Security & Privacy

Your business knowledge and data connections are sensitive. This page explains how Blueprint protects them.

Data Isolation

Each Blueprint workspace runs in a dedicated, isolated environment. Workspaces are not shared infrastructure — your Knowledge Graph, Decisions, conversations, and data connections are completely separated from other organizations.

A security event in one workspace cannot affect another.

Authentication

Blueprint uses Clerk for authentication — an enterprise-grade identity platform providing:

• Secure email/password authentication
• Multi-factor authentication (MFA) support
• Organization-level access control
• Session management and automatic timeouts

Encryption

Data in transit: All traffic is encrypted using TLS — web application, API calls, WebSocket connections, and data source connections.

Data at rest: All data stored by Blueprint is encrypted at rest — Knowledge Graph content, decision history, AI conversations, uploaded files, and connection credentials.

Connection credentials are stored encrypted and are never exposed in the UI after initial entry.

AI and Your Data

Blueprint's AI engine is built on AWS Bedrock — Amazon's enterprise-grade managed AI inference service. This is a deliberate architectural choice that gives Blueprint a fundamentally different privacy posture compared to most AI-powered tools.

Your data never reaches AI model vendors directly

When you ask the AI a question, model weights run inside Amazon's infrastructure — not on Anthropic's, Meta's, OpenAI's, or any other AI vendor's servers. Most AI-powered tools call AI vendor APIs directly, meaning your data flows to those vendors. Blueprint does not work this way.

What the AI actually sees

During an inference call, AWS Bedrock receives only what is needed to answer your specific question. Your raw source databases are never sent to AWS Bedrock. When a data question requires SQL, Blueprint runs the query against your source and sends only the result set to the model — not the underlying tables or schema.

Your data is never used to train AI models

AWS Bedrock's service terms contractually prohibit using customer data to train, fine-tune, or improve the foundation models. This applies unconditionally — it is not a paid tier or an opt-out setting.

Nothing you share with Blueprint's AI — your conversations, your Knowledge Graph, your Decisions, your data — contributes to any AI model that other organizations would benefit from.

Conversation history

Your AI conversation history is:

• Scoped exclusively to your organization
• Accessible only to workspace members you have invited
• Never accessed by Blueprint for any purpose other than providing the service to you

Access Control

Workspace access is managed at the organization level. Only invited members can access your workspaces.

Credential access: database passwords and API keys are stored encrypted and are not visible to Blueprint staff.

Responsible AI Design

Blueprint's AI is designed as a proposal engine, not an autonomous decision-maker:

• The AI always presents proposals for human review before making changes
• No Decisions are created or approved without explicit user action
• Knowledge Graph changes are confirmed before being applied
• The AI cannot act in your connected data sources without explicit instruction

You remain in control at every step.

Compliance

• GDPR and privacy: For data deletion requests or privacy inquiries, contact support.

Reporting Security Issues

If you discover a potential security vulnerability, please report it to our security team before any public disclosure.

Contact: security@blueprint.ai