How does Softblues keep your data secure?
We build production AI with role-based access, audit logging, monitoring and a human in the loop where mistakes are costly, all built around ISO 27001 principles and running on your own stack. We are not ISO certified, and we do not imply a certificate. Your data stays in your tenant, and we map the build to your security and compliance requirements before any code is written.
What controls protect your data?
Six controls on every build, set before launch and kept in place in production.
Role-based access control
Every assistant, agent and connector is scoped to what its job needs. Access is granted by role, not handed out broadly, and it is reviewed as your teams change.
Audit logging
Every action an agent takes is logged and checkable after the fact, so you can prove what it saw and what it did. Nothing happens off the record.
Monitoring and evals
We test against real cases before launch and monitor in production after, so behaviour stays within the boundaries we set and drift is caught early.
Human in the loop
Wherever the cost of a mistake is high, a person stays on the decision. The agent does the reading and the routine work and escalates the judgement calls.
On your own stack
Builds run inside your environment on the platform you already trust, Anthropic, Google Cloud or Microsoft. Your data stays in your tenant, not ours.
Built around ISO 27001 principles
Our controls are built around ISO 27001 principles. We are not ISO certified, and we do not imply a certificate. We will map to your own security and compliance requirements during scoping.
Security at Softblues: at a glance
- Access
- Role-based access control, scoped per assistant, agent and connector.
- Auditability
- Every agent action logged and checkable after the fact.
- Oversight
- Evals before launch, monitoring after, and a human in the loop where mistakes are costly.
- Where it runs
- On your own stack and tenant: Anthropic, Google Cloud or Microsoft. Your data stays with you.
- Standards
- Built around ISO 27001 principles. Not ISO certified; we do not imply a certificate.
- Model training
- On Claude Enterprise, Anthropic does not train its models on enterprise customer data by default.
- Based in
- London-based, working with regulated and high-volume businesses internationally.
Common questions about security
Is Softblues ISO 27001 certified?
No. Our controls are built around ISO 27001 principles, but we are not ISO certified and we do not imply a certificate. We map to your own security and compliance requirements during scoping.
Where does our data live?
On your own stack and in your own tenant. We build on the platform you already trust, Anthropic, Google Cloud or Microsoft, so your data stays in your environment rather than moving to ours.
How do you control what an AI agent can do?
Access is scoped by role to exactly what the task needs, every action is logged and checkable, and a human stays in the loop wherever the cost of a mistake is high. We test against real cases before launch and monitor after.
Do you train models on our data?
No. On Claude Enterprise, Anthropic does not train its models on enterprise customer data by default, and we do not use your data to train models. Data is used to do the work you scoped, nothing else.
Can you meet our compliance requirements?
We work with regulated industries including financial services, healthcare and legal, and we map the build to your access, retention and audit requirements during the Strategy and Roadmap phase. [CONFIRM: sub-processors and data-residency specifics on request.]
Who can see the data and the audit trail?
Only the roles you authorise. Access is granted by role and reviewed as teams change, and the audit trail records who and what touched the data.
Have a security or compliance requirement?
Tell us what you need to meet and we will map the build to it on a discovery call. We respond within 24 hours.
Last updated: June 2026