Security and Data Protection at Boafo Agent
Boafo Agent is operated by DefendVista Ltd, a UK cybersecurity consultancy (company number 17064284, ICO registration ZC101247). Your AI Employee handles real customer conversations, so we treat that data the way a security-led B2B SaaS should: tenant isolation, encryption in transit and at rest, documented sub-processors, and a clear path to export or delete data on demand.
Live in production with real customers. Trained on your business before launch.
What's getting in the way today
- Customer conversations are sensitive; vendors must not mix them across tenants.
- EU and UK buyers need data hosted in the right region.
- GDPR and the UK Data Protection Act require export and deletion on request.
- AI vendors that train on your prompts by default are a leak risk.
- Procurement teams need a clear, auditable security posture, not vague claims.
How Boafo Agent secures your AI Employee data
Who we are: Boafo Agent is operated by DefendVista Ltd, a UK cybersecurity consultancy registered at 124 City Road, London, EC1V 2NX (company number 17064284). Our team's day job is defensive security, which shapes how the product is built.
Every customer is a separate tenant. Conversations, leads, calendar bookings and admin data are isolated using row-level security in the database, so no tenant can ever read another tenant's data, even through the API.
Hosting: application data is stored in a managed Postgres database in the European Union with encryption at rest and TLS 1.2+ in transit; edge routing runs on Cloudflare with primary UK and EU points of presence. Secrets and API keys are stored in a managed vault, never in code.
We do not train shared AI models on your customer conversations. Your data powers your AI Employee, not anybody else's.
Export and deletion are first-class operations. You can pull every conversation and lead as JSON or CSV from the admin console, and request full deletion at any time with confirmation.
Data Processing Agreement: a DPA aligned with UK GDPR Article 28 and the EU SCCs is available on request for all business customers before go-live. Our current sub-processor list and the transfer safeguards for each are published in the Privacy Notice.
Breach notification: we commit to notifying affected customers without undue delay and, where required, within 72 hours of becoming aware of a personal data breach, in line with UK GDPR Article 33 obligations.
Example conversation
Why teams choose Boafo Agent for this
Tenant isolation via RLS
Row-level security in the database means no cross-tenant data access, ever.
Data residency
Application data stored in a managed European Union region.
Encryption in transit and at rest
TLS 1.2+ in transit and provider-managed encryption at rest on all stored data and backups.
No shared model training
Your conversations are never used to train other tenants' models.
Export and delete on demand
Pull all your data as JSON or CSV; request full deletion at any time.
Managed secrets
API keys and credentials live in a managed vault, never checked into code.
DPA on request
A UK GDPR Article 28 Data Processing Agreement is available for business customers on request.
Operated by a UK cybersecurity consultancy
DefendVista Ltd, company number 17064284, registered in England.
Where the ROI shows up
Security is not a paid add-on. Every tenant on Boafo Agent gets the same isolation, encryption and data-residency posture, including on the entry plan.
AddressCore and other Boafo customers run in production today under the same tenant isolation and data-residency model described on this page.
Read customer stories →The pillar Boafo Agent solution: answer every call, qualify the caller, book the meeting.
Learn more →Score and route inbound leads the moment they land.
Learn more →Turn website visits and replies into booked time on your calendar.
Learn more →Run discovery, follow up, and progress deals 24/7.
Learn more →Resolve tier-1 questions instantly across phone, chat, and email.
Learn more →One virtual AI receptionist across your phone, site and inbox, trained on your business.
Learn more →Frequently asked questions
Is Boafo Agent aligned with UK GDPR and the Data Protection Act?
Yes. Boafo Agent is operated by DefendVista Ltd. Tenant isolation is enforced at the database level, sub-processors are documented in the Privacy Notice with transfer safeguards, and export and deletion are available on demand. A DPA is available on request.
Where is data hosted?
Application data sits in a managed Postgres database in the European Union with edge routing via Cloudflare. Other regions may be available on request for higher-tier plans.
Do you train shared AI models on our data?
No. Your customer conversations are used to power your AI Employee only. They are never used to train shared or third-party models.
How is data isolated between tenants?
Every row in the database is tagged with a tenant ID and enforced by row-level security policies. No tenant can read another tenant's data via the app or the API.
How do we export or delete our data?
Export is a one-click action from the admin console (JSON or CSV). Deletion is requested from the admin console and confirmed in writing.
Do you support DPAs?
Yes. DefendVista Ltd signs a Data Processing Agreement aligned with UK GDPR Article 28 before you go live on paid plans.
Do you have SOC 2 or ISO 27001?
Formal certification is on the roadmap. We follow the controls and document them in our security posture; talk to us if you need the full questionnaire.
What about sub-processors?
Our current sub-processors are listed in the DPA. Material changes are communicated to customers in advance.