BlueLandscape · Trust & Security
Your business data, kept in the EU and built to stay private.
Everything you run on BlueLandscape — invoices, interviews, files, client records — lives on EU infrastructure in Amsterdam, moves only over encrypted connections, and is protected by controls we can point to, not marketing claims we can't. This page is the honest summary for your due diligence.
Data residency
Hosted in the EU, in Amsterdam
DigitalOcean Amsterdam (AMS3)
All of your application data and every PostgreSQL database run in DigitalOcean's Amsterdam (AMS3) region — EU soil, by design.
AI processing is the one documented exception
AI requests are processed by Anthropic in the US under Standard Contractual Clauses (SCCs). Anthropic does not train on data sent through the API, and this transfer is disclosed in our privacy policy.
Transport & browser hardening
Encrypted in transit, locked down in the browser
HTTPS-only, with HSTS
Every request is served over HTTPS; plain HTTP is redirected. HSTS (with includeSubDomains) tells browsers to never downgrade.
Strict Content-Security-Policy
A CSP with a per-request nonce blocks foreign scripts — no 'unsafe-inline'. Analytics load only after you accept cookies.
Clickjacking & sniffing off
X-Frame-Options: DENY, X-Content-Type-Options: nosniff, and a Referrer-Policy ship on every response.
Full Permissions-Policy
Camera, microphone, geolocation, payment, USB and more are denied at the edge, so no page can silently reach for them.
Authentication
Passwordless by design
No passwords to breach
You sign in with a passwordless 6-digit code sent to your email. Codes are hashed (SHA-256) before storage and expire quickly — there is no password database to leak.
Rate-limited against brute force
Per-IP and per-verification rate limits throttle guessing, and a code is locked after too many wrong attempts.
Session tokens that JavaScript can't read
Your session is a JWT in an httpOnly, SameSite=Lax, Secure cookie. All tokens are SHA-256 hashed before they're stored.
Data protection
Encrypted, scoped, and scrubbed on schedule
Encrypted at rest
Stored data is encrypted at rest, and the database connection runs over TLS. Because we run AI analysis on your content, it isn't zero-knowledge — and we won't claim it is.
PII scrubbed on retention expiry
Respondent data is anonymised after the account's retention window (90 days by default, configurable down). Analytics use GA4 with IP anonymisation, and only after you consent.
SSRF-guarded connected mailboxes
When you connect your own mailbox, the SMTP host is resolved and any private, loopback or cloud-metadata address is refused before a socket is ever opened.
GDPR & AVG
You stay the controller of your data
We're your data processor
Under the GDPR (AVG), BlueLandscape acts as a data processor — you, the customer, remain the data controller and decide the purpose of processing. Our sub-processors are listed in the privacy policy.
Right to erasure
Request erasure any time at privacy@bluelandscape.io — the data is anonymised on request.
Data Processing Agreement
A binding DPA is available on request for accounts that need one — email privacy@bluelandscape.io.
Invoicing standards
Compliant e-invoicing, by the book
When you invoice on BlueLandscape, documents follow UBL 2.1 / Peppol BIS 3.0 and use gapless Dutch invoice numbering — so your administration holds up to an audit. Learn more on the Peppol e-invoicing page.
Questions, or found something?
Report a vulnerability to security@bluelandscape.io — we acknowledge within one business day. For anything else, email hello@bluelandscape.io.
Read the fine print: Privacy Policy · Terms of Service