baikery.studio
/trust-center

trust center

security, compliance, and privacy for enterprise ai

security overview

built for regulated industries from day one

doobls is built on german infrastructure with gdpr-native design. we implement enterprise-grade security, encryption, and governance because our customers require it.

infrastructure:

  • german gmbh (munich)
  • eu-only data centers
  • no us data transfers
  • schrems ii compliant
  • iso 27001 in progress

encryption:

  • aes-256-gcm at rest
  • tls 1.3 in transit
  • per-tenant key derivation
  • hkdf key management
  • encrypted backups

governance:

  • rbac (owner/admin/member/viewer)
  • workspace isolation
  • full audit logs
  • policy enforcement
  • actor attribution

compliance & certifications

regulatory frameworks we support

gdpr compliance

certified

gdpr-native by design. german entity, eu infrastructure, full data subject rights.

legal entity: baikery gmbh, hrb 299623 (munich)

dpo: available on request

data residency: eu-only (germany primary)

data subject rights: access, rectification, erasure, portability

processing agreements: dpa available for enterprise

eu ai act ready

in progress

built to comply with eu ai act requirements: transparency, accountability, human oversight.

actor attribution: every action logged with provenance (user, agent, tool)

audit trail: full history of decisions and reasoning

human oversight: rbac controls, approval workflows

transparency: memory contents accessible, explainable outputs

risk classification: general purpose ai system (not high-risk)

schrems ii compliant

certified

no us data transfers. eu infrastructure, german entity, no cloud act exposure.

infrastructure: eu-only data centers (germany, netherlands)

processors: eu-based only (no us cloud providers)

legal entity: german gmbh (no us parent company)

government access: eu law only, no cloud act compliance

iso 27001

in progress (q3 2026)

information security management system certification. audit scheduled q3 2026.

scope: all services (oo-memory, oo-agent, oo-identity, oo-frontend)

timeline: gap analysis complete (feb 2026), audit q3 2026

controls: access control, cryptography, operations security, asset management

status: implementing controls, documentation in progress

soc 2 type ii

planned (q4 2026)

operational security audit. planned for us enterprise customers requiring soc 2 compliance.

trust services: security, availability, confidentiality

timeline: q4 2026 (12 month observation period)

auditor: big 4 firm (tbd)

scope: production infrastructure, data handling, access controls

industry standards

implemented

following security best practices from owasp, nist, and cis.

owasp top 10: mitigations for all vulnerabilities

nist cybersecurity framework: identify, protect, detect, respond, recover

cis controls: implementing critical security controls

penetration testing: annual third-party audits

security architecture

how we protect your data

encryption

at rest:

  • • aes-256-gcm for all episodic memory
  • • per-tenant key derivation via hkdf
  • • master key stored in infisical (secrets vault)
  • • encrypted database backups (daily)
  • • encrypted s3 objects (optional storage)

in transit:

  • • tls 1.3 for all api communication
  • • certificate pinning (mobile apps, future)
  • • strict transport security (hsts)
  • • websocket encryption (wss://)
  • • no mixed content allowed

access control

authentication:

  • • hanko authentication (passkeys + email)
  • • jwt tokens (short-lived, 1h expiry)
  • • refresh token rotation
  • • sso for enterprise (saml, oidc)
  • • mfa available (enterprise)

authorization:

  • • rbac (owner, admin, member, viewer)
  • • workspace-level isolation
  • • api-level permission checks
  • • policy-based access control
  • • principle of least privilege

tenant & workspace isolation

database-level:

  • • tenant_id + workspace_id scoping on all queries
  • • enforced at orm level (sqlalchemy)
  • • row-level security policies (postgres)
  • • separate qdrant collections per tenant
  • • neo4j graph isolation (optional, disabled by default)

application-level:

  • • workspace_id validated in headers
  • • zero-trust service-to-service auth
  • • strict bff pattern (no direct client → backend)
  • • memory queries filtered by workspace
  • • agents can only access their workspace memory

monitoring & logging

audit logs:

  • • full action history (who, what, when)
  • • actor attribution (user, agent, tool)
  • • immutable append-only logs
  • • gdpr-compliant retention (7 years)
  • • export available for compliance audits

security monitoring:

  • • prometheus metrics (all services)
  • • grafana dashboards (uptime, latency)
  • • sentry error tracking
  • • alerting for anomalies (pagerduty)
  • • intrusion detection (planned)

data handling practices

how we collect, process, and delete your data

data collection

what we collect:

  • • episodic memories (conversations, documents, tool outputs)
  • • narratives (auto-clustered themes, human-reviewed)
  • • agent configurations (tool settings, policies)
  • • usage metrics (credit consumption, api calls)
  • • audit logs (actions, timestamps, actors)

what we don't collect:

  • • passwords (hanko handles auth)
  • • payment details (mollie handles payments)
  • • personal identifiers unless necessary

data retention

active accounts:

  • • episodic memories: retained indefinitely (you control)
  • • narratives: retained until deleted by owner
  • • audit logs: 7 years (compliance requirement)
  • • backups: 30 days (encrypted, then deleted)

deleted accounts:

  • • episodic memories: deleted within 30 days
  • • narratives: deleted within 30 days
  • • audit logs: anonymized after 30 days, retained for compliance
  • • backups: scrubbed within 60 days

data processing

lawful basis: contract performance (art. 6(1)(b) gdpr)

purpose limitation: only processed for agent execution, memory storage

data minimization: collect only what's necessary

accuracy: you control memory contents, can edit/delete

storage limitation: retain only as long as account is active

integrity & confidentiality: encrypted, access-controlled

data rights

right to access: export all your data via api or dashboard

right to rectification: edit memories and narratives anytime

right to erasure: delete account + all data within 30 days

right to portability: export in json format (machine-readable)

right to restriction: pause processing (contact legal@doobls.com)

right to object: object to specific processing activities

right to lodge complaint: contact bavarian dpa (baylda)

incident response

how we handle security incidents

response process:

  1. 1. detection: automated monitoring + security team
  2. 2. containment: isolate affected systems within 1 hour
  3. 3. investigation: root cause analysis, impact assessment
  4. 4. eradication: remove threat, patch vulnerabilities
  5. 5. recovery: restore services, verify integrity
  6. 6. notification: inform affected customers within 72h (gdpr)
  7. 7. post-mortem: document lessons, improve processes

notification policy:

data breach: notify within 72h (gdpr art. 33)

high-risk breach: notify data subjects directly (gdpr art. 34)

service outage: status page updated in real-time

security vulnerability: notify enterprise customers within 24h

channels: email, status page, dashboard notification

report incidents:

security & compliance contact

questions about security, privacy, or compliance?

security inquiries:

security@doobls.com

vulnerabilities, penetration testing, security audits

privacy & legal:

legal@doobls.com

gdpr requests, data processing agreements, privacy questions

compliance documents:

request dpa, soc 2, iso 27001 (when available)

enterprise customers: contact for compliance documentation

general support:

support center

non-security technical questions, account issues

legal entity: baikery gmbh, c/o mana, leopoldstraße 31, 80802 münchen, germany

registration: hrb 299623 (amtsgericht münchen) • vat: de453736297