Trust, Privacy, and Compliance

How BorneoCR protects your data, ensures service continuity, and remains accountable at all times.

Your data belongs to you. No exceptions.

Each customer operates in a completely isolated environment. What happens in their instance is not visible to any other customer or to our sales team.

Can other customers see my alerts?

No. Each environment is logically segregated from the ground up. It is architecturally impossible for one client to access another's information.

Is my data used to train AI models?

No. Your personal data is not used for any purpose other than the operation of the service you subscribed to.

Who at BorneoCR can see my information?

Only the analyst assigned to your account, with audited access and a log of every action. Access is never granted without a documented reason.

What happens to my data if I cancel the service?

We will provide you with a complete export of your history and delete your data from our systems within 30 days, with written confirmation.

When something goes wrong, you don't have to face it alone.

We don't promise perfection. We promise that every issue will have a designated person in charge, a response time, and clear communication.

Detection

We identify the problem before you do. Our monitoring runs 24 hours a day. We detect most incidents internally and trigger a response before they impact your operations.

15 min

Guaranteed initial notification. In the event of incidents affecting availability or security, you will receive a notification within 15 minutes with the information we have at that time.

In progress

Updates until the issue is resolved. As long as the incident is active, we'll keep you informed every hour. You don't need to contact us to find out what's happening.

Closure

Post-incident report within 48 hours. What happened, why it happened, what we did, and what we changed to prevent it from happening again. In writing, without unnecessary technical jargon.

We operate on certified infrastructure across two continents.

Our servers are located in data centers across North America and Europe, selected for their standards of physical security, operational continuity, and data protection.

North America and Europe—and not by coincidence.

Operating in both regions allows us to offer each customer the data location that best suits their regulatory obligations. Our data centers in Europe operate under the world’s most stringent legal framework for data privacy—including the GDPR. Those in North America meet equivalent standards for physical and operational security. In both cases, the infrastructure is independently certified—you can request the documentation from us at any time.

You can ask us for an explanation at any time.

Transparency isn't just a brochure. It's a contractual right.

A complete log of access to your environment—who logged in, when, and what they did.

Audit of your instance — an independent review of the status of your configuration and data.

All your information can be exported—in a standard format, free of charge, at any time.

Review of our internal security policies — subject to a confidentiality agreement.

Report on the platform's most recent external penetration test — subject to a confidentiality agreement.

Everything in writing.

Each commitment on this page is supported by a document.

description

Data Processing Agreement (DPA)

Required for all customers. It explains what we do with your data and under what conditions.

Apply
description

Information Security Policy

Available under an NDA. Describes our internal controls.

Apply
description

Service Level Agreement (SLA)

Response times, guaranteed availability, and contractual consequences.

Apply
description

Technical and Organizational Measures

Available under an NDA. Details on the security controls implemented.

Apply
description

External Penetration Testing Report for the Platform

Available under an NDA. Annual independent penetration test.

Apply

Do you have questions about how we protect your information?

Our team responds directly—without any intermediate forms.

email Contact Us