eAuditor WEB AI
eAuditor WEB AI
cloud trust2026-01-08T15:25:45+01:00

Welcome to eAuditor cloud® Trust Center!

eAuditor Cloud center

Table of contents

Overview

At eAuditor Cloud®, trust is the foundation of everything we do. In our Trust Center, you can see how we protect your data, ensure compliance, keep the system reliable, and stay transparent about how our platform works.

Compliance

ISO 27001:2022
ISO/IEC 27017:2015
ISO/IEC 27018:2019
ISO/IEC 27032:2012
HIPAA
SOC 2 Type II
Texas Risk and Authorization Management Program (TX-RAMP)
GDPR Compliance
CCPA
Cloud security certificate
Data Security
Data Encrypted In-Transit
Password Encryption
View all Data Security controls
Infrastructure Security
Physical Access Control
Multi-tenant Architecture
Availability and Redundancy
View 1 more Infrastructure Security controls
Application and Development Security
Change Management
Penetration Testing
View all Application and Development Security controls

Subprocessors

View all subprocessors ›
OVHcloud
Stripe
Google
Microsoft Entra
OpenAI

Resources

Compliance
eAuditor cloud application security certificate

Controls

Data Security

Control Status
Data Encrypted In-Transit
Data in-transit is encrypted using TLS 1.3
Password Encryption
User account passwords are encrypted and hashed with a SHA-256 algorithm.

Infrastructure Security

Control Status
Physical Access Control - Data Center
eAuditor cloud operates on OVHcloud data center infrastructure that meets strict regulatory and industry requirements. This means our customers’ data is processed in an environment compliant with international standards for security, privacy, and availability.
Multi-tenant Architecture
BTC operates on a multi-tenant architecture, where customer environments are logically isolated to ensure data privacy and security.
Availability and Redundancy
Designed with high availability and redundancy in mind to ensure service continuity and minimal downtime, the eAuditor cloud platform is hosted in an OVHcloud data center located in Ożarów Mazowiecki (Kazimierza Kamińskiego 6, 05-850 Ożarów Mazowiecki, Poland). The facility is operated by OVHcloud sp. z o.o. and holds, among others, ISO 27001, ISO 27017, ISO 27018, ISO 27701 certifications, as well as SOC 1/2/3 standards (status as of 13.11.2025). More information: OVHcloud Compliance and Certifications.
eAuditor cloud uses load balancing modules to efficiently distribute traffic, optimize performance, and maintain service stability under varying loads. Redundant systems and infrastructure minimize the impact of potential failures. Together, these measures create a resilient platform customers can rely on, ensuring uninterrupted access and consistent performance.
Vulnerability Scans
BTC performs continuous vulnerability scanning to identify and remediate security issues.

Application and Development Security 

Control Status
Change Management
BTC follows a structured change management process ensuring all updates, configurations, and changes to its production and corporate environments are reviewed, tested and securely implemented to minimize risk and uphold security integrity.
Penetration Testing
BTC conducts annual applicative penetration testing through an independent third-party provider.
Environment Separation
BTC's infrastructure is segmented into distinct environments for development, production and QA operations, minimizing risk and limiting access between environments.

AI Security 

Control Status
AI Model
eA Intelligence uses artificial intelligence services (ChatGPT) solely for data analysis, classification, and interpretation, and only upon the explicit request of the user. Data processed as part of eA Intelligence is transferred outside the eAuditor cloud system to the OpenAI service.
The use of eA Intelligence is optional and available in the base version of the system.
Data Isolation
Each tenant’s knowledge base, scripts, logs, and configurations are stored in a dedicated database.

Privacy

Control Status
GDPR
BTC is committed to protecting the privacy of its customers and, where applicable, complies with the EU General Data Protection Regulation (GDPR).
Data Processing Addendum
BTC's comprehensive Data Processing Agreement (DPA) sets forth the obligations and conditions related to the processing of personal data. Our DPA is available here. To request a signed DPA, please contact: iod@btc.com.pl
Data Protection Officer (DPO)
BTC has an appointed DPO that can be contacted by e-mailing: iod@btc.com.pl
Data Removal Requests
Should a customer ever decide to delete their BTC account, they may do so by emailing iod@btc.com.pl. Once an account is terminated, any association between the account and stored personal data will no longer be accessible through the account.
Subprocessors
BTC may engage with third-party data processors to support the delivery of services to customers. These sub-processors may have access to customer-provided personal data solely for the purpose of performing their contracted responsibilities. See the full list of sub-processors.
Privacy Policy
BTC’s Privacy Policy outlines how we collect, use, store, and protect personal data in accordance with applicable privacy laws and regulations. It reflects our commitment to transparency, user rights, and responsible data handling practices.

Product Security

Control Status
Password Complexity
When registering at https://app.eauditor.eu/register, users are required to set a password that complies with a defined security policy. The password must be at least 8 characters long and include at least one uppercase and one lowercase letter (A-Z, a-z), at least one digit (0-9), and at least one special character such as @ # $ % ! ?.
Multi-Factor Authentication
BTC mandates Multi-Factor Authentication (MFA) to provide an added layer of security and protect user accounts from unauthorized access.

Corporate Security

Control Status
DLP
BTC leverages Full Endpoint Protection to guard against advanced threats aimed at employee endpoints. All devices are continuously monitored for suspicious behavior, enabling rapid detection and containment of potential incidents. These advanced security measures help preserve the integrity of BTC systems and protect sensitive data throughout the organization.
Principle of Least Privilege
BTC enforces Role-Based Access Control to ensure that employees have access only to the resources necessary for their job functions. Access rights are granted based on the principle of least privilege, minimizing exposure to sensitive systems and data.
Physical Access Control
BTC implements strict physical access controls to safeguard its offices.
Workstation Encryption
All corporate workstations at BTC are fully encrypted to protect sensitive data and prevent unauthorized access.

Subprocessors 

OVHcloud sp. z o.o.
Cloud infrastructure and data centre provider. Responsible for hosting, availability, physical and network security of the environment in which eAuditor cloud operates.
Stripe
Electronic payment operator. Used for payment and settlement processing. eAuditor cloud does not process or store payment card data.
Google Workspace
Used to handle system logins, secure user accounts, and support processes related to authentication and access security.
Microsoft Entra ID
Identity and authentication management service. Used in login processes, identity integration and system access security, as well as importing data to eAuditor cloud, such as users, devices, and organisational structure.
OpenAI (ChatGPT)
Artificial intelligence services used as part of the eA Intelligence function. Used to analyse, classify and interpret data in response to user queries.

Questions and answers

What security gap mitigation features does eAuditor cloud offer?2025-12-22T08:45:47+01:00

eAuditor cloud offers advanced DLP (Data Loss Prevention) mechanisms that help reduce the risk of data leakage and unauthorised use. The system allows you to monitor data operations, enforce security policies, and respond to potential breaches in accordance with the administrator’s configuration.  

A detailed description of DLP features is available in the documentation: [link to DLP documentation] 

Where can I find a list of subprocessors who may access customer data?2026-01-08T08:46:41+01:00

The current list of subprocessors used within the eAuditor cloud is available in the Subprocessors section at: Link

Who can access customer data?2025-12-22T08:43:57+01:00

Access to customer data is strictly limited to authorised personnel of BTC sp. z o.o. who need this data solely for the purpose of customer service, service maintenance or the fulfilment of legal obligations. Access is granted in accordance with the principle of minimum privileges and is subject to control. 

How can customers update or correct personal data stored by BTC sp. z o.o.?2025-12-22T08:43:15+01:00

Customers can independently update their personal data, such as contact details, billing information, or login-related data, directly in the eAuditor cloud account settings. 

If additional corrections are required or if there are any questions regarding the processing of personal data, customers can contact BTC sp. z o.o. directly at [email protected] 

How can BTC sp. z o.o. customers using eAuditor cloud respond to potential security issues or vulnerabilities?2025-12-22T08:52:23+01:00

If a customer suspects a security vulnerability or notices a potential security-related issue in BTC sp. z o.o. services, they can report it directly to the support team by sending an email to [email protected] 

BTC sp. z o.o. supports responsible vulnerability disclosure and follows a structured process for receiving, analyzing, and handling security reports. Each report is verified, and if an issue is confirmed, appropriate remediation actions are taken. 

Does eAuditor cloud support session time limits?2025-12-22T08:47:01+01:00

Yes. A user session is automatically terminated after 20 minutes of inactivity. Five minutes before the session expires, the system displays a visible warning, allowing the user to maintain continuity of work. 

Is one customer’s data accessible to other customers?2025-12-22T14:49:37+01:00

No. Each customer has their own separate database in the OVHcloud cloud environment. The eAuditor cloud agent connects only to the assigned customer instance using an individual identifier, which prevents access to other customers’ data.

Is each customer’s data logically isolated?2025-12-22T14:50:19+01:00

YesAll customer data is logically isolated within the cloud environment. Isolation includes application data, configurationslogs, and operational informationensuring complete separation between customers using the service. 

Can eAuditor cloud agents make changes to client endpoints or systems?2025-12-22T14:50:28+01:00

The eAgent service runs on the endpoint as a system service, i.e. with high technical privileges. However, eAgent itself does not make any changes that would affect the operation of the station or the user. It only performs actions resulting from the system configuration.  

Administrative changes on endpoints can be made by the system administrator on the client side using the remote management function. The scope of these actions depends on the permissions granted and the system configuration. eAuditor cloud does not perform such operations automatically or without the administrator’s decision.   

The tool provides possibilities, but it is the client who decides how and whether to use them. 

How does BTC sp. z o.o. protect confidential or personal information entered the eAuditor cloud system?2025-12-22T14:50:35+01:00

Data protection in eAuditor cloud is based on a combination of technical and organisational security measures and regular security audits. Data is transmitted in encrypted form, logically separated between customers and processed in a certified cloud infrastructure. The security of the system is additionally verified through independent vulnerability and penetration tests. Access to the system is protected by authentication mechanisms, including multi-factor login, and user sessions are automatically terminated in case of inactivity. 

Does eAuditor cloud provide logs for data auditing?2025-12-22T14:50:44+01:00

Yes. Audit logs are available only to users with appropriate permissions granted in the system. The scope of visible data depends on the user’s role, and logs can be exported for auditing, control, or internal analysis purposes. 

Is customer data used to train AI models belonging to BTC or third parties?2025-12-22T14:49:10+01:00

No. Customer data is not used to train AI models belonging to BTC or any third parties.   

The exception is the eA Intelligence feature, which uses artificial intelligence services (ChatGPT) solely for the analysis, classification and interpretation of data at the express request of the user. In this case, the data is transferred only in the context of a specific query, is not permanently stored on the AI service side, and is not used to train models. Data processed within eA Intelligence is transferred outside the eAuditor cloud system to the OpenAI service.   

The use of eA Intelligence is an optional feature available in the basic version of the system. 

Enterprise-class, cloud based
IT management software

Newsletter eAuditor cloud®

    Więcej informacji w polityce przetwarzania danych osobowych.

    © Copyright 2012 -2026 BTC Sp. z o.o. All Rights Reserved