Trust & Security
Security and compliance at BA Copilot
How BA Copilot keeps your process maps, prompts, and account data safe — the controls we run, the providers we rely on, and the documents you can request from our team.
Last updated 2 May 2026Compliance overview
Current status across the frameworks we operate against.
GDPR
Aligned
BA Copilot Ltd acts as a Data Processor under our standard DPA, with Standard Contractual Clauses or EU–US DPF coverage for international transfers.
NIST Cybersecurity Framework
Aligned
Practices map to NIST CSF (Identify, Protect, Detect, Respond, Recover) across our infrastructure and operations.
SOC 2 Type II
Partial
Our key infrastructure providers (Supabase, Vercel, Stripe) hold SOC 2 Type II today. We are preparing for SOC 2 Type II certification now.