Any facility.
Complete intelligence.
Your facility data, protected at every layer
Certified to ISO/IEC 27001:2022. SOC 2 Type II attested. Trusted across banking, healthcare, and technology.
Certifications and standards
Independently audited and assessed to international security standards.
Information Security Management
Certified information security management system audited to international standards.
Service Organization Controls
Security and availability controls validated independently over an operational period.
Independent Security Assessment
Web and mobile applications assessed annually through independent vulnerability and penetration testing.
How we protect your data
Data security
Encryption at rest and in transit. Granular role-based access controls with complete audit trails. Dedicated single-tenant environments ensure complete data separation.
Privacy
Your organization controls what personal data is collected, who can access it, and how it is used. Occupancy patterns, energy readings, and service requests remain secluded from external observation and are never shared beyond your environment.
Compliance
Certified to ISO/IEC 27001:2022 and SOC 2 Type II attested with reports available on request. Zero security incidents in the past two years. Trusted by Fortune 500 security teams across banking, healthcare, and technology.
Infrastructure
Private cloud hosting with encrypted backups across regions for disaster recovery. Also available on-premise and hybrid. Data residency and backup locations configured to your requirements.
Security controls
Active controls maintained under our ISO/IEC 27001:2022 certification and SOC 2 Type II attestation.
Infrastructure security
Encryption at rest and in transit with forward secrecy
Role-based access controls enforced across all platform tiers
Production database access limited to diagnostics account
Network monitoring via AWS CloudWatch with WAF
24-hour backup cycle to encrypted backup (RTO 12h, RPO 24h)
Infrastructure event logging and alerting via CloudWatch
Organizational security
Information security management system (ISMS) maintained
Security awareness training at onboarding and yearly renewal
Background verification for new hires including contractors
Defined incident classification and response procedures maintained
Business continuity planning maintained and tested annually
Supplier security assessments as part of vendor management
Product security
All development performed in-house
SAST and DAST testing mandated in development and QA cycles
Quarterly internal vulnerability assessments and remediation
Annual third-party application penetration testing (VA/PT)
Secure coding and change management aligned with OWASP Top 10
Segregated development, testing, and production environments
Data and privacy
Client-configurable data retention from 180 days to 10 years
PII isolation in separate database tables
Customer data isolation enforced across single tenant environments
Data processing agreements and DPAs available on request
Data destruction with confirmation on contract termination
Personal data processing limited to contracted purposes only
Data practices
Transparency on what we collect, what we do not collect, and how building data is handled.
Data we collect
Employee names and work email addresses
Building occupancy and space utilization
Energy consumption and climate telemetry
Service requests and maintenance records
Visitor and asset management records
Data we do not collect
Credit card or payment information
Personal health or medical information
Personal browsing or web activity
Personal location data outside the facility
How we handle your data
PII stored separately per environment
Processed exclusively for your organization
Configurable retention periods per client
Cloud, on-premise, and hybrid deployment
Data returned or destroyed on exit
Request compliance documents
To request SOC 2 reports, ISO/IEC 27001:2022 certificates, or other compliance documentation, complete the form below.
Send us a message
Our team will get back to you shortly.
FAQ
Frequently asked questions
What security certifications does Bluecoin hold?
Bluecoin is certified to ISO/IEC 27001:2022 and maintains a SOC 2 Type II report for service organization controls. Independent vulnerability assessment and penetration testing (VA/PT) is conducted annually for web and mobile applications. Compliance reports and audit documentation are available on request through the form above.
Can Bluecoin be deployed on-premise?
Yes. Bluecoin supports cloud, on-premise, and hybrid deployment models. Organizations with strict data governance or regulatory requirements can run the platform entirely within their own infrastructure. Your deployment model is determined during implementation planning.
Has Bluecoin been evaluated by enterprise security teams?
Bluecoin has been cleared by Fortune 500 security teams across banking, healthcare, and technology. These evaluations assess infrastructure security, data handling practices, access controls, and regulatory compliance. Bluecoin has had zero security incidents in the past two years.
How do I request compliance documents?
Use the form above. Include your name, company, and email, along with a note about which specific documents you need. Our team will follow up with the requested materials.
Does Bluecoin encrypt data at rest and in transit?
Yes. All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher with forward-secret, authenticated cipher suites. ECDSA certificates are preferred on all new deployments. Password hashing uses Argon2id, Bcrypt, or PBKDF2.
Where is Bluecoin data stored?
Data storage and backup locations are configured based on client preference. Bluecoin supports cloud, on-premise, and hybrid deployment models with encrypted backups across regions for disaster recovery. For on-premise deployments, data remains entirely within your own infrastructure.
Does Bluecoin support single sign-on (SSO)?
Yes. Bluecoin supports SAML 2.0, Microsoft Authentication Library (MSAL), Google Workspace, and Office 365 for integration with enterprise identity providers.
How does Bluecoin handle data retention?
Retention periods are fully configurable by the client, from 180 days to 10 years. On contract termination, data can be returned as a SQL export or destroyed with written confirmation.
Is Bluecoin GDPR compliant?
Bluecoin maintains data protection practices aligned with GDPR principles. The platform provides configurable PII parameters, configurable data retention policies, and transparency controls for data subjects.
Preferences
Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website. More information
