Trust & Compliance

Security you can verify. Privacy you control.

AI2BI Hub is built for businesses that take data seriously. Whether you analyse AWS costs, reconcile accounting books, or investigate security findings, your data should stay exactly as private as you need it to be — and no less. This page documents how your information flows, who can see it, and what protections are in place.

Request DPA Request BAA (Healthcare)Sub-processors

Three ways to keep your data private

Pick the mode that matches your risk tolerance. You can switch between modes at any time inside the product.

Default

Cloud Mode

Files encrypted on our AWS infrastructure. Every feature available — chat, dashboards, anomaly scans, MCP connectors. Access from any laptop.

Best for: Teams, distributed workforces, standard business analytics.
What we protect: AES-256 at rest (AWS KMS), TLS 1.2+ in transit, per-tenant isolation, SOC 2 controls in progress.

Strongest privacy

Browser-Private Mode

Your data stays in this browser, on this laptop. Files never upload — only your questions travel. Optional folder-pin keeps the data on your disk.

Best for: Sensitive one-off analyses, regulated industries evaluating us, "I want to see before I trust" workflows.
What we protect: Data never leaves the browser. Nothing to compromise on our end.

Add-on · Private preview

Enterprise Agent Mode

A small agent installs in your environment (Windows/Mac/Linux). Data lives wherever you choose; queries execute locally. Only summary results return to AI2BI.

Best for: Regulated industries, data-residency requirements, strict egress policies.
What we protect: Raw data never crosses your network boundary. We only receive minimum metadata to deliver answers.
Pricing: $299/month add-on, Enterprise plans only.

Data classification — how we configure for your industry

We classify every tenant into one of four tiers based on the type of data being analysed. The tier drives encryption, retention, MCP access, and contract requirements automatically.

Tier	Data profile	BAA?	DPA?	MCP
T1	Standard. Business operational data — AWS costs, security findings, accounting, invoices, CRM, logs.	No	Yes (GDPR/CCPA)	All features
T2	Enhanced PII. EU/UK personal data, financial services records, B2C platforms.	No	Yes + SCCs	With regional residency
T3	PCI-DSS. Pipelines that touch payment cards (we recommend tokenizing first).	No (PCI controls)	Yes	Restricted — no card data
T4	PHI / HIPAA. Patient health records, diagnoses, billing tied to named individuals.	Required	Yes	Admin opt-in + Claude Enterprise

You declare your tier at signup; we route healthcare workloads through a BAA flow before any production data is ingested. See data handling for the full mechanics.

How your data flows

Different deployment modes have different data paths. We never use your data to train AI models.

Cloud Mode

Your data
  ↓ TLS 1.2+
AI2BI Hub (AWS, KMS-encrypted)
  ↓ when you ask
AWS Bedrock — Claude Haiku 4.5
  ↓
Answer to your browser

AI inference stays inside AWS. AWS BAA covers Bedrock.

Browser-Private

Your data
  ↓ stays in browser
Your questions only
  ↓ TLS 1.2+
AI2BI answers using
question + schema only
  ↓
Answer returned

Data rows never leave the browser. Schema only.

Enterprise Agent

Your data (your infra)
  ↓
Local agent
  ↓ queries run locally
Summary only → AI2BI Hub
  ↓
Dashboard rendered

Raw data never crosses your network boundary.

Certifications & frameworks

Customers on Enterprise plans can request updated compliance artifacts and security questionnaires at any time.

Framework	Status	Scope
SOC 2 Type II	In progress · targeted Q3 2026	Cloud mode services
GDPR	Compliant	EU customer data, DPA + SCCs available
CCPA / CPRA	Compliant	California resident data
AWS Business Associate Agreement	Signed · April 25, 2026	AWS infrastructure (HIPAA-eligible services); covers entire AWS Organization
HIPAA — customer-facing BAA	Available on Enterprise	Per-customer BAA for PHI workloads
ISO 27001	Roadmap 2027	Information security management

Sub-processors

The services we entrust with your data. We notify you at least 30 days before adding a new sub-processor.

Full list →

Sub-processor	Purpose	Location
Amazon Web Services	Cloud infrastructure, AI inference (Bedrock)	US (EU regions on request)
Stripe	Payment processing	US
Amazon Cognito	Authentication	Co-located with your AI2BI region

See full sub-processor list →

Retention, deletion, rights

Active data — retained while your subscription is active.
Deleted files / workspaces — purged within 30 days of deletion.
Account termination — all data deleted within 90 days, except where law requires retention.
Audit logs — 1 year standard, 6 years for PHI customers, longer on request.
GDPR / CCPA requests — fulfilled within 30 days.
Portable exports — download all your data at any time.

Frequently asked

Do you train AI models on my data?

No. Inference runs on AWS Bedrock. AWS does not use your prompts or responses for model training, and we do not retain them beyond the session.

Where is my data stored?

Cloud mode: AWS us-east-1 by default; EU/UK on request for Enterprise plans. Browser-Private mode: your browser only. Enterprise Agent mode: your own infrastructure.

We're a healthcare company. Can we use AI2BI?

Yes — contact sales@ai2bihub.com. We typically execute a customer BAA within 2–5 business days on the Enterprise plan with HIPAA controls active.

Can I use Browser-Private mode AND have MCP integration with Claude?

No. Browser-Private means your data never leaves your browser; MCP needs data to pass through the LLM client. They are philosophically opposed. Use Cloud mode for MCP, or Browser-Private/Enterprise Agent for maximum privacy.

What happens if there is a security incident?

We notify affected customers within 72 hours of confirming an incident affecting their data, consistent with GDPR Article 33. T4 customers have an additional 24-hour initial notification SLA under their BAA.

Talk to us

Compliance: compliance@ai2bihub.com

Security: security@ai2bihub.com

Legal & DPA / BAA: legal@ai2bihub.com

Government sales: gov-sales@ai2bihub.com

AI2BI Hub is a product of CostTrail Inc., a Delaware corporation. The authoritative compliance commitments are in your subscription agreement, Data Processing Addendum, and any executed Business Associate Agreement.