GrowthFusion
by BlueBerry Tech Inc.

Security & Compliance

Enterprise-grade controls without the enterprise overhead. Encryption by default, role-based access, auditability, and compliance-aligned deployment for US, UK, and EU operations.

Defense-in-Depth

Layered security with hardened services, network isolation, and least-privilege design.

Encryption

TLS in transit and strong encryption at rest for stored data and transcripts.

Access Control

RBAC and scoped credentials; logs to trace configuration and data access.

Data Residency

Region-aware deployment options and vendor selection for regulatory needs.

Audit & Logging

Conversation logs, change history, and review workflows for QA and compliance.

Incident Response

Defined triage, containment, and customer notification procedures.

Compliance (US & UK/EU)

Healthcare (HIPAA)

We support HIPAA‑aligned deployments with compatible vendors that offer BAAs for covered entities and business associates. Final compliance depends on your selected vendors, signed agreements, and internal policies.

GDPR / UK GDPR

We follow data minimisation, purpose limitation, and retention controls. We provide mechanisms to assist with access/erasure requests and document processing purposes appropriate to SMB operations.

PECR (UK) & Telephony Rules

We focus on compliant inbound handling and permitted reminders/follow‑ups. We do not support unsolicited outbound marketing calls in restricted jurisdictions.

Data Processing

On request, we can provide DPA terms for data handling, sub‑processor transparency, and security measures. Contact us to discuss your specific requirements.

Shared Responsibility Model

We provide secure platform capabilities and deployment guardrails. You control data inputs, retention choices, access to your systems, and the operational policies that govern your business. We partner with you to align configuration with your regulatory posture.

  • Our scope: platform security, encryption, logging, controls, deployment guidance.
  • Your scope: data inputs, account access, vendor BAAs/DPAs, retention and consent policies.
  • Joint: risk assessment, rollout plan, monitoring, incident readiness.
LET'S TALK

Stop being the bottleneck
of your own company.

A 30-minute conversation about the operational work eating your week — and whether AI can actually run any of it for you. No demo theatre.