Built for the CIO conversation
Swiss data residency, EU AI Act-ready architecture, immutable audit logs, permission-aware AI. Bluewoo is engineered for the European compliance landscape — not retrofitted onto US-hosted infrastructure.
What every Bluewoo customer
gets, every tier.
These are not "available on Enterprise." They are the floor of the platform.
Swiss data residency by default
Customer data hosted in Switzerland (GCP europe-west6) by default. Germany available on request. Data does not leave EU/EFTA.
Permission-aware AI by construction
HeyBlue inherits your role-based access control automatically on every query. The CEO and the intern get answers scoped to what each is allowed to see — by design.
Encryption end-to-end
Data at rest: AES-256. Data in transit: TLS 1.3, HSTS. Backup encryption matches primary.
Immutable audit log
Every HeyBlue action written to an append-only audit log with timestamp, actor, action, and the data the AI consulted. Tamper-evident; queryable; default 90-day retention.
Specific controls.
Verifiable claims.
Each item below is something we will demonstrate in a security questionnaire response. Email compliance@bluewoo.com to request the full security questionnaire pack.
GDPR + Swiss FADP
Lawful basis documented. Data subject rights handled in-product. DPA on standard terms; customizable on Enterprise.
RBAC
Five default roles. Custom roles on Enterprise. Field-level permissions on sensitive attributes (salary, performance, contracts).
2FA + SSO
TOTP-based 2FA available to all users from day one. SAML 2.0 + OIDC SSO on Enterprise.
Audit logs
Append-only, tamper-evident, queryable in-product by admins. Exportable as CSV / NDJSON.
Data residency
Switzerland (europe-west6) default. Germany (europe-west3) on request. Customer-chosen residency on Enterprise (within EU/EFTA).
AI inference privacy
Foundation model calls routed through EU-region endpoints. Provider does not persist prompts. We do not fine-tune on customer data.
Infrastructure
GCP europe-west6 (Zurich) primary. Cloud Run application tier. Cloud SQL Postgres 17 primary database. Per-tenant isolation at app layer.
Penetration testing
Internal review on every release. External pen-test annually. Disclosure: security@bluewoo.com.
SOC 2 — in progress
Type I report targeting Q3 2026. We will not advertise "SOC 2 certified" until the audit is complete.
Compliance is the easy part.
Bluewoo HRMS is free for up to 5 users with the same security posture every paying customer gets. No Enterprise upgrade required to get the security baseline.
Free for 1–5 users
Same security floor as Enterprise
Talk to us about SSO + custom DPA on Enterprise
Talk to us about SSO + custom DPA on Enterprise
Built in Switzerland
EU AI Act-ready