Security and Data Protection at Boafo Agent
Your AI Employee handles real customer conversations. We treat that data with the same care a serious B2B SaaS should: tenant isolation, encryption in transit and at rest, EU and UK data residency, and a clear path to export or delete data on demand.
Live in production with real customers. Trained on your business before launch.
What's getting in the way today
- Customer conversations are sensitive; vendors must not mix them across tenants.
- EU and UK buyers need data hosted in the right region.
- GDPR and the UK Data Protection Act require export and deletion on request.
- AI vendors that train on your prompts by default are a leak risk.
- Procurement teams need a clear, auditable security posture, not vague claims.
How Boafo Agent secures your AI Employee data
Every customer is a separate tenant. Conversations, leads, calendar bookings and admin data are isolated using row-level security in the database, so no tenant can ever read another tenant's data, even through the API.
EU and UK customer data is hosted in EU regions. Encryption in transit (TLS 1.2+) and at rest is enforced on all storage. Secrets and API keys are stored in a managed vault, never in code.
We do not train shared AI models on your customer conversations. Your data powers your AI Employee, not anybody else's.
Export and deletion are first-class operations. You can pull every conversation and lead as JSON or CSV from the admin console, and request full deletion at any time with confirmation.
Example conversation
Why teams choose Boafo Agent for this
Tenant isolation via RLS
Row-level security in the database means no cross-tenant data access, ever.
EU and UK data residency
Customer data is hosted in EU regions for EU and UK tenants.
Encryption end to end
TLS 1.2+ in transit; encryption at rest on all stored data and backups.
No shared model training
Your conversations are never used to train other tenants' models.
Export and delete on demand
Pull all your data as JSON or CSV; request full deletion at any time.
Managed secrets
API keys and credentials live in a managed vault, never checked into code.
Where the ROI shows up
Security is not a paid add-on. Every tenant on Boafo Agent gets the same isolation, encryption and data-residency posture, including on the entry plan.
AddressCore and other Boafo customers run in production today under the same tenant isolation and data-residency model described on this page.
Read customer stories →Frequently asked questions
Is Boafo Agent GDPR-compliant?
Yes. We are aligned with GDPR and the UK Data Protection Act. EU and UK customer data is hosted in EU regions, tenant isolation is enforced at the database level, and export and deletion are available on demand.
Where is data hosted?
EU and UK customer data is hosted in EU regions. Other regions are available on request for higher-tier plans.
Do you train shared AI models on our data?
No. Your customer conversations are used to power your AI Employee only. They are never used to train shared or third-party models.
How is data isolated between tenants?
Every row in the database is tagged with a tenant ID and enforced by row-level security policies. No tenant can read another tenant's data via the app or the API.
How do we export or delete our data?
Export is a one-click action from the admin console (JSON or CSV). Deletion is requested from the admin console and confirmed in writing.
Do you support DPAs?
Yes. We sign a Data Processing Agreement aligned with EU and UK requirements before you go live on paid plans.
Do you have SOC 2 or ISO 27001?
Formal certification is on the roadmap. We follow the controls and document them in our security posture; talk to us if you need the full questionnaire.
What about sub-processors?
Our current sub-processors are listed in the DPA. Material changes are communicated to customers in advance.