Technical and Organizational Measures (TOM)
pursuant to Art. 32 GDPR
Annex to the Data Processing Agreement (DPA)
Service Provider
BOP BLUEOCEAN PRIVACY LTD
(trading under the brand Blue Agency)
Represented by: Karl Pusch (CEO)
Delphon 8, Livadia, Office 204
7060 Larnaca, Republic of Cyprus
(trading under the brand Blue Agency)
Represented by: Karl Pusch (CEO)
Delphon 8, Livadia, Office 204
7060 Larnaca, Republic of Cyprus
Contact & Registry
[email protected] | Tel: +357 96915453
Reg-No. HE 464125 | Org-No. 643689 | VAT: CY60114734R
Reg-No. HE 464125 | Org-No. 643689 | VAT: CY60114734R
Document Version
Version 1.1
Infrastructure Partner (Sub-processor)
Hetzner Online GmbH
ISO 27001 certified, Server location: Germany
ISO 27001 certified, Server location: Germany
This document describes the technical and organizational measures (TOM) implemented by BOP BLUEOCEAN PRIVACY LTD to ensure a level of security appropriate to the risk in accordance with Article 32 of the General Data Protection Regulation (GDPR). The architecture is designed under the principle of “Security and Privacy by Design” for highly regulated B2B clients (e.g., tax firms, finance).
1. Pseudonymization and Encryption (Art. 32 (1) (a) GDPR)
Measures ensuring that personal data is protected against unauthorized access during transmission and storage.
- ✓ Encryption in Transit (Data in Transit): All external data traffic between users and the AI system is mandatorily encrypted by the Traefik Reverse Proxy via TLS 1.3 (Let’s Encrypt certificates). Downgrades to insecure protocols are technically blocked.
- ✓ Encryption at Rest (Data at Rest): All backups and database exports (PostgreSQL Dumps) are strongly asymmetrically encrypted before leaving the client server and being stored on the dedicated backup storage (Hetzner Storage Box).
- ✓ Secure Secret Management: Sensitive access data and API keys (e.g., Google Gemini Keys) are never stored in the source code (plaintext). Management is handled via encrypted GitHub Secrets and temporarily injected into the isolated system environment as a .env variable during deployment.
2. Confidentiality, Integrity, Availability, and Resilience (Art. 32 (1) (b) GDPR)
2.1. Confidentiality (Physical and Logical Access Control)
- ▪ Physical Access Control (Hetzner): Through our sub-processor (Hetzner), the strictest physical security standards apply in the German data centers: DIN ISO/IEC 27001 certified, strictly regulated physical access (electronic access control systems, biometric registration, high-security fences), 24/7 monitoring by trained security personnel, and seamless video surveillance.
- ▪ Separation Control (Single-Tenant Architecture): Core security feature: There are no shared databases (“Multi-Tenant”). Each client receives their own logically and physically separated virtual server (Single-Tenant). A system-side mixing of client data (Data Bleeding) is technically impossible.
- ▪ System Access Control (System-Level): Protection against attacks (DDoS) via Cloudflare and the Hetzner Cloud Firewall. Unwanted network traffic is dropped at the network level; only ports 80 (HTTP, auto-redirect) and 443 (HTTPS) are open to the outside. Server administration (SSH) is exclusively key-based (password logins are disabled) and is strictly limited at the network level to the static IP addresses (VPN) of the BOP BLUEOCEAN PRIVACY LTD administration team.
- ▪ Data Access Control (Application-Level): The client dashboard features a strict Role-Based Access Control (RBAC) system. Only authenticated and authorized users of the respective client can access their own AI agent and its history.
2.2. Integrity (Transfer and Input Control)
- ▪ Transfer Control: Data transmitted to the LLM provider (Google Gemini) is transported exclusively via secured Enterprise APIs.
- ▪ Input Control (Audit Logging): Access and administrative changes to the system are logged centrally in an immutable log system (Loki). Via GitHub Actions and Git histories, it is seamlessly traceable who made which code or configuration changes to the client systems at what time.
2.3. Availability and Resilience (Availability Control)
The resilience of the system is ensured by a combination of infrastructure guarantees and our 3-step backup strategy:
- ▪ Infrastructure Availability (Hetzner Standard): Redundant power supply (UPS systems and emergency diesel generators) in the data centers. Redundant internet connection and air conditioning to prevent hardware failures.
- ▪ Disaster Recovery Plan (3-Step Backup):
1. Full-System Recovery: Daily image snapshots of the server hard drives allow for a complete rollback in case of a critical system error.
2. Data Point Recovery: Automated, encrypted backups of the relational and vector databases (every 4 hours) to geographically/logically separated storage systems.
3. Infrastructure as Code (IaC): The entire setup is defined in code (Ansible/Docker). In the event of a total data center failure, the exact client server can be automatically rebuilt on new infrastructure and restored from backups in under 15 minutes.
3. Procedures for Regular Testing, Assessment, and Evaluation (Art. 32 (1) (d) GDPR)
- ✓ Automated Deployment (CI/CD): Security patches for the operating system and Docker containers are promptly rolled out to all client systems via a standardized GitHub Actions Pipeline without manual sources of error.
- ✓ Proactive Monitoring: Resources such as CPU, RAM, and disk space (Prometheus/Grafana) as well as general availability (Uptime Kuma) are monitored 24/7. Alerting chains are established to intervene proactively before failures occur.
- ✓ Subcontractor Management: A valid Data Processing Agreement (DPA) is in place with Hetzner Online GmbH. The provider’s ISO 27001 certificates are regularly checked for validity.
4. Addendum: Specific LLM Data Protection (Google Gemini)
The use of Large Language Models (LLMs) at BOP BLUEOCEAN PRIVACY LTD complies with strict data protection requirements for enterprise customers:
- ★ API Data Processing Lifecycle (Google Gemini): When data (prompts, document text, RAG context) is sent to the Google Gemini API, it is encrypted in transit. Google processes this data solely in memory (transiently) to generate the requested response. Once the API request is fulfilled and the response is sent back, the input data is discarded from Google’s processing memory.
- ★ Zero-Data-Retention & No Model Training: By utilizing the paid Enterprise API from Google Cloud, Google’s terms strictly prohibit the retention of client data for human review. Furthermore, it is contractually guaranteed that the prompts, documents, and RAG content submitted by the client are excluded from any global AI training datasets and will not be used to train, retrain, or improve Google’s foundation models.
- ★ Data Sovereignty: Intellectual property of the inputs as well as the generated outputs remains 100% with the client. The vector database (the “memory” of the AI) resides exclusively on the isolated Hetzner server of the respective client in Germany, completely separate from Google’s infrastructure.
Ready to proceed? Request the official Data Processing Agreement.
Request DPA via Email