AI2BIHub

Legal & Trust

Data handling

Last updated: April 22, 2026

AI2BI Hub (a product of CostTrail Inc.) is built so Customers can connect files, accounting systems, cloud accounts, CRMs, and databases to AI tools that answer business questions in plain language. This page documents how we handle the data that flows through that workflow — including personal information, protected health information, and the operational records you upload.

1. The data you share with us, by type

  • Account PII — name, work email, company, country, password hash, MFA secret, billing contacts. We’re the data controller.
  • Authentication state — session and refresh tokens, IP addresses, sign-in timestamps. We’re the data controller.
  • Customer Data — files, documents, spreadsheets, accounting exports, logs, database records, prompts, and AI-generated outputs. You’re the controller; we’re the processor operating on your documented instructions.
  • Telemetry — feature usage counts, error logs, tokens consumed, timings. Aggregated and de-identified where practical.

2. What we never want you to upload

The standard Service is not a system of record for regulated data. Please do not upload, and do not permit users to upload, the following unless you have an explicit separate agreement with us:

  • Protected Health Information (PHI) as defined by HIPAA. We do not currently execute Business Associate Agreements (BAAs). If your use case requires PHI, contact privacy@ai2bihub.com to discuss private-deployment or on-prem options at /legal/deployment-modes.
  • Payment card primary account numbers (PAN). Card data entered into our billing flow is transmitted directly to Stripe, Inc. Do not paste PANs into a chat, document, or file.
  • Full government identifiers (e.g. full SSN, Aadhaar, passport numbers) outside of a context where you have a documented legal basis and retention plan.
  • Special-category personal data (biometric, genetic, health, sex-life, trade-union, political or religious data) beyond what’s strictly necessary for your lawful purpose.
  • Children’s data in violation of COPPA or equivalent laws.
  • Secrets — API keys, passwords, private keys — please redact before upload. Our models may echo them back in outputs.

If you upload something from this list anyway, let us know at privacy@ai2bihub.com so we can help you purge it.

3. What happens to data once you upload it

  1. Files are uploaded over TLS 1.2+ directly to per-tenant Amazon S3 prefixes, with AES-256 encryption at rest.
  2. Our service parses the file (structured/semi-structured extractors) and stores derived metadata (column names, schema, row counts) in per-tenant DynamoDB tables.
  3. When you ask a question, the relevant content + your prompt is sent to a large language model hosted on Amazon Bedrock for inference. Bedrock operates on contractual terms that prohibit use of Customer Data for training foundation models. Prompts and outputs are not retained by the model provider for training.
  4. The answer is written back to your session and logged with tenant-scoped audit metadata (timestamp, user, tokens consumed — not the content).
  5. You can delete your uploaded file at any time. Deletion is propagated to S3 and the associated schema metadata. Short-lived encrypted backups (up to 35 days) and audit logs (up to 400 days) may retain references for compliance.

4. Encryption and access controls

  • TLS 1.2+ required for all HTTP endpoints. HSTS on marketing and app domains.
  • AES-256 at rest on S3 (SSE-S3/SSE-KMS), DynamoDB, RDS, and Secrets Manager.
  • Least-privilege IAM scoped per Lambda function. Cross-account boundaries between dev (AWS 026090513936) and prod (AWS 651706742966).
  • Multi-factor authentication available to all users via TOTP. Admin operations require MFA.
  • Session cookies are Secure. Refresh tokens are HttpOnly so they cannot be read from JavaScript.

5. Sub-processors

VendorRoleLocation
Amazon Web ServicesHosting, storage (S3, DynamoDB, RDS), authentication (Cognito), email (SES), CDN (CloudFront)United States
Amazon BedrockLLM inference (Anthropic Claude family and others). Inference-only; no training on Customer Data.United States
Stripe, Inc.Payment processingUnited States
Google LLCGoogle Workspace (corporate email), Google Sign-In (when users opt in)United States
GitHub, Inc.Source control, CI/CDUnited States
Cloudflare, Inc.DNS for selected domains (when used)United States

We maintain data-processing terms or comparable safeguards with each sub-processor and rely on SCCs/UK IDTA for EU/UK transfers. We’ll notify in-contract Customers of material sub-processor changes before they take effect.

6. Retention

  • Uploaded files: kept until you delete them or your tenant is closed. Encrypted backups expire within 35 days.
  • Derived metadata & chat history: kept for the life of the tenant; deletable per object.
  • Audit logs: up to 400 days for security and incident response.
  • Billing records: retained up to 7 years for tax and regulatory purposes.

7. Deletion, export, and rights requests

You can delete individual files or your entire account from the app. For a full copy of your data or to request deletion of account PII, email privacy@ai2bihub.com from the account email address. We respond within statutory timeframes (typically 30 days) after verifying your identity.

8. Incident response

We monitor the Service 24×7 via CloudWatch alarms and on-call paging. Security incidents are managed under a documented incident-response playbook, including triage, containment, investigation, and notification. Affected Customers will be notified without undue delay of a confirmed incident involving their data.

Responsible-disclosure reports are welcome at security@ai2bihub.com. Please do not test against other customers or disrupt the Service.