Security Q&A

Are you GDPR compliant?

We have a dedicated Data Protection Officer (DPO) responsible for overseeing GDPR compliance. The DPO manages data protection topics, provides guidance on data protection impact assessments, and serves as a primary point of contact for both data subjects and the supervisory authority.

We only collect the essential data required for our services, seeking consent when necessary. Additionally, we have prepared a comprehensive data privacy policy to address potential data breaches, outlining specific protocols and actions to ensure compliance with this policy.

Are you SOC2 Type 2 or ISO27001 compliant?

We are actively working towards obtaining compliance for both standards, with the goal of achieving this by the end of 2024.

Do you store my data?

Blobr stores only necessary data for service functionality. Our AI agents, tailored to your APIs, come in different forms - API-optimized, AI SQL, or Vectorized Agents - depending on API construction and question scope. Each integration is a mix of these agents, finely tuned by Blobr for optimal performance.

Do you record my questions?

Questions are logged within the Blobr application to maintain a history of inquiries, facilitating the display of past questions. Additionally, we exclusively leverage the most recent questions posed during a conversation to preserve contextual relevance for the AI. This approach involves transmitting the contextual information to a LLM, ensuring that the AI remains informed within the confines of a specific conversation.

Do you train the LLMs on my data?

We do not engage in training LLMs using your data in any capacity. Our focus is on facilitating the seamless utilization of data from your applications by LLMs, making it more accessible and user-friendly. Importantly, we do not undertake any training of models using your data, and we have no intention of doing so.

What LLM do you use?

We use OpenAI LLM at the moment using Blobr API keys to OpenAI and more specifically gpt3, gpt3.5-turbo and gpt4. Blobr has been designed to be agnostic to any LLM, allowing us to adapt and connect to open-source LLMs in the near future.

Can I use my own OpenAI API key?

Currently not available, but we are soon introducing the "Bring Your Own LLM" option. This feature will enable you to seamlessly connect Blobr with the API key of your personal LLM, whether it's OpenAI or another provider.

How long do you store personal information?

We have a strict policy regarding data storage, in the event of account termination, whether initiated by you or by us. Your personal information will be promptly deleted within one week, ensuring a swift and secure handling of data after the account termination process.

What measures are in place to protect my data from unauthorized access?

Data access aligns with your API permissions. With a wealth of experience managing 200 million API calls across various providers, our team has maintained security through robust internal policies. Monthly audits and an annual external security audit further fortify our data protection measures.

Can I host Blobr on my own infrastructure?

Currently, hosting Blobr locally is not an option. However, we are working to enable you to host Blobr on your own cloud, seamlessly connecting it to your SaaS applications and even your custom APIs. Our dedicated team is making significant progress on this feature, and it will be made available to you in the near future.

How is Google OAuth utilized on the Blobr app?

When you register on our website through Google OAuth, we collect the following data to enhance your user experience:
- Email address: Used for communication and account-related notifications.
- First name & Last name (if provided): To customize and tailor your interaction on our platform.
- Company name (if provided): Optionally collected for a more tailored service, if associated with your Google account.

Rest assured, we respect your privacy, and this information is solely used to enhance your user experience. By using Google OAuth, we do not store any additional data without your explicit consent. In particular, we respect the User Data Policy, as explicitly defined on the Google User Data Policy page

Consent Preferences