Any facility.
Complete intelligence.
Your facility data, protected at every layer
Certified to ISO/IEC 27001:2022. SOC 2 attested. Trusted across banking, healthcare, and technology.
Certifications and standards
Independently audited to international security standards.
Information Security Management
Certified information security management system audited to international standards.
Service Organization Controls
Security and availability controls validated independently over an operational period.
Cloud Security Controls
Code of practice for cloud security controls, covering both providers and customers.
PII Protection in Cloud
Protection framework for personally identifiable information processed in public cloud.
Privacy Management System
Extension to ISO 27001 for privacy information management, supporting GDPR alignment.
How we protect your data
Data security
Encryption at rest and in transit. Granular role-based access controls with complete audit trails. PII stored in isolated tables across every tenant.
Privacy
Building data is processed to deliver facility intelligence and is used exclusively so you may track patterns, energy, and services across your organization.
Compliance
SOC 2 Type II attested with reports available on request. Trusted by Fortune 500 security teams across banking, healthcare, and technology.
Infrastructure
Private cloud hosting with data residency in India and disaster recovery in Singapore. Also available on-premise and hybrid. All development is in-house with no outsourcing.
Security controls
Active controls maintained under our ISO/IEC 27001:2022 certification and SOC 2 attestation.
Infrastructure security
Encryption at rest and in transit with forward secrecy
Role-based access controls enforced across all platform tiers
Production database access limited to diagnostics account
Network monitoring via AWS CloudWatch with WAF and IDS/IPS
24-hour backup cycle to Singapore DR site (RTO 12h, RPO 24h)
Infrastructure event logging and alerting via CloudWatch
Organizational security
Information security management system (ISMS) maintained
Security awareness training at onboarding and yearly renewal
Background verification for new hires including contractors
6-hour notification SLA for critical security vulnerabilities
Business continuity planning maintained and tested annually
Supplier security assessments as part of vendor management
Product security
All development performed in-house with zero outsourcing
SAST and DAST testing mandated in development and QA cycles
Quarterly internal vulnerability assessments and remediation
Annual third-party application penetration testing (VA/PT)
Secure coding and change management aligned with OWASP Top 10
Segregated development, testing, and production environments
Data and privacy
Client-configurable data retention from 180 days to 10 years
PII isolation in separate database tables with log masking
Customer data isolation enforced across tenant environments
Data processing agreements and DPAs available on request
Data destruction with confirmation on contract termination
Privacy information management certified to ISO/IEC 27701
Data practices
Transparency on what we collect, what we do not collect, and how building data is handled.
Data we collect
Employee names and work email addresses
Building occupancy and space utilization
Energy consumption and climate telemetry
Service requests and maintenance records
Visitor and asset management records
Data we do not collect
Credit card or payment information
Personal health or medical information
Biometric data or facial recognition
Personal browsing or web activity
Personal location data outside the facility
How we handle your data
PII stored separately per tenant
Processed exclusively for your facility
Configurable retention periods per client
Cloud, on-premise, and hybrid deployment
Data returned or destroyed on exit
Request compliance documents
To request SOC 2 reports, ISO/IEC 27001:2022 certificates, or other compliance documentation, complete the form below.
Send us a message
Our team will get back to you shortly.
FAQ
Frequently asked questions
What security certifications does Bluecoin hold?
Bluecoin is certified to ISO/IEC 27001:2022, ISO/IEC 27017 (cloud security), ISO/IEC 27018 (PII in cloud), and ISO/IEC 27701 (privacy information management). Bluecoin also maintains a SOC 2 Type II report for service organization controls. Compliance reports and audit documentation are available on request through the form above.
Can Bluecoin be deployed on-premise?
Yes. Bluecoin supports cloud, on-premise, and hybrid deployment models. Organizations with strict data governance or regulatory requirements can run the platform entirely within their own infrastructure. Your deployment model is determined during implementation planning.
Has Bluecoin been evaluated by enterprise security teams?
Bluecoin has been cleared by Fortune 500 security teams across banking, healthcare, and technology. These evaluations assess infrastructure security, data handling practices, access controls, and regulatory compliance. Bluecoin has had zero security incidents in the past two years.
How do I request compliance documents?
Use the form above. Include your name, company, and email, along with a note about which specific documents you need. Our team will follow up with the requested materials.
Does Bluecoin encrypt data at rest and in transit?
Yes. All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher with forward-secret, authenticated cipher suites. ECDSA certificates are preferred on all new deployments. Password hashing uses Argon2id, Bcrypt, or PBKDF2.
Where is Bluecoin data stored?
For cloud deployments, data is hosted on AWS Private cloud with primary storage in India and disaster recovery in Singapore. Backups run every 24 hours. For on-premise deployments, data remains entirely within your own infrastructure.
Does Bluecoin support single sign-on (SSO)?
Yes. Bluecoin supports SAML 2.0 and Microsoft Authentication Library (MSAL) for integration with enterprise identity providers.
How does Bluecoin handle data retention?
Retention periods are fully configurable by the client, from 180 days to 10 years. On contract termination, data can be returned as a SQL export or destroyed with written confirmation.
Is Bluecoin GDPR compliant?
Bluecoin maintains data protection practices aligned with GDPR principles and is certified to ISO/IEC 27701 for privacy information management. The platform provides configurable PII parameters, configurable data retention policies, and transparency controls for data subjects.
Preferences
Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website. More information
