The Trust Centre - Bots For That

1. Overview – Our Commitment to Trust

At Bots For That, we believe trust is earned, not assumed. That’s why we’ve built our automation and AI products with a relentless focus on security, privacy, and reliability.

This Trust Centre is your window into how we operate and the authoritative home for all compliance, security, and data protection materials relating to Bots For That’s automation and AI services. It’s here to give you clarity and confidence, whether you’re a customer, partner, or just kicking the tyres. From encryption and compliance to incident response and data handling, you’ll find the facts here. No smoke and mirrors, no buzzword salad, just the truth.

We know that in the world of accounting, data is currency. So, rest assured, your information is protected by best-in-class systems, monitored by professionals, and handled with the care it deserves.

Welcome to the Bots For That Trust Centre. Building brilliant, securely.

Here you’ll find:

The Privacy Policy and AI Services Privacy Policy
Our Data Processing Addendum (DPA)
The Information Security and Incident Response Policies
The Sub-Processor List
Product-specific data flow overviews (beanies bots vs. houbeanie AI Agents)

Customers and partners should always reference the Trust Centre as the most current source of our governance documentation.

2. Security

At Bots For That, security isn’t a checkbox, it’s a mindset. We build every product and process with protection in mind from day one.

Data Encryption

At rest: All customer data is encrypted using AES-256 encryption when stored.
In transit: We use TLS 1.2+ to secure data as it moves across networks.

Access Controls

We enforce strict permission-based access controls (PBAC) internally.
Employees use multi-factor authentication (MFA) for all systems.
Customer access supports MFA and SSO integration where applicable.

Infrastructure & Hosting

Hosted on AWS and Azure in UK/EU data centres with multi zone availability.
Protected by Web Application Firewalls (WAFs), DDoS mitigation, and monitoring tools.
Regular updates, patching, and vulnerability scanning to maintain a hardened environment.

Testing & Audits

We conduct regular internal security reviews and annual third-party penetration tests.
Findings are remediated promptly, and summary reports are available on request (under NDA).

Incident Response

Our dedicated incident response team monitors systems 24/7.
If something goes wrong, we act fast. Our incident response plan includes customer notification within 72 hours of any data breach.
We’ve never had a notifiable security incident to date.

Development Practices

We follow secure development lifecycle (SDL) practices.
Code is peer-reviewed and tested for vulnerabilities before deployment.
Secrets and keys are stored securely and rotated regularly.

3. Privacy

At Bots For That, we treat your data like it’s our own, with discretion, care, and respect. We don’t sell it. We don’t share it unnecessarily. We don’t save or archive it. It never even leaves your environment if we can help it. And we always process it with a lawful basis.

Data Collection & Use

We only collect personal data that is necessary to provide our services, support our products, or comply with legal obligations.
Data is never used for advertising, profiling, or sold to third parties.

GDPR & UK Data Protection Act 2018

We are committed to full compliance with the UK GDPR and relevant data protection laws.
Our processing is governed by lawful bases such as contract fulfilment or legitimate interest.
We offer Data Processing Agreements (DPAs) to all customers.

Data Retention & Deletion

Data is retained only as long as needed for business or legal purposes.
Customers can request deletion of their data at any time, in line with their rights under data protection law.

Customer Control

Customers own their data, full stop.
You can access, export, or delete your data on request, and we’ll support you every step of the way.

Sub-Processors

We work only with vetted, GDPR-compliant providers.
A full list of our sub-processors, including hosting and support providers, is available here and kept up to date.

Contacting Us

If you have a question about privacy, want to make a data request, or just want to check where your data lives, email us at privacy@botsforthat.com.

4. Compliance

We align to industry-recognised frameworks and stay up to date with evolving regulatory requirements, so you don’t have to worry about nasty surprises.

Certifications & Standards

We are actively pursuing, or currently aligned with, the following standards:

Cyber Essentials (UK) – baseline IT security certification
ISO 27001 – information security management
ICO Registration – registered with the UK’s Information Commissioner’s Office

Note: If we achieve formal certifications (like ISO/SOC 2), we’ll list and link them here with verification.

Policies & Governance

Our Information Security Policy, Acceptable Use Policy, and Incident Response Policy are reviewed quarterly and enforced across all teams.
New team members receive security and privacy training during onboarding, and refresher training is delivered annually.

Vendor Risk Management

All third-party vendors undergo security and compliance checks before onboarding.
Sub-processors are contractually bound by DPAs and required to meet our security standards.

Continuous Monitoring

Security is not a once-a-year thing. We use continuous monitoring tools, audit trails, and internal reviews to ensure ongoing compliance.

5. Reliability & Resilience

Behind every automation and AI service we deliver is a solid infrastructure designed for uptime, continuity, and bounce-back speed when things go sideways.

System Availability

Our core systems are designed for 99.9% uptime.
We use load balancing and auto-scaling to handle spikes in demand without breaking a sweat.

Hosting & Architecture

Hosted on leading cloud infrastructure (AWS and Azure) in UK/EU-based data centres.
High availability architecture with redundancy across availability zones.
Infrastructure-as-Code (IaC) is used to ensure consistent, version-controlled deployments.

Backups & Disaster Recovery

Data is backed up daily, with encrypted snapshots stored in separate secure locations.
Backups are tested regularly to ensure restorability.
We have a tested disaster recovery plan (DRP) with targeted RTO (Recovery Time Objective) and RPO (Recovery Point Objective) metrics.

Metric	Target
RTO (Recovery Time Objective)	≤ 4 hours
RPO (Recovery Point Objective)	≤ 24 hours

Business Continuity

We operate a documented Business Continuity Plan (BCP) to maintain operations during adverse events, including supplier failure, cyber incidents, or physical disruption.
Critical processes are mapped and routinely stress-tested.

Monitoring & Alerting

Continuous monitoring across infrastructure, APIs, application health, and third-party dependencies.
Alerts are triaged with defined escalation paths.
Health checks integrated with CI/CD pipelines to catch issues pre-deployment.

6. Responsible Disclosure

We believe the security community plays a vital role in keeping technology safe. If you’ve found a vulnerability in one of our systems, hats off. We want to hear from you, not hide from you.

Coordinated Disclosure

If you believe you’ve discovered a vulnerability, please report it responsibly to security@botsforthat.com.
Include a clear description of the issue, steps to reproduce it, and your contact details.
We’ll acknowledge receipt within 2 business days and aim to provide a resolution or status update within 10 business days.

Disclosure Policy

We request that you don’t publicly disclose the vulnerability until we’ve had a reasonable opportunity to investigate and fix the issue.
We’ll keep you updated and, if appropriate, publicly credit you for the find (with your permission).

No Bug Bounty (Yet)

We don’t currently run a formal bug bounty programme, but we do take all reports seriously and appreciate the effort involved in keeping systems secure.

7. Trust Documents & Downloads

Here you’ll find key documents that explain how we operate, how we handle your data, and what you can expect when working with Bots For That. If you need something under NDA or have specific due diligence requirements, just reach out.

Document	Description	Status
Privacy Policy	Our commitment to protecting your personal and client data. Covers what we collect, how we use it, and your rights under GDPR	Privacy_PolicyDownload
Privacy Policy – AI Services	Our commitment to protecting your personal and client data using our AI services. Covers what we collect, how we use it, and your rights under GDPR	Privacy_Policy_AI ServicesDownload
Terms of Service	The legal framework for using our products and services. Sets out mutual obligations, limits of liability, and your rights as a user.	Terms_of_ServiceDownload
Data Processing Addendum (DPA)	Our GDPR-compliant DPA, ready to sign. Outlines how we act as a processor on your behalf, including sub-processor details and breach notification terms.	Data_Processing_AddendumDownload
Information Security Policy (Summary)	A high-level overview of our internal security practices, controls, and access management procedures.	Information_Security_PolicyDownload
Acceptable Use Policy (AUP)	Defines how our services can and cannot be used. Helps protect everyone from misuse and abuse.	Acceptable_Use_PolicyDownload
Sub-Processor List	A list of third-party services we use to deliver our platform (e.g. hosting, analytics, support tools), with purpose, location, and compliance status.	Sub-Processor_ListDownload
Incident Response Policy (Summary)	Explains how we detect, respond to, and report security incidents, including customer communication timelines.	Incident_Response_PolicyDownload

8. Security & Trust FAQs

A quickfire Q&A covering the most common questions we get from IT teams, data protection officers, and procurement leads. If you can’t find what you need, drop us a line at security@botsforthat.com.

Security & Infrastructure

Q: Where is Bots For That hosted?
A: We’re hosted on AWS and Azure in UK/EU-based data centres with high availability, redundancy, and 24/7 monitoring.

Q: How is customer data protected in transit and at rest?
A: All data is encrypted in transit via TLS 1.2+ and at rest using AES-256 encryption.

Q: Do you perform penetration tests?
A: Yes. We conduct regular internal security reviews and annual third-party penetration tests, with remediation tracked and verified.

Q: How do you handle vulnerabilities or threats?
A: We operate a formal vulnerability management process with patching SLAs and a documented incident response plan.

Access & Controls

Q: Who at Bots For That can access our data?
A: Only authorised personnel, on a least-privilege basis, under strict PBAC controls. Access is logged and reviewed regularly.

Q: Do you support SSO or MFA for customer logins?
A: Yes. We support both Single Sign-On (SSO) and Multi-Factor Authentication (MFA) to keep access secure.

Privacy & GDPR

Q: Is Bots For That GDPR compliant?
A: Yes. We comply with the UK GDPR and the Data Protection Act 2018. We provide a standard DPA and support customer rights requests.

Q: Where is our data stored?
A: Data is stored securely in the UK/EU. We do not transfer customer data outside these regions without safeguards.

Q: Can I delete my data?
A: Yes. We offer full data deletion on request, in line with GDPR requirements.

Compliance & Policies

Q: What certifications do you hold?
A: We are working towards Cyber Essentials certified and aligning with ISO 27001. ICO registration and GDPR adherence are in place.

Q: Can I review your Trust policies and terms?
A: Yes, see our Trust Documents & Downloads section for our Privacy Policy, DPA, Security Overview, and more.

Support & Resilience

Q: What is your uptime guarantee?
A: We target 99.9% uptime. Our systems are built with redundancy and monitored 24/7.

Q: How often do you back up data?
A: Backups are taken daily, encrypted, and stored securely in separate locations. We test restorability regularly.

Q: Do you offer service-level agreements (SLAs)?
A: Yes. SLAs are included in our commercial contracts. Custom terms available for enterprise clients.

9. Questions or Need Support?

We’re here to help, whether you need a custom security pack, want to review our DPA, or just have a few awkward procurement questions you need to tick off.

Contact Us

General enquiries: hi@botsforthat.com
Security or compliance questions: security@botsforthat.com
Data privacy requests (e.g. access, deletion): privacy@botsforthat.com

Need something under NDA? Just let us know, we’re happy to accommodate enterprise security reviews or legal workflows.

Version & Change Log

Version	Description	Date
1.0	Initial Trust Centre draft published	May 2025
2.0	Updates Made to Trust Centre T&Cs	October 2025