trust centre
blipee touches your data. We take that seriously.
Building data, occupancy, energy, people. All in the European Union, with the certifications your auditor and DPO ask for — and clear answers to the security questions before you ask them.
certifications & compliance
What is certified, and what is on the way.
RoadmapISO 27001
Certification planned — not yet under way.
CompliantGDPR
Privacy-by-design, legal basis, data-subject rights, DPA available.
In progressSOC 2 Type II
Security-controls audit currently in progress.
EUData residency
Personal data hosted in the European Union.
Certification status as of the publication date. Ask the team for the latest report.
how we protect it
Security in layers.
dataAt rest and in transit
- Encryption in transit (TLS) and at rest
- Per-organisation isolation (secure multi-tenant)
- Regular backups with tested recovery
- EU data residency
accessWho gets in, and to what
- Enterprise SSO (SAML · OIDC)
- Role-based access control (RBAC)
- Full audit trail — every action logged
- Least-privilege principle
infrastructureWhere it runs
- EU cloud with certified providers
- Continuous monitoring and alerting
- Vulnerability management
- Isolated edge gateway, no required open ports
privacy & data
Where your data lives, and who touches it.
| Topic | Answer | Detail |
|---|---|---|
| Data residency | European Union | Personal data is processed in the EEA. No transfers outside without a legal basis. |
| Controller vs processor | Processor | The customer is the data controller; blipee processes on instructions under the DPA. |
| DPA | Available | Data Processing Agreement provided on request, ahead of contracting. |
| Sub-processors | List on request | Sub-processor list with purpose available for due diligence. |
| Data-subject rights | Supported | Access, rectification, erasure and portability, per GDPR. |
For the full legal detail, see the Privacy Policy and the DPA.
due diligence