Enterprise Security

Enterprise-grade security for your code and data.

Built for regulated industries and security-conscious engineering teams. Encryption at rest and in transit, Zero Data Retention, full privacy controls, abuse monitoring disabled, and deployment options that keep your source code inside your boundary.

Contact Sales Explore Security

Encryption at rest and in transit

All data at rest is encrypted with `AES-256`. Every request — API, IDE, CLI, Cloud agent, and mobile — is encrypted with `TLS 1.3`. Keys are managed in AWS KMS with automatic rotation, and Enterprise plans can bring their own keys (BYOK/CMK) for full cryptographic control.

End-to-end chat encryption is available on Pro Plus and above. Enterprise adds zero-knowledge architecture, which means not even Blackbox can decrypt your prompts or completions. Encryption keys are isolated per tenant and never shared across workspaces.

enterprise — encryption

# Every request, every byte — encrypted

→ TLS 1.3 handshake established

→ cipher suite TLS_AES_256_GCM_SHA384

→ at-rest encryption AES-256-GCM

→ key management AWS KMS • auto-rotate 90d

→ customer-managed keys BYOK enabled

→ end-to-end chat zero-knowledge

✓ Even Blackbox cannot read your prompts

Zero Data Retention and privacy controls

Pro and above workspaces run in Zero Data Retention mode by default — prompts, code, and completions are processed in memory and discarded after the response. Nothing is logged, nothing is stored, and Blackbox never trains its own models on your data. The Enterprise ZDR tier additionally disables abuse monitoring and adds contractual training-opt-out commitments with upstream providers, wherever the provider's API supports it.

Training opt-out is on by default. Per-workspace retention controls let admins choose between `0-day`, `30-day`, or custom windows. Data residency can be pinned to US or EU regions, and strict workspace isolation ensures your repositories never leave your tenant boundary.

security — data controls

Zero Data Retention enabled

Training opt-out

Retention window

Regional data residency

Workspace isolation

Abuse monitoring off + compliance

On the Enterprise ZDR tier, abuse monitoring is disabled — no human review, no prompt inspection, no side-channel logging. Blackbox's `SOC 2 Type II` and `ISO 27001` audits are currently in progress, and we are `GDPR` and `CCPA` compliant, with `HIPAA` BAAs available on request.

SSO via SAML 2.0 (Okta, Azure AD, Google Workspace, OneLogin), SCIM for automated user lifecycle, fine-grained RBAC, and tamper-evident audit logs streamed to your SIEM. Deployment options include dedicated VPC, on-premise, and fully air-gapped environments with no outbound internet required.

compliance — trust center

Abuse Monitoring

OFF

Enterprise ZDR tier

SOC 2 Type II

In Progress

Annual audit cadence

ISO 27001

In Progress

Information security mgmt

GDPR • HIPAA

Compliant

BAAs available on request

FAQ

Common Questions.

WHAT DOES ZERO DATA RETENTION (ZDR) ACTUALLY MEAN?

Zero Data Retention means your prompts, code context, and model completions are processed in memory and discarded after the response is returned — nothing is written to disk, nothing is retained by Blackbox. ZDR is enabled by default on Pro and above. The Enterprise ZDR tier additionally disables abuse monitoring, adds contractual training-opt-out commitments with upstream providers, and enforces ZDR end-to-end across the API, IDE, CLI, Cloud agent, VS Code extension, and mobile app.

IS MY CODE USED TO TRAIN AI MODELS?

No. Training opt-out is the default on every plan — your code is never used to train Blackbox models. Enterprise contracts include contractual training-opt-out commitments with every upstream model provider we route to, wherever the provider's API supports it.

IS ABUSE MONITORING REALLY TURNED OFF?

Yes. On the Enterprise ZDR tier, abuse monitoring and human review are disabled. For regulated customers who cannot tolerate any side-channel prompt inspection, this is committed contractually and enforced technically at the infrastructure layer.

HOW IS DATA ENCRYPTED?

All data at rest uses AES-256 encryption with keys managed in AWS KMS. All data in transit uses TLS 1.3 with modern cipher suites and certificate pinning on mobile clients. Enterprise plans support customer-managed keys (BYOK/CMK), end-to-end chat encryption, and zero-knowledge architecture so even Blackbox infrastructure cannot read your content.

WHAT DEPLOYMENT OPTIONS ARE AVAILABLE?

Enterprise customers can deploy Blackbox in a dedicated VPC within our infrastructure, on-premise inside their own data center, or in a fully air-gapped environment with no outbound internet. Regional data residency is available in US and EU, and self-hosted Git integrations (GitHub Enterprise Server, GitLab self-managed, Bitbucket Data Center) are fully supported.

DOES BLACKBOX SUPPORT SSO, SCIM, AND RBAC?

Yes. Enterprise plans include SAML 2.0 SSO with Okta, Azure AD, Google Workspace, OneLogin, and any other SAML-compliant provider. SCIM 2.0 automates user and group provisioning, and fine-grained RBAC lets admins control access to repositories, models, and agent capabilities per team or individual. Microsoft-first organizations can also see our dedicated Microsoft Partner page for Azure AD / Entra ID deployment details.

WHAT COMPLIANCE CERTIFICATIONS DO YOU HOLD?

Blackbox's SOC 2 Type II and ISO 27001 audits are currently in progress with an annual third-party audit cadence. We are GDPR and CCPA compliant, and HIPAA BAAs are available for healthcare customers. Interim audit letters, current scope, and a full list of subprocessors are available under NDA — contact enterprise@blackbox.ai to request access.

ARE AUDIT LOGS AVAILABLE?

Yes. Tamper-evident audit logs capture every authentication event, agent execution, repository access, model invocation, and configuration change. Logs can be streamed in real time to your SIEM (Splunk, Datadog, Sumo Logic, Elastic) via webhook or exported to S3. Retention is configurable from 30 days to 7 years.

Start with BLACKBOX

Join 30M+ developers building with BLACKBOX AI.

Get Access Read Docs