support availability and recovery. Backup data is also protected using encryption.
Does BlackBoiler provide detailed architecture diagrams publicly?
No. BlackBoiler does not publish detailed architecture diagrams or sensitive infrastructure details on its public website. Additional security materials may be made available to qualified prospective customers as part of an enterprise security review.
Does BlackBoiler complete vendor security questionnaires?
BlackBoiler may complete security questionnaires for qualified prospective customers as part of an enterprise evaluation or procurement process. For standard team or individual subscriptions, BlackBoiler generally directs customers to this Security & Trust page and other publicly available materials.
What legal terms govern use of BlackBoiler's services?
Use of BlackBoiler's services is governed by the applicable Access Services Agreement, Service Terms, Order, or other customer agreement. BlackBoiler's Website Terms of Use apply only to the public website and marketing pages. BlackBoiler's Privacy Policy applies to both the public website and the services.
Who should I contact with security questions?
For additional security questions, please contact support@blackboiler.com or your BlackBoiler representative.