Back to Legal

Security Addendum

Last Updated: August 1, 2025

This Security Addendum (“Addendum”) describes the technical and organizational measures implemented by Blend Lab FZE (“Bunud”, “we”, “our”) to protect Customer Data processed in connection with our Service (as defined in the Platform Agreement or Data Processing Addendum). This Addendum forms part of our agreement with each Customer and reflects our security commitments in line with reasonable industry standards.

1. General Security Approach

Bunud adopts a risk-based, pragmatic approach to security based on the nature of our services and infrastructure. While we do not operate a dedicated security operations center, we implement commercially reasonable security practices to protect Customer Data from unauthorized access, loss, misuse, or alteration.

2. Access Controls

  • Access to production systems is limited to authorized personnel only.

  • Role-based access controls are applied where possible.

3. Data Encryption

  • Data in transit is encrypted using TLS 1.2 or higher.

  • Sensitive data at rest is encrypted using AES-256 or equivalent standards where applicable.

4. Infrastructure and Hosting

  • Bunud utilizes established cloud infrastructure providers (as listed in our Subprocessor List).

  • Providers are selected based on their compliance with leading certifications such as ISO 27001 or SOC 2, where applicable.

5. Backup and Recovery

  • Regular backups are performed for critical systems and customer data.

  • Backups are stored securely and tested periodically for integrity and recoverability.

6. Monitoring and Logging

  • Bunud maintains internal logging of relevant system activities for performance and security review.

  • Logs are retained in accordance with internal policies and are accessible to authorized team members only.

7. Personnel and Training

  • Team members handling sensitive systems receive onboarding and periodic training on data handling and security best practices.

  • All personnel are bound by confidentiality obligations.

8. Incident Response

  • In the event of a suspected data breach, Bunud will:

    • Investigate the incident promptly.

    • Notify affected Customers without undue delay if required by applicable law.

    • Provide relevant information about the scope, impact, and remediation actions.

9. Customer Responsibilities

  • Customers are responsible for:

    • Configuring their environments securely.

    • Managing user roles and access permissions.

    • Avoiding the transmission of sensitive data via unapproved channels (e.g., support tickets or email).

    • Not uploading regulated data categories unless permitted by written agreement.

10. Updates and Contact

This Security Addendum may be updated from time to time to reflect evolving practices. Any material changes will be posted at www.bunud.ai/legal/security.

Questions or concerns: legal@bunud.ai