Security Statement

Draft only. Requires legal review before publication. This software provides compliance tooling, but does not provide legal advice.

Security Statement

Purpose

Describe BAAM AI security practices for customers evaluating the service.

Source model

This slot follows mature SaaS and security-software legal-center patterns: Zapier-style customer terms, DPA, subprocessors, security, and data-transfer material; Avast-style license, acceptable-use, privacy, IP, transparency, and accessibility material.

Jurisdiction focus

Prepare this for EU users and Czech-market operation. Complete operator details, Czech consumer wording, cookie consent behavior, GDPR roles, and cross-border transfer safeguards before publication.

Security program

Summarize access controls, least privilege, admin sessions, MFA support, audit logs, secure development, and production change controls.

Infrastructure

Describe hosting, CDN, database, storage, backups, and environment separation at a high level.

Encryption

State encryption in transit, encryption at rest where applicable, and credential/secret handling.

Access controls

Describe role-based admin access, customer account access, workspace permissions, and logging.

Incident response

Explain detection, investigation, containment, customer notification, and regulatory-assistance process.

Customer responsibilities

Customers must protect credentials, configure permissions, review connected apps, and avoid submitting prohibited sensitive data.

Completion checklist

• Verify claims against implemented controls.
• Do not overpromise certifications.
• Link Vulnerability Disclosure Policy and DPA TOMs.